Before you can upgrade or reinstall a security server instance, you must remove the current IPsec rules that govern communication between the security server and its paired View Connection Server instance. If you do not take this step, the upgrade or reinstallation fails.

About this task

Important:

This task pertains to View 5.1 and later security servers. It does not apply to View 5.0.x and earlier security servers.

By default, communication between a security server and its paired View Connection Server instance is governed by IPsec rules. When you upgrade or reinstall the security server and pair it again with the View Connection Server instance, a new set of IPsec rules must be established. If the existing IPsec rules are not removed before you upgrade or reinstall, the pairing fails.

You must take this step when you upgrade or reinstall a security server and are using IPsec to protect communication between the security server and View Connection Server.

You can configure an initial security server pairing without using IPsec rules. Before you install the security server, you can open View Administrator and deselect the global setting Use IPSec for Security Server Connections, which is enabled by default. If IPsec rules are not in effect, you do not have to remove them before you upgrade or reinstall.

Note:

You do not have to remove a security server from View Administrator before you upgrade or reinstall the security server. Remove a security server from View Administrator only if you intend to remove the security server permanently from the View environment.

With View 5.0.x and earlier releases, you could remove a security server either from within the View Administrator user interface or by using the vdmadmin -S command-line command. In View 5.1 and later releases, you must use vdmadmin -S. See "Removing the Entry for a View Connection Server Instance or Security Server Using the -S Option" in the View Administration document.

Caution:

If you remove the IPsec rules for an active security server, all communication with the security server is lost until you upgrade or reinstall the security server. Therefore, if you use a load balancer to manage a group of security servers, perform this procedure on one server and then upgrade that server before removing IPsec rules for the next server. You can remove servers from production and add them back one-by-one in this manner to avoid requiring any downtime for your end users.

Procedure

  1. In View Administrator, click View Configuration > Servers.
  2. In the Security Servers tab, select a security server and click More Commands > Prepare for Upgrade or Reinstallation.

    If you disabled IPsec rules before you installed the security server, this setting is inactive. In this case, you do not have to remove IPsec rules before you reinstall or upgrade.

  3. Click OK.

Results

The IPsec rules are removed and the Prepare for Upgrade or Reinstallation setting becomes inactive, indicating that you can reinstall or upgrade the security server.

What to do next

Upgrade or reinstall security server.