Navigator Key Trustee Server (KTS) is being deprecated in CDP Private Cloud Base 7.1.9
immediately. Navigator Key Trustee Server will continue to be supported for the entire lifespan of
CDP Private Cloud Base 7.1.9, including all service packs. For identical key and encryption
management, customers must move to Ranger KMS. Also, Customers using Navigator Encrypt
(NavEncrypt) will need to migrate metadata storage to Ranger KMS.
The ability to migrate keys and encryption metadata from Navigator KTS to Ranger KMS
exists as of CDP Private Cloud Base 7.1.9. However, some more advanced configurations will
require a more recent version of CDP 7.1.9. Note that the version mentioned is of the CDP cluster
that Ranger KMS will be installed on and not the version of the KTS cluster; which can remain on
a version no older than CDP 7.1.7. Customers using Navigator Key Trustee Server without an HSM,
with or without Navigator Encrypt, can migrate to Ranger KMS in CDP 7.1.9. If an HSM is being
used, but Navigator Encrypt is not being used, then the customer must be on at least CDP 7.1.9
Service Pack 1 (SP1). If an HSM and Navigator Encrypt is being used, please notify your account
team. Refer to the flowchart below for a summary of the minimum required CDP version
requirements. Detailed migration steps are available in the CDP documentation topic Migrating keys from Key Trustee Server to Ranger
KMS.
