The objective of this article is to provide a series of validations (via a checklist) to be performed before performing an upgrade of the PGP Universal Server. Running these validations prior to upgrading should minimize issues with the upgrade process.
Note that this is not an exhaustive list, since client deployments vary widely, but does include general best practices.
It is recommended that a test environment be set up so you can the upgrade process prior to upgrading a production server.
The test environment should focus on the validating the following areas:
Validate the network configuration.
Validate the effect of the migration on production backup data.
Validate the schema of the upgraded test server and generate repair scripts
Test new features.
The rest of this document provides specific steps needed to perform the above validations.
This document assumes that:
Web access to the PGP Universal Server (administrative console) is functioning correctly.
SSH access to the PGP Universal Server has been set up.
Some checklist points in this document require access to the administrative console while others require SSH access to the PGP Universal Server. Therefore this checklist has been divided into two sections: one containing all points pertaining to the administrative console and the other containing points that would be executed on the PGP Universal Server via SSH.
SECTION 1: ADMINISTRATIVE CONSOLE CHECKLIST
In the administrative console, select System > Network
1.Interface – Physical Adapter:
It’s recommended that Interface 1 have eth0 as Physical Adapter value.
Most configurations, tested and deployed, have this configuration and any variation from this, results in potential risk.
Ensure that every network interface is configured correctly.
The link speed is usually set to “Auto”. If it’s set to a configuration with suffix “Half” please make sure that there is a good reason to do so.
Incorrect settings might lead to the “Duplex Mismatch” problem
Every Ethernet interface must have at-least one fully qualified DNS server.
Both forward and reverse lookups (DNS A record and PTR record respectively) for the current PGP Universal Server must be correctly configured in the DNS server.
In the administrative console, select Keys > Organization Keys > Organization Key > Export > Export Keypair
Before you upgrade your PGP Universal Server, be sure back up the Organization key pair. Make sure that both the public and the private key portions of the Org key pair have been backed up (as opposed to exporting only the public key part).
Before the initiating the upgrade process, make sure that the browser used to access the administrative console is supported. There have been cases when unsupported browsers caused login problems after the upgrade was completed.
Refer to the PGP Universal Server documentation for the list of supported browsers.
In the administrative console, select Consumers > Directory Synchronization
When using LDAP (or Active directory), it is important to ensure these directories can be contacted by ALL PGP Universal Servers that are to be upgraded.
To verify communications, navigate to select Consumers > Directory Synchronization. Under the Name column, select the first directory and click the link. To test the settings, click Test Connection.
In case of error, the message “LDAP Test failed” is displayed.
Please verify your settings in this case.
Continuing with the test, click View Sample Records. A pop-up browser window will display the first five results obtained using the configured LDAP settings.
If the message “No records found” is displayed (the LDAP directory does contain valid records) then the LDAP settings need to be verified.
SECTION 2: SSH CHECKLIST
1.IP Address, Subnet Mask, Gateway:
Ensure that the assigned IP address, gateway and subnet mask are correctly configured. For the PGP Universal Server to operate correctly, it is imperative that the gateway be reachable from the server.
Run the following commands to ensure that default gateway is reachable.
[root@UN-SERVER ~]# /sbin/route
The Gateway column value associated with the row having value “Default” in the Destination column is the default Gateway.