Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.
Versions
  • London
  • Kingston
  • Jakarta
  • Istanbul
  • Helsinki
  • Geneva
  • Store
Close

Edge Encryption upgrades

Edge Encryption upgrades

You can schedule an upgrade to enable the instance to upgrade the Edge Encryption proxy server, or manually upgrade the proxy server at any time.

Scheduled upgrade

Schedule an upgrade to allow the instance to upgrade the proxy server at the scheduled time. This functionality is available by default after upgrading. A scheduled upgrade includes these events:

  1. The proxy server checks with the instance to see if there is a new version available for upgrade. New versions generally become available when the instance is upgraded.
  2. The administrator receives a notification upon logging in when a new version of the proxy server is available.
  3. The administrator can schedule an Edge Encryption proxy server upgrade for each proxy server.
    Note: Only users with the security_admin role can create an upgrade schedule through the proxy server.
  4. Once the upgrade is scheduled, the proxy server automatically upgrades at the scheduled time. During the upgrade, the proxy server is offline for only a short time.
    Note: Because the proxy server restarts during the upgrade, it is offline for a short time. The amount of time is determined by your environment and how long it takes to stop and restart the proxy service.
  5. During the scheduled upgrade, a new proxy directory is created and your configuration files are copied to the new directory. New properties are written to your existing properties file. The following files or directories in your old proxy directory are copied to the new proxy directory.
    • /conf directory
    • /keys directory
    • /keystore directory
    • java/jre/lib/security/cacerts file
    • java/jre/lib/security/local_policy.jar file
    • java/jre/lib/security/US_export_policy.jar file

    As a result, your keys, keystores, settings, certificates, and Java Cryptography Extension (JCE) files are preserved.

    Caution: Only the above files are copied to the new proxy directory. Any other customized files in the proxy server directory will not be preserved during a scheduled upgrade. The upgrade log file can be found in the original proxy directory in the following folder: <original-proxy-directory>/tmp/upgrade-wrapper/bin.
Manual upgrade
Instead of creating an upgrade schedule, you can manually upgrade each proxy server through the command line. See Manually upgrade an Edge Encryption proxy server running on Linux or Manually upgrade an Edge Encryption proxy server running on Windows.

Proxy build status

You can easily identify whether a proxy server is out of date by navigating to Edge Encryption Configuration > Proxies > All. The status of your proxy build is indicated in the Proxy build column by the following colors:

Green
Your proxy server is up-to-date.
Yellow
Your proxy server is out-of-date and an upgrade is needed.
Orange
Upgrade failed. Your proxy server reverts back to the old version to ensure that there is no downtime.

Troubleshoot a failed scheduled upgrade

When a scheduled upgrade fails, the proxy server reverts to the version you are upgrading from. All original data, keys, and configuration files are preserved. This process may take several minutes. Contact ServiceNow Customer Support to ensure a successful upgrade.

To determine the reason for the failure, you can check the Failure Reason in the upgrade schedule. In addition, the installation directory for the failed upgrade is maintained so that log files are available for troubleshooting.

Caution: Before deleting any extra proxy directories, always confirm which directory is current by reviewing the log files. If the log files have recent activity, the proxy might be connected to your instance.

If a scheduled upgrade fails repeatedly, you can manually upgrade your proxy server. See Manually upgrade an Edge Encryption proxy server running on Linux and Manually upgrade an Edge Encryption proxy server running on Windows.

Mixed proxy-version environments

While an environment running old versions of the proxy server with up-to-date versions of the proxy server is not recommended, it is supported if all proxy servers are within the same version family as your instance. For example, if you have an instance on the Jakarta release, your environment supports proxy servers from any Jakarta patch or hot fix. However, the following limitations apply.

  • If one proxy server supports functionality that another proxy does not support, you will see inconsistent behavior depending on which proxy server is used.
  • If a proxy server is out-of-date, it may not include recent security enhancements.

If a proxy server from a previous release is registered with a newer release of the instance, you will receive regular notifications that the proxy server is out-of-date. To ensure an optimal and secure environment, ServiceNow recommends always upgrading your proxy server to the most recent version of the software supported by your instance.