InTrust 11.6 - Upgrade Guide

General Upgrade Information

Upgrade is supported for the following InTrust versions:

• 11.5.1
• 11.5.0
• 11.4.2
• 11.4.1 with or without Update 1
• 11.4
• 11.3.2
• 11.3.1
• 11.3

This guide describes upgrading extended InTrust deployments.

Upgrading Your InTrust Organization

• Before You Start
• Step 1: Database Preparation
• Step 2: Upgrade the First InTrust Server in Your InTrust Organization
• Step 3: Upgrade the Other Servers
• Step 4: Upgrade the Agents
• Step 5: Upgrade InTrust Monitoring Console

• Step 6: Enabling FIPS compliant algorithms

InTrust 11.6 now supports FIPS approved hashing algorithms and encryption algorithms. For a fresh installation, the FIPS compliant algorithms are enabled automatically. For an upgrade from older versions (11.5.1 or below), you need to run InTrustFIPSMigratorTool and adcorgpwd tools available in the SupportTools folder of installation folder and follow steps mentioned in Upgrade Guide. Once FIPS compliant algorithms are enabled, they will remain enabled and cannot be changed back to Non-FIPS algorithms. Please refer the Upgrade Guide for more details.

Before You Start

Follow the below steps before performing an upgrade (11.6.0 version):

1. Run the InTrustFIPSMigrator Tool (refer page number 15 of this guide).

2. Uninstall the all the previous version InTrust components.

   Note:In-Place Upgrade 11.6.0 will not support Server & AeCDSuiteLauncher (Extended Suite).

3. Clean-up the Temp folder & restart the machine

   important: In case of an upgrade, cleaning up the temp folder and restarting the system is a mandatory step.

Proceed with installation of 11.6.0 Version as below:

1. While Installing 11.6.0 full suite or Individual server msi, select “join” and click on “Search for existing organization by InTrust configuration database”

2. And then select old organization name, respective database for old organization and continue further.

   

   

To upgrade your installation of InTrust, you have to upgrade all InTrust servers in your organization using the InTrust suite setup. Below are several recommendations on the steps you should take before starting the upgrade procedure.

• Consider the accounts under which you are going to run setup. All the accounts you are going to use must be listed as InTrust organization administrators. For one of the InTrust servers you are going to upgrade, do the following:
• If the computer where you are going to upgrade InTrust Server or InTrust Manager is a SQL server, then make sure in advance that the installed version of SQL Server Native Client is no earlier than the version required by InTrust 11.6.0; version 11.0.6538.0 of the client is redistributed with InTrust.

Things to Remember

Note the following specifics, which you should be aware of throughout the upgrade process:

• If you are upgrading from version 11.3.2 or earlier, don't enable InTrust self-audit until all InTrust servers have been upgraded. Otherwise, self-audit events logged during the transition period may be useless.
• Think in advance about the account you are going to use for running InTrust setup to perform the upgrade. This account must have sufficient privileges to modify the SQL Server databases that InTrust uses. A new InTrust version can introduce changes into the database schema, so use a powerful enough account to apply those changes. To choose the account, consider the following tips:
  • If the initial deployment of InTrust involved running the bundled database configuration scripts with minimal sufficient privileges, then repeat the procedure with the same privileges using the scripts bundled with the target release, as described in Providing Database Access.
  • If the initial deployment of InTrust was performed under an account with dbo rights, then use an account with dbo rights for the upgrade also.
  • If you don't know how the InTrust databases were initially configured, use an account with dbo rights for the upgrade. Note that subsequent upgrades will also require such an account.

What Happens When Configuration Objects Receive Updates

For predefined configuration objects (such as tasks, real-time monitoring rules and data sources), it is InTrust policy not to overwrite their existing versions with the updated versions during upgrade. This approach ensures that your configuration, which is most likely customized, keeps working without changes during and after the upgrade, but it also means that in the usual course of an upgrade, these changed objects do not end up in your InTrust infrastructure.

InTrust releases newer than your current version may include fixed or enhanced versions of out-of-the-box configuration objects. If an InTrust version introduces any significant changes to such objects, the details are described in the Release Notes for that version, in the Enhancements and Resolved Issues topics. Check these topics to find out what exactly has changed in the configuration objects.

If you want the newer versions of such objects and you find that the upgrade has not deployed them, contact Quest Support for recommendations on the procedure that will best suit you.

Step 1: Database Preparation

If you plan to work with InTrust accessing the databases under a dbo account, you can proceed to Step 2.

Otherwise (that is, if your InTrust databases were accessed using a non-dbo account or you plan to use such an account when working with InTrust), take the following steps:

1. Have your database administrator run the following scripts on your InTrust databases:
   1. On the configuration database:
      • configdb.sql
      • InTrust9_0_configuration_schema.sql
   2. On the audit database(s):
      • auditdb.sql
      • ITFE80_EventsData.sql
   3. On the alert database(s)
      • alertdb.sql
      • InTrust9_0_alerts_schema.sql

2. Have your database administrator assign the database roles to those accounts planned for database access in accordance with the Minimal Rights and Permissions Required for InTrust Operations topic.