You are here

Airlock 5 Upgrade Guide

Affects version(s): 
5.x

What's new in Airlock 5?

Here is an overview of the Airlock 5 highlights.

Preparations

Since Airlock 5 is based on Linux, Sparc Hardware is NOT supported anymore.

  • Make sure your current Airlock 4.2 system is up to date and fully working. Versions of Airlock older than 4.2 are not supported for a direct upgrade to version 5.
  • Check Hardware Compatibility.
  • Backup your configuration file including the SSL private keys by downloading it from the Configuration Center (airlock_cfg_withkeys_<hostname>_<yyyymmdd>.zip).
  • Backup all add-on modules installed on Airlock (Authentication Service, SOAP and XML Filter, SSL VPN Module, Application Portal etc.) using SSH/SCP.
  • Keep in mind, that this is a new installation and all logfiles are lost. Backup the logfiles, if required.
  • Prepare a list of all manual changes in the httpd.conf.in file. Airlock 5 supports Apache Expert Settings directly from the Configuration Center, making changes in httpd.conf.in unnecessary for most settings.
  • Backup all other manual changes from other files e.g. logsurfer.conf.user.custom, etc.
  • If additional Configuration Center users are configured, backup the settings by saving the files password.properties, roles.properties and assertion_key.properties from /airlock/management/gui/auth/
  • If special Configuration Center authentication is implemented, backup the authenticator.properties from /airlock/management/gui/auth/
  • You need to convert your old license files to use them on Airlock 5. The system can't be activated with a 4.2 license. Please use the license conversion form to request an updated license from Ergon.

Installation

During the installation the disks are reformatted. All data will be lost. Keep Config during installation is NOT possible.

For upgrading a failover cluster, follow the steps described in this article.

  • Upgrade your test environment and test the configuration before you touch your productive systems!
  • Insert the Airlock 5 installation DVD and reboot.
  • Follow the on-screen instructions.
  • After installation, log in to the Configuration Center and check if all settings are correctly converted (see next section).

Converting the configuration

Your old configuration is converted automatically when imported in Airlock 5.

There are a few configuration items that require your attention. Please check the following issues.

  • License
    Airlock 4.2 licenses are not accepted. Add the new Airlock 5 license requested through the license conversion form.
  • Regular Expression POSIX to PCRE
    The Regular Expression syntax changed from POSIX Extended Regular Expression (ERE) to Perl Compatible Regular Expression (PCRE). During configuration import the patterns will be converted automatically. Wherever possible, patterns are migrated to their best semantic replacement. In some cases the patterns will not be changed during import but a validation markup (?#check this) will be added in front of the corresponding pattern. Patterns containing the markup string will enforce a validation warning, thus the administrator itself has to check the correctness of those specific patterns. If the pattern is correct, the warning can be removed by deleting the markup string. For more details see here.
  • httpd.conf.in
    With Airlock 5, Apache specific settings are configured directly in the Configuration Center. Therefore, if you had custom settings in your httpd.conf.in file, you can now add those settings in the Apache Expert Settings.
  • Syntax URL definition pattern for URL Encryption
    The syntax for marking URLs in rewrite rules changed from "$<URL>: to "?<URL>". All occurrences will be converted automatically during configuration import.
  • http-only flag
    Airlock 5 sets the http-only flag where applicable - if and only if SSL VPN is turned off. The previous workaround by setting "Session cookie path" with "/; http-only" on the Virtual Host is not needed anymore and should be removed. For more information see "Expert Settings -> Security Gate / Apache -> default settings file -> HTTPONLY FLAG".

Migrating custom system settings

If you have applied custom settings to your system (e.g., customized events, additional Configuration Center users, customized authentication), please refer to this article for migration. If you have not applied custom settings, it is safe to skip this step.

Knowledge Base Categories: