To upgrade to the latest version of Edge Flow Manager, you must
download the tar file, uncompress the tar file, configure properties, stop the old server,
and start the new server.
Download the tar file of the latest release.
Unzip the tar file.
Configure the following:
Copy over any custom configuration property values from the previous
install to the new install.
Copy over the database driver from the previous install to the new
install. Either take the driver you downloaded earlier (as described in
Installing databases for Edge Flow Manager) or you can download it again.
In order to not lose any data, confirm that the database properties
that start with efm.db.* match identically to the
previous install so that the new version of the server connects to the
old database. If you are using H2 database, do not forget to sync the
content of the database folder between the old and the new
installation.
Set the efm.encryption.password property.
This is a master password used for encrypting sensitive data saved to
the Edge Flow Manager server. You can set it through
the efm.properties file, a command line argument, or an
OS environment variable.
By default, the Edge Flow Manager application uses
AES encryption. The encryption key used is deterministically derived
from an encryption password that the admin user must provide to the
application at runtime. The property that is read for the encryption
password is efm.encryption.password. You can set the
value for this property in following ways:
As a command line argument: ./bin/efm.sh
--efm.encryption.password=myEfmPassword
As a Java System Property:
-Defm.encryption.password=myEfmPassword
As an OS environment variable: export
EFM_ENCRYPTION_PASSWORD=myEfmPassword
As a key/value pair in the efm.properties file:
efm.encryption.password=myEfmPassword
The derived encryption key length is determined by your Java Runtime
Environment encryption strength profiles.
It is strongly recommended to enable Unlimited Strength
Encryption in your Java Runtime Environment.
Before you upgrade to version 1.3.0, decide what port you should use to
access Edge Flow Manager, as the default Edge Flow Manager port is changed to 10090 (was 10080).
This accounts for the changes in recent versions of browsers, including
Chrome and Firefox, that are blocking HTTP, HTTPS, and FTP access to TCP
port 10080 to prevent the ports from being abused in NAT Slipstreaming
2.0 attacks.
Set the efm.security.user.auth.enabled property, in
the efm.properties file, to true if
you are using a secured EFM with user authentication.
If user authentication is enabled, users no longer have access to all
parts of EFM and need to be granted access policies to specific agent
classes. You can set an initial admin identity for the user that grants
access to other users using the
efm.security.user.auth.adminIdentities property in
the efm.properties file. For more information, see
Securing Edge Flow Manager.
As SSO, OIDC and SAML are now available, you can migrate to those user
authentication mechanisms if you were previously using Knox or mTLS with
client certificates for user authentication.
Optional: Configure Edge Flow Manager to run as a service using, for
example, init.d or systemd depending on your
Linux distribution.
Stop the old server.
Start the new server.
Use the following command to run as a background process:
/path/to/efm-<version>/bin/efm.sh start
Install Edge Flow Manager as an OS service and start it
by using the OS service commands. For example, use the following command if
Edge Flow Manager is installed as an OS
service:
