Upgrading a Screen
The following procedures explain how to upgrade a Screen to SunScreen 3.2 from SunScreen EFS 1.1, 2.0, 3.0, as well as from SunScreen 3.1 and SunScreen 3.1 Lite.
Note -
The upgrade software automatically backs up your previous SunScreen policies, certificates, and packages in case the upgrade fails. If you need to do other system backups or save other files, such as log files, do so now before upgrading your system to SunScreen 3.2. For the commands you use to back up this information, refer to the documentation that accompanied your release of SunScreen.
To Upgrade a Locally-Administered Screen
Caution - To avoid corrupting your existing policies during an upgrade, do not run the SunScreen installer, which is run only for an initial installation.
-
Open a terminal window and become root, if not already.
-
Change to the directory containing the SunScreen 3.2 product.
#cd /cdrom/cdrom0/Solaris_9/ExtraValue/CoBundled/SunScreen_3.2/sparc
-
-
The software automatically removes the existing SunScreen SKIP and SunScreen software packages.
-
No confirmations are needed or accepted. The file and package names appear as output on your monitor. Wait until this completes.
-
The SunScreen software is automatically installed and the file and package names appear as output.
-
Your existing SunScreen policies are automatically converted to SunScreen 3.2 policies.
-
If there are any conversion errors, they are itemized and appear on your monitor. Wait until this completes.
-
-
Reboot by typing:
# sync; init 6
-
Open a terminal window and become root, if not already.
-
List the policies that have been converted by typing:
# ssadm policy -l
Note -After completing the upgrade from SunScreen EFS 1.1, or 2.0, you must review your packet filtering rules to verify the filtering order because SunScreen 3.2 uses ordered packet filtering rules and ordered NAT mappings. Also, be aware that NAT mappings changed considerably in SunScreen EFS 3.0 from the NAT mappings used in prior releases of SunScreen. See the SunScreen 3.2 Administrator's Overview for details on packet filtering rules and NAT mappings. See the SunScreen 3.2 Administrator's Overview for more details on packet filtering and ordered rules.
-
Choose the one policy that you want to activate by typing:
# ssadm activate configuration_name
-
To launch the SunScreen administration GUI, run a Java-enabled Web browser compliant with JDK 1.1.3 or later, and type the following URL:
http://localhost:3852
If you were upgrading your remotely-administered Screen and have completed the procedure for upgrading a locally-administered Screen, return to "To Upgrade a Remotely-Administered Screen".
For management information, see the SunScreen 3.2 Administration Guide.
To Upgrade a Remotely-Administered Screen
The following procedures explain how to upgrade a remotely-administered Screen to SunScreen 3.2 from SunScreen EFS 1.1, 2.0, 3.0, as well as from SunScreen 3.1 and SunScreen 3.1 Lite. Upgrading requires that for remote administration you install the upgrade software on the Screen first and then on the Administration Station.
-
To upgrade your remotely-administered Screen, use the same instructions as explained in "To Upgrade a Locally-Administered Screen".
To Upgrade the Remote Administration Station
Note -
Perform this procedure manually. Do not run the upgrade script on the Administration Station.
-
Open a terminal window on the Administration Station and become root, if not already.
-
Remove each SunScreen EFS 1.1, 2.0, 3.0, SunScreen 3.1, or SunScreen 3.1 Lite package individually by typing:
Note -If you did not originally install any of these packages, omit them from the string or else remove the packages one at a time.
-
Follow the program prompts and answer all the questions with y.
The pkgrm program ends with the statement: Removal of name_of_package was successful.
-
Remove the SKIP software packages by typing:
For SunScreen EFS 1.1 and 2.0: # pkgrm SICGcrc2 SICGcrc4 SICGes SICGkeymg SICGkisup SICGbdcdr For SunScreen EFS 3.0: # pkgrm SUNWbdc SUNWbdcx SUNWrc2 SUNWrc4 SUNWrc4x SUNWes SUNWesx SUNWkeyman SUNWkisup For SunScreen 3.1 and SunScreen 3.1 Lite: # pkgrm SUNWbdc SUNWbdcx SUNWbdes SUNWbdesx SUNWrc2 SUNWrc4 SUNWrc4x SUNWes SUNWesx SUNWkeyman SUNWkisup
Note -If you did not originally install any of these packages, omit them from the string or else remove the packages one at a time.
-
This next step applies to SunScreen EFS 1.1 and 2.0 systems only. (Any SunScreen EFS 3.0 or SunScreen 3.1 cryptography upgrades can be left on your system.) Remove any SKIP cryptography upgrades by typing:
# pkgrm SICGcdes SICGc3des SICGcsafe SICGkdsup SICGkusup
Note -If you did not originally install any of these packages, omit them from the string or else remove the packages one at a time.
-
Reboot the system by typing:
# sync; init 6
-
Change to the directory containing the SunScreen 3.2 product.
#cd /cdrom/cdrom0/Solaris_9/ExtraValue/CoBundled/SunScreen_3.2/sparc
-
Add the SunScreen 3.2 packages by typing:
# pkgadd -d .
-
Install the appropriate packages then type q to quit pkgadd.
-
(For SunScreen EFS 1.1 and 2.0 systems only) Move the SKIP keys by typing:
# cp -rp /etc/opt/SUNWicg/skip/* /etc/skip/
-
(For SunScreen EFS 1.1 and 2.0 systems only) Move the SKIP keys by typing:
# cp -rp /etc/opt/SUNWicg/skip/* /etc/skip/
-
To configure and manage your Screen from an Administration Station, run a Java-enabled Web browser compliant with JDK 1.1.3 or later, and launch the SunScreen administration GUI by typing the following URL:
http://name_of_screen:3852
- © 2010, Oracle Corporation and/or its affiliates