To upgrade to the latest version of Edge Flow Manager (EFM), you must download the
tar file, uncompress the tar file, configure properties, stop the old server, and start the
new server.
Download the tar file of the latest release.
Unzip the tar file.
Configure the following:
Copy over any custom configuration property values from the previous
install to the new install.
Copy over the database driver from the previous install to the new
install. Either take the driver you downloaded earlier (as described in
Installing databases for EFM) or you can download it
again.
In order to not lose any data, confirm that the database properties
that start with efm.db.* match identically to the
previous install so that the new version of the server connects to the
old database. If you are using H2 database, do not forget to sync the
content of the database folder between the old and the new
installation.
Set the efm.encryption.password property.
This is a master password used for encrypting sensitive data saved to
the EFM server. You can set it through the
efm.properties file, a command line argument, or an
OS environment variable.
By default, the EFM application uses AES encryption. The encryption
key used is deterministically derived from an encryption password that
the admin user must provide to the application at runtime. The property
that is read for the encryption password is
efm.encryption.password. You can set the value for
this property in following ways:
As a command line argument: ./bin/efm.sh
--efm.encryption.password=myEfmPassword
As a Java System Property:
-Defm.encryption.password=myEfmPassword
As an OS environment variable: export
EFM_ENCRYPTION_PASSWORD=myEfmPassword
As a key/value pair in the efm.properties file:
efm.encryption.password=myEfmPassword
The derived encryption key length is determined by your Java Runtime
Environment encryption strength profiles.
It is strongly recommended to enable Unlimited Strength
Encryption in your Java Runtime Environment.
Before you upgrade to version 1.3.0, decide what port you should use to
access EFM, as the default EFM port is changed to 10090 (was 10080).
This accounts for the changes in recent versions of browsers, including
Chrome and Firefox, that are blocking HTTP, HTTPS, and FTP access to TCP
port 10080 to prevent the ports from being abused in NAT Slipstreaming
2.0 attacks.
Set the efm.security.user.auth.enabled property, in
the efm.properties file, to true if
you are using a secured EFM with user authentication.
If user authentication is enabled, users no longer have access to all
parts of EFM and need to be granted access policies to specific agent
classes. You can set an initial admin identity for the user that grants
access to other users using the
efm.security.user.auth.adminIdentities property in
the efm.properties file. For more information, see
Securing EFM.
As SSO, OIDC and SAML are now available, you can migrate to those user
authentication mechanisms if you were previously using Knox or mTLS with
client certificates for user authentication.
Optional. Configure EFM to run as a service using, for example,
init.d or systemd depending on your Linux
distribution.
Stop the old server.
Start the new server.
Use the following command to run as a background process:
/path/to/efm-<version>/bin/efm.sh start
You can install EFM as an OS service and start it by using the OS
service commands. For example, use the following command if EFM is installed
as an OS service: