Navigator Key Trustee Server

Navigator Key Trustee Server (KTS) is being deprecated in CDP Private Cloud Base 7.1.9 immediately. Navigator Key Trustee Server will continue to be supported for the entire lifespan of CDP Private Cloud Base 7.1.9, including all service packs. For identical key and encryption management, customers must move to Ranger KMS. Also, Customers using Navigator Encrypt (NavEncrypt) will need to migrate metadata storage to Ranger KMS.

The ability to migrate keys and encryption metadata from Navigator KTS to Ranger KMS exists as of CDP Private Cloud Base 7.1.9. However, some more advanced configurations will require a more recent version of CDP 7.1.9. Note that the version mentioned is of the CDP cluster that Ranger KMS will be installed on and not the version of the KTS cluster; which can remain on a version no older than CDP 7.1.7. Customers using Navigator Key Trustee Server without an HSM, with or without Navigator Encrypt, can migrate to Ranger KMS in CDP 7.1.9. If an HSM is being used, but Navigator Encrypt is not being used, then the customer must be on at least CDP 7.1.9 Service Pack 1 (SP1). If an HSM and Navigator Encrypt is being used, please notify your account team. Refer to the flowchart below for a summary of the minimum required CDP version requirements.


Detailed migration steps are available in the CDP documentation topic Migrating keys from Key Trustee Server to Ranger KMS.