Upgrading EFM

To upgrade to the latest version of Edge Flow Manager (EFM), you must download the tar file, uncompress the tar file, configure properties, stop the old server, and start the new server.

  1. Download the tar file of the latest release.
  2. Unzip the tar file.
  3. Configure the following:
    1. Copy over any custom configuration property values from the previous install to the new install.
    2. In order to not lose any data, confirm that the database properties that start with efm.db.* match identically to the previous install so that the new version of the server connects to the old database.
    3. Set the efm.encryption.password property.
      This is a master password used for encrypting sensitive data saved to the EFM server. You can set it through the efm.properties file, a command line argument, or an OS environment variable.
      By default, the EFM application uses AES encryption. The encryption key used is deterministically derived from an encryption password that the admin user must provide to the application at runtime. The property that is read for the encryption password is efm.encryption.password. You can set the value for this property in following ways:
      • As a command line argument: ./bin/efm.sh --efm.encryption.password=myEfmPassword
      • As a Java System Property: -Defm.encryption.password=myEfmPassword
      • As an OS environment variable: export EFM_ENCRYPTION_PASSWORD=myEfmPassword
      • As a key/value pair in the efm.properties file: efm.encryption.password=myEfmPassword
      The derived encryption key length is determined by your Java Runtime Environment encryption strength profiles.
      • Unlimited Strength Encryption active: AES 256-bit key
      • Unlimited Strength Encryption inactive: AES 128-bit key

      It is strongly recommended to enable Unlimited Strength Encryption in your Java Runtime Environment.

    4. Before you upgrade to version 1.3.0, decide what port you should use to access EFM, as the default EFM port is changed to 10090 (was 10080). This accounts for the changes in recent versions of browsers, including Chrome and Firefox, that are blocking HTTP, HTTPS, and FTP access to TCP port 10080 to prevent the ports from being abused in NAT Slipstreaming 2.0 attacks.
    5. Set the efm.security.user.auth.enabled property, in the efm.properties file, to true if you are using a secured EFM with user authentication.
    6. If user authentication is enabled, users no longer have access to all parts of EFM and need to be granted access policies to specific agent classes. You can set an initial admin identity for the user that grants access to other users using the efm.security.user.auth.adminIdentities property in the efm.properties file. For more information, see Securing EFM.
    7. As SSO, OIDC and SAML are now available, you can migrate to those user authentication mechanisms if you were previously using Knox or mTLS with client certificates for user authentication.
  4. Optional. Configure EFM to run as a service using, for example, init.d or systemd depending on your Linux distribution.
  5. Stop the old server.
  6. Start the new server.
    • Use the following command to run as a background process:
      /path/to/efm-<version>/bin/efm.sh start
    • You can install EFM as an OS service and start it by using the OS service commands. For example, use the following command if EFM is installed as an OS service:
      service efm start