cancel
Showing results for 
Search instead for 
Did you mean: 

Upgrading from 7.5 to 8.1.2 – token question

mfalge
Level 3

We are upgrading from 7.5 to 8.1.2. We have a mix of *nix and Windows clients. When I do a manual upgrade on one of the Windows clients I am asked to verify the master fingerprint and to enter a token.

I’m still a little confused on this part of the install. If you don’t use a token it warns that backups may fail. Are tokens required for the 8.1.* clients? If so, do you have to issue a token for each of the clients (we have thousands)? Also, if the token is not required am I jeopardizing the security of master/client communication if I leave them out? Mostly looking for best practices when upgrading thousands of clients.

5 REPLIES 5

Amol_Nair
Level 6
Employee
Yes tokens are required while installing or upgrading clients starting from nbu 8.1

you can go to token management and create 1 token and set the number of uses to the number of clients you have and the same token can be used for all the client installation/upgrade

If you do not provide the token even after installation of newer nbu on the client the master would not be able to communicate with the client or vice versa hence no backups would run. This is because without providing the token and verifying the masters fingerprint certificates would never be deployed on the client and you would need to manually deploy them on each of the clients..

So to summarise you can use 1 token for multiple clients as long as the number of uses remaining is not 0 and the token is not expired.. If you are reinstalling a client or redeploying any of the certificates which are revoked in that case you would need a reissue token.. This is a special type of token and is specific to a client or server

And another point to note is that ideally while upgrading to nbu 8.1.2 it must be done from 7.7.x versions not older version.. But as you mentioned that its just clients it shouldn’t really be much of an issue.. But in case you have any upgrade of media server in the environment or any other master server do note that you go to 7.7.x version prior to jumping to 8.1.2

Tousif
Level 6

Hello,

 

Please confirm the security level set on the master server. If it set the "Very High" then you have provided the token for each client.

Security Level:

https://www.veitas.com/support/en_US/doc/21733320-127424841-0/v120724194-127424841

HowTo

https://www.veritas.com/support/en_US/doc/21733320-127424841-0/v120724194-127424841

 

 

mad_about_you
Level 4

asking the obvious, have you upgraded first the master server to 8.1.2 before starting with your clients?

Some great info, thanks! Because we couldn't shut down our current masters and halt production backups we opted to create a new set of master/media servers with 8.1.1 (soon to be 8.1.2) and then append the clients with the new master/media server lists. I'm not sure if that was the best solution but it's where we are at.

That's good to hear that we can reuse the tokens for clients rather than having to create a new one for each client. Is there a limit to how many uses we can set for a token (infinity)? Are there some best practices on how to use tokens - one for *nix clients and one for Windows?

Amol_Nair
Level 6
Employee
The maximum number of uses that you can set for a token is 99999 and the maximum duration you can set is 999 days

But you could kind of consider it as infinity itself because however large your environment maybe there is no way that you have 99999 hosts..

Take a look at the below link for details on token management

https://www.veritas.com/support/en_US/doc/21733320-127424841-0/v120724194-127424841