Edge Encryption upgrades You can schedule an upgrade to enable the instance to upgrade the Edge Encryption proxy server, or manually upgrade the proxy server at any time. Scheduled upgrade Schedule an upgrade to allow the instance to upgrade the proxy server at the scheduled time. This functionality is available by default after upgrading. A scheduled upgrade includes these events: The proxy server checks with the instance to see if there is a new version available for upgrade. New versions generally become available when the instance is upgraded. The administrator receives a notification upon logging in when a new version of the proxy server is available. The administrator can schedule an Edge Encryption proxy server upgrade for each proxy server. Note: Only users with the security_admin role can create an upgrade schedule through the proxy server. Once the upgrade is scheduled, the proxy server automatically upgrades at the scheduled time. During the upgrade, the proxy server is offline for only a short time. Note: Because the proxy server restarts during the upgrade, it is offline for a short time. The amount of time is determined by your environment and how long it takes to stop and restart the proxy service. During the scheduled upgrade, a new proxy directory is created and your configuration files are copied to the new directory. New properties are written to your existing properties file. The following files or directories in your old proxy directory are copied to the new proxy directory. /conf directory /keys directory /keystore directory java/jre/lib/security/cacerts file As a result, your keys, keystores, settings, and certificates are preserved. Caution: Only the above files are copied to the new proxy directory. Any other customized files in the proxy server directory will not be preserved during a scheduled upgrade. The upgrade log file can be found in the original proxy directory in the following folder: <original-proxy-directory>/tmp/upgrade-wrapper/bin. Manual upgrade Instead of creating an upgrade schedule, you can manually upgrade each proxy server through the command line. See Manually upgrade an Edge Encryption proxy server running on Linux or Manually upgrade an Edge Encryption proxy server running on Windows. Proxy build statusYou can easily identify whether a proxy server is out of date by navigating to Edge Encryption Configuration > Proxies > All. The status of your proxy build is indicated in the Proxy build column by the following colors: Green Your proxy server is up-to-date. Yellow Your proxy server is out-of-date and an upgrade is needed. Orange Upgrade failed. Your proxy server reverts back to the old version to ensure that there is no downtime. Troubleshoot a failed scheduled upgrade When a scheduled upgrade fails, the proxy server reverts to the version you are upgrading from. All original data, keys, and configuration files are preserved. This process may take several minutes. Contact ServiceNow Customer Support to ensure a successful upgrade. To determine the reason for the failure, you can check the Failure Reason in the upgrade schedule. In addition, the installation directory for the failed upgrade is maintained so that log files are available for troubleshooting. Caution: Before deleting any extra proxy directories, always confirm which directory is current by reviewing the log files. If the log files have recent activity, the proxy might be connected to your instance. If a scheduled upgrade fails repeatedly, you can manually upgrade your proxy server. See Manually upgrade an Edge Encryption proxy server running on Linux and Manually upgrade an Edge Encryption proxy server running on Windows. Java minimum requirements The host machine installing or running the Edge Encryption proxy server must maintain a supported version of Java: Java 8 update 121 (8u121) Java 8 update 141 (8u141) Java 8 update 151 (8u151) or higher Note: Java 8 update 131 (8u131) is not supported. Important: Before installing the Edge Encryption proxy server, check that the $JAVA_HOME variable is pointing to a supported version of Java for each user that will run the proxy server. For example, if installing the proxy server as a local administrator on Windows, check that the $JAVA_HOME variable is pointing to the correct version of Java system-wide. If installing on Linux, check that each user that will run the proxy server has this variable correctly defined. If a supported version of Java is not found, the Edge Encryption proxy server will not run. If using AES 256-bit encryption with Java 8 update 141 (8u141) or lower, you must install the Java Cryptography Extension (JCE) jurisdiction policy files by copying them into the system Java home directory of each Edge Encryption proxy server host. Add these files to the <Java-home-directory>/jre/lib/security folder before performing a scheduled or manual upgrade. To install the AES 256-bit encryption policy files, see Enable AES 256-bit encryption for Java 8 update 141 (8u141) or lower. Mixed proxy-version environments While an environment running old versions of the proxy server with up-to-date versions of the proxy server is not recommended, it is supported if all proxy servers are within the same version family as your instance. For example, if you have an instance on the Kingston release, your environment supports proxy servers from any Kingston patch or hot fix. However, the following limitations apply. If one proxy server supports functionality that another proxy does not support, you will see inconsistent behavior depending on which proxy server is used. If a proxy server is out-of-date, it may not include recent security enhancements. If a proxy server from a previous release is registered with a newer release of the instance, you will receive regular notifications that the proxy server is out-of-date. To ensure an optimal and secure environment, ServiceNow recommends always upgrading your proxy server to the most recent version of the software supported by your instance. Schedule an Edge Encryption proxy server upgradeCreate an upgrade schedule to enable the instance to upgrade an out-of-date proxy server.Manually upgrade an Edge Encryption proxy server running on LinuxUpdate a proxy running on Linux. Manually upgrade an Edge Encryption proxy server running on WindowsUpdate a proxy running on Windows.Roll back an Edge Encryption proxy server upgradeIf a proxy upgrade is unsuccessful, you can go back to the earlier version.