40 Posts
0
1138
Keystore options during a Networker code upgrade
We plan to upgrade Networker Server to the current target code 19.2.1 from 19.1.1 (Yes I know they have the same EOSS date.) I have one question about the keystore and its password. In the code upgrade guide, it seems when you run the new code package file, there is a step you need to ‘Configure NetWorker Authentication Service Keystore’, and you can either choose ‘To create a keystore file’ or ‘To use an existing keystore file’. Will creating a new keystore break something existing? If I understand well, there are two certificates: ‘emcauthctomcat’ and ‘emcauthcsaml’ stored in this keystore. What are their purpose? How are they being used? What is a better choice: create a new one or use the existing one during the code upgrade?
bingo.1
2.4K Posts
0
August 29th, 2020 05:00
Actually, I have never tested what will happen if you create a new keystore database. Why? - because it would just not follow the upgrade procedure. In NW, updating/upgrading means in general:
- remove the old software version (binaries & DLLs) but leave all databases behind
- install the new software and start the programs which will convert the databases, if necessary
Well - in Windows, the process looks a bit different for the user but in general it follows the same track. The idea is not to change anything which is not necessary.
To answer your question: I would strongly recommend to use the same/existing keystore.
crazyrov
4 Operator
4 Operator
•
1.3K Posts
0
August 30th, 2020 05:00
To add to what @bingo.1 has suggested, starting from 19.3 NetWorker does not force you to re-run the configuration script for authc not for NMC anymore. We have created new keystore for some of our customers where they have forgotten the earlier keystore password and haven't got any issues yet.
crazyrov
4 Operator
4 Operator
•
1.3K Posts
0
August 29th, 2020 00:00
@ChiXC, There is no much harm in creating a new keystore except that it also stores the trust established with other authc servers. If this is the case then you would just have to re-establish the trust again once the keystore is changed. There is nothing called a better choice - its your choice, you can either stick to the original keystore so that you can continue using the trust as is or re-establish the trust with the new keystore.
ChiXC
40 Posts
0
August 29th, 2020 07:00
ChiXC
40 Posts
0
August 29th, 2020 08:00
@bingo.1Thanks for your reply as well. I am surprised to learn that a Networker code upgrade requires a removal of the previous code. I didn't see this requirement neither in "Updating to NetWorker 19.2 from a Previous NetWorker Release Guide", nor in the upgrade procedure generated by EMC SolVe procedure generator. In my test, I just ran the installation package file of the new version on the Networker server and it worked. Is the old software removal absolutely necessary? (Sorry I just started to work with Networker and don't have a lot of real experiences.)
bingo.1
2.4K Posts
0
August 29th, 2020 23:00
Well – just install a linux server and follow the instructions. Her you clearly see the principle behind it. And you do have no way out.
Windows just covers the same procedure underneath a big blanket. But if you carefully watch the messages during the installation/update process, you will discover these ‘secrets’ pretty soon.
May I just convince you to install a test server where you can play with the product. NW will work for 90 days without any license and you can build a lot of experience without disturbing your production system.
Good luck …
ChiXC
40 Posts
0
September 1st, 2020 07:00
@bingo.1Thanks for your suggestion. I did create a testing environment in Azure and went through the upgrade process. That was why I was surprised by the need of removing the old code as I haven't had done that during the testing. Regarding the keystore, the upgrade procedure said creating a new keystore or using the existing one, my single server testing environment would not show any difference.