Before you can upgrade or reinstall a security server instance, you must remove the current IPsec rules that govern communication between the security server and its paired Connection Server instance. If you do not take this step, the upgrade or reinstallation fails.

By default, communication between a security server and its paired Connection Server instance is governed by IPsec rules. When you upgrade or reinstall the security server and pair it again with the Connection Server instance, a new set of IPsec rules must be established. If the existing IPsec rules are not removed before you upgrade or reinstall, the pairing fails.

You must take this step when you upgrade or reinstall a security server and are using IPsec to protect communication between the security server and Connection Server.

You can configure an initial security server pairing without using IPsec rules. Before you install the security server, you can open Horizon Administrator and deselect the global setting Use IPSec for Security Server Connections, which is enabled by default. If IPsec rules are not in effect, you do not have to remove them before you upgrade or reinstall.

Note: You do not have to remove a security server from Horizon Administrator before you upgrade or reinstall the security server. Remove a security server from Horizon Administrator only if you intend to remove the security server permanently from the Horizon 7 environment.

With View 5.0.x and earlier releases, you could remove a security server either from within the Horizon Administrator user interface or by using the vdmadmin -S command-line command. In View 5.1 and later releases, you must use vdmadmin -S. See "Removing the Entry for a Horizon Connection Server Instance or Security Server Using the -S Option" in the Horizon 7 Administration document.

Caution: If you remove the IPsec rules for an active security server, all communication with the security server is lost until you upgrade or reinstall the security server. Therefore, if you use a load balancer to manage a group of security servers, perform this procedure on one server and then upgrade that server before removing IPsec rules for the next server. You can remove servers from production and add them back one-by-one in this manner to avoid requiring any downtime for your end users.

Procedure

  1. In Horizon Administrator, click View Configuration > Servers.
  2. In the Security Servers tab, select a security server and click More Commands > Prepare for Upgrade or Reinstallation.
    If you disabled IPsec rules before you installed the security server, this setting is inactive. In this case, you do not have to remove IPsec rules before you reinstall or upgrade.
  3. Click OK.

Results

The IPsec rules are removed and the Prepare for Upgrade or Reinstallation setting becomes inactive, indicating that you can reinstall or upgrade the security server.

What to do next

Upgrade or reinstall security server.