Mixed-version environments during an upgrade
During an upgrade, your Guardium® environment enters a mixed-version state with restricted functionality.
Guardium upgrades cannot be completed on all systems (central managers, aggregators, and collectors) and all S-TAPs simultaneously. As a result, your environment enters a mixed-version state during the upgrade process. For example, after upgrading a central manager to the latest version, managed units continue operating at the previous version level until they are also upgraded.
Although mixed-version environments are supported, several limitations exist. For example, while data collection, data assessment, and policies (with some restrictions) continue working in a mixed-version environment, some new or enhanced functionality is not available until all systems are upgraded.
- Complete functionality is not available until the entire environment has been upgraded to the latest release and patch level.
- Do not make configuration changes while operating in a mixed-version environment.
- Disable TLS 1.0 and TLS 1.1 in your environment. Guardium 12.0 requires TLS 1.2 or later, and any managed units or S-TAPs that do not support at least TLS 1.2 are disconnected after upgrade. From a central manager, use an API command grdapi disable_deprecated_protocols all=true to identify any connected components that do not support at least TLS 1.2. Upgrade those components to TLS 1.2 or later so they remain connected after the upgrade. For more information, see Managing the TLS version.
- After you upgrade to 12.0 or later, custom SHA256 GIM certificates are required before you can deploy new SHA256-signed GIM bundles. For more information, see Updating Guardium Data Protection GIM clients with SHA256 certificates.
- Central managers on version 11.5 do not support registration of new managed units that are lower than version 11.5.