Upgrading 24.1 to the Latest Available Hotfix - G4 Appliances

This article is applicable when upgrading Imprivata appliances to the latest available hotfix. This procedure is:

  • A recommended step before an upgrade to another major version.

  • Part of general maintenance to keep the enterprise current.

The following sections details how to complete the upgrade without incurring downtime.

Before You Start the Upgrade

Review the following before you begin.

Upgrading to the latest available hotfix of 24.1 supports a zero–downtime upgrade. During a zero–downtime upgrade, you can upgrade every appliance in the enterprise at the same time:

  • The Imprivata server remains up throughout the entire upgrade.

  • Appliances do not have to be rebooted after an upgrade.

  • Scheduled jobs are skipped until their next scheduled time. Skipped jobs include audit record maintenance, automated domain password changes, automated domain synchronization, and scheduled reports.

The upgrade requires at least 10 MBps of available bandwith. If your network has fewer than 10MBps available, then agent authentication failures or upgrade failure may occur.

BEST PRACTICE:

Perform the upgrade during off-peak network utilization hours to provide as much bandwidth as possible for the upgrade.

Consider the following:

  • Audit records are retained during the upgrade.

  • As part of the appliance upgrade, the Imprivata database is synchronized. The enterprise remains online during the synchronization, which can result in infrequent data loss.

Although unlikely, data that is collected while the database is being synchronized may be lost. As a result, some users may be required to re–enter credentials that were captured during the upgrade. Examples of lost data include:

  • User credentials captured during user authentication

  • Passwords that are reset

  • Changes made through Imprivata's provisioning interface

This type of data loss may occur only when the Imprivata database is being synchronized as part of the upgrade. It does not occur when synchronizing the Imprivata database outside of the upgrade process.

BEST PRACTICE:

Suspend provisioning to the Imprivata database during the Imprivata upgrade.

Download the Imprivata Package Manager File

The G4 Imprivata Update IPM (Imprivata Update) includes the new business logic, features, enhancements, and bug fixes for the release.

IMPORTANT:

When updating the Imprivata update IPM, all appliances in the enterprise must be at the same hotfix release.

To download the Imprivata update IPM:

  1. From the product downloads page, select the Enterprise Access Management release to which you are upgrading.

  2. Download the G4 Imprivata Update.

Prepare for the Upgrade

The following sections detail how to prepare for the upgrade.

Archiving and deleting audit records reduces the time it takes to back up the Imprivata database and complete the upgrade.

Archiving audit records requires an FTP server, network share, or SCP server on which to store the records.

If you have not yet configured a file server, see "Configuring a File Server for Storing Audit Records and Reports" in the Imprivata Online Help.

Consider the following before you archive and delete audit records:

  • Limit the number of records on the appliance to 10 million or fewer to reduce the amount of time the Imprivata database backup takes.

  • Audit records for an entire enterprise are logged from an audit appliance in the site. Record maintenance consumes bandwidth, so select a site that can accommodate the additional traffic or run the job during off-peak hours.

  • Administrator activity is not stored in audit logs and cannot be deleted.

  • Reports cannot be created from deleted data. When specifying the age of files to be deleted, consider the period of time for which you need reporting.

NOTE:

For more information on reporting using archived data, see "Running Reports on Archived Data" in the Imprivata Online Help.

To archive and delete audit records:

  1. In the Imprivata Admin Console, go to the gear icon menu > Settings page.

  2. Go to the Audit Records section.

  3. Click Manage audit records, then select Show record counts for all time to identify how many audit records are being stored on the appliance.

  4. Go to the Record Maintenance section, select Archive and Delete, and specify the minimum age of records to be archived.

    NOTE:

    Although all audit records are archived, regulated audit records that must be retained for a specific period of time are not deleted from the appliance.

  5. In Save location, enter the relative path of the location on the file server.

    NOTE:

    If the path is blank for an SCP server, the archived records are saved to the home folder of the account. For example: /home/<user>.

  6. Do one of the following:

    • Click Perform now.

    • Use the Frequency options to schedule the job, and click Save.

  7. After the job is complete, click Manage audit records, then select Show record counts for all time to identify how many audit records are being stored on the appliance.

IMPORTANT:

Ensure that the record maintenance job has completed before proceeding to the next step.

Back up the Imprivata database before beginning the upgrade. A backup file can be used to restore the database if it becomes compromised.

Backing up the Imprivata database can take ten minutes or longer, depending on its size. During the backup, users experience no interruption in service. The backup file:

  • Contains the Imprivata database for the entire enterprise — not just a single site.

  • Does not contain configuration data for the enterprise, site, or appliance.

  • Is a compressed file that can be encrypted for increased security. The file name includes a date-time stamp. For example, a file named 20250801_132506.IBU is a backup that was created in the year 2025, on August 1, at 1:25:06 pm.

It is best practice to store the Imprivata database backup file in a secure location off the appliance:

  • If you have configured a default file server for the appliance, the backup process automatically saves the backup file to the location.

  • If you have not configured a default file server, the backup process saves the backup file to the appliance. In that case, you should download it to a secure location.

NOTE:

For more information on using the Imprivata Appliance Console to configure a file server, see "Imprivata Network Settings" in the Imprivata Enterprise Access Management Online Help.

Create the Imprivata database backup file from an Imprivata audit server.

NOTE:

An Administrator or Super Administrator can create the backup file.

To create the backup file:

  1. In the Imprivata Appliance Console, go to the Systems page > Operations tab.

  2. Click Start Backup.

  3. (Optional)—If you want to encrypt the backup file, select Encryption Enabled.

    CAUTION:

    Take note of the password. If you forget the password, you are unable to use this file to restore the database.

  4. Click OK. The backup is complete when the Operations page lists the status as SUCCESS. If you have configured a file server, the backup process saves the file to this location.

  5. If you have not configured a file server, click Save to download the file. Store it in a secure location.

By default, Imprivata agents communicate with appliances in their home site. Configuring appliances for failover between sites let agents communicate with appliances across the enterprise, helping to ensure uninterrupted service during the upgrade.

To configure appliance failover:

  1. In the Imprivata Admin Console, go to the gear icon menu > Sites.

  2. Select a site from the list.

  3. Go to the IP Addresses and Failover section, and select Allow computers belonging to this site to failover to other sites?

  4. Select the primary failover site. Select failover sites with sufficient capacity to support both failed-over and regular users.

    NOTE:

    For fourth generation (G4) enterprises, Imprivata discourages the use of secondary failover sites, because Imprivata recommends having at most two sites in a G4 enterprise.

  5. Click Save.

  6. Repeat steps 2-5 for each site in the enterprise.

Upgrade the Imprivata Appliance

Upgrade to the latest available version of a HF.

This upgrade supports a zero–downtime upgrade. All appliances are upgraded at the same time.

IMPORTANT:

When updating the G4 Imprivata update IPM, all appliances in the enterprise must be at the same hotfix release.

To distribute and install the appliance update:

  1. Log into the Imprivata Appliance Console. Go to the Packages tab.

  2. Click Upload Imprivata Package, specify the file, and then click Upload.

  3. Click Distribute, and then Send, to copy the IPM to all appliances in the enterprise.

  4. Click Done when the distribution is finished.

  5. From the Imprivata Appliance Console, select the IPM and click Install. The IPM Information page appears and Install IPM on all appliances is selected.

  6. Click Install.

    IMPORTANT:

    The appliance upgrade may take 45 to 90 minutes, or possibly longer, to complete. While all appliances are being upgraded, the Imprivata Admin Console locks, and all administrative functionality is unavailable.

CAUTION:

Even if the Imprivata Admin Console is available after you start the upgrade, do not use it.

Changes you make using the Imprivata Admin Console may be lost during the upgrade.

Upgrade Failures

If the upgrade fails for any reason, error messages are displayed on the Imprivata Appliance Console.

  • Do not attempt to run the upgrade again.

  • Do not remove any of the appliances from the enterprise, as doing so would leave the enterprise in a corrupted state.

  • Do not attempt to upload other IPMs of a lower or higher version to attempt another upgrade, as doing so would leave the enterprise in a corrupted state.

  • Do not initiate a reboot or restart of the server or VM if you are not certain whether the upgrade is still in progress.

IMPORTANT:

Collect the appliance logs and contact Imprivata Technical Support to resolve the issue and complete your upgrade.

In the event of an appliance failure, collect the appliance logs for Imprivata Technical Support.

To enable one-click collection and upload of appliance logs to Imprivata:

  1. In the Imprivata Appliance Console, go to System > Logs > Log data export > Log data to include.

  2. Select all available data.

  3. To automate the delivery of logs to Imprivata, select Send a copy to Imprivata Technical Support; when selected, enter the case number provided by Imprivata Customer Support.

  4. Click Start Export. The appliance will copy logs from various system directories and create an archive file. Clicking Start Export overwrites the previous log report.

    A progress indicator is displayed while the logs are collected and exported; you can click Stop Export to cancel.

  5. After the export is complete, click View Files to open the archive.

  6. Repeat this process for additional appliances, if needed.