I have Centrify Server 2017 installed. Should and how do I upgrade to Centrify-Suite-2018?

Showing results for 
Search instead for 
Do you mean 
Reply
Participant II
Posts: 2
Registered: ‎10-03-2017
#1 of 2 518

I have Centrify Server 2017 installed. Should and how do I upgrade to Centrify-Suite-2018?

I have Centrify Server 2017 installed.  Should and how do I upgrade to Centrify-Suite-2018?

Thanks,

Nathanael

Highlighted
Centrify Guru I
Posts: 2,433
Registered: ‎07-26-2012
#2 of 2 509

Re: I have Centrify Server 2017 installed. Should and how do I upgrade to Centrify-Suite-2018?

[ Edited ]

Bear,

Welcome back.

 

"Should I upgrade?" - this boils down to what security practitioners call "due diligence" 

What I recommend is tha you stay on top of sofware and security advisories.  For example, as you know our software uses Open Source components like OpenLDAP, cURL and OpenSSL packages.  If a CVE comes out that has a high security rating (confidentiality/integrity/availability) that based on your organization's risk tolerance, and the fix is in an upgrade, then you must upgrade.  For our software, we provide this page:

https://www.centrify.com/support/customer-support-portal/policies/product-security

for us to disclose any security-related issues with our software.

 

There may be other reasons like performance, capabilities, etc.  For example - Container Linux and Docker container support was provided last year.  If you have any apps that rely on that tech and it's management neds to be centralized, privilege management is needed or session capture, then you would upgrade to get that version to satisfy that use case.

 

Does this make sense?

 

How do I upgrade?


Each release contains an upgrade guide as part of the documentation set.
Here's a link to the 2018 upgrade guide.

https://docs.centrify.com/en/css/18.8/centrify-upgrade-guide.pdf 

 

Note that we have provided a summer update (18.8) and will provide an update in December.

 

Upgrade Tips
// These do not apply to the vault or brokered authentication clients.

a) Note that unless you’re running DirectAudit or other tooling (mentioned below) there is no ‘Centrify Server’; the Service Infrastructure is Active Directory.
b) Consoles can be upgraded in place. They are just MMCs.
c) Clients can be upgraded in place as long as the new version is supported for the OS version.
d) DirectAudit usually requires planning and you want to work from DB/Management Server to Collectors to Agents.
e) Tooling:
- ZPA can be upgraded in place. Make sure you have a ‘stand-by ZPA’ if you have sensitive SLAs.
- Kerberized PuTTY can be upgraded in place.
- Report Service can be upgraded in place.
- Centrified OpenSSH, NIS Proxy, LDAP Proxy can be upgraded in place, as long as the OS is supported in the new version.
- Licensing Service can be upgraded in place (should have multiple).

Note: If you just have Express, use the native package manager (yum/rpm, apt) or better with Chef/Puppet to upgrade the package we provide. If using long running daemons (e.g. like some AIX programs) a reboot is in order.

R.P

Want to learn more about practical Centrify examples? Check out my blog at http://centrifying.blogspot.com
Follow Centrify: