System Upgrades
Operating system, hardware, and network upgrades can affect your installation. Before making any changes to your system, contact a BeyondTrust Technical Support representative to review any corresponding changes that might be needed for your installation. We also strongly recommend that you run pbbench before and after making system changes. If you are making changes to a policy server host, then we also recommend pbcheck.
Operating System and Hardware Upgrades
EPM-UL must be reinstalled when making operating system or hardware upgrades. In the case of hardware upgrades, it may also be necessary to request a new license string from your BeyondTrust sales representative. If the unique machine ID generated by pbadmin --info --uuid for a primary license server host changes, then your current license string becomes invalid and EPM-UL no longer works.
Network Upgrades
Changes to the network environment may make it necessary to change the EPM-UL configuration. The specific actions required to configure EPM-UL during a network upgrade vary with the items that are installed or modified.
Add NIS, NIS+, and Netgroups
The NIS services maps must be updated if NIS, NIS+, or netgroups is configured after EPM-UL installation. Any superdaemons (inetd or xinetd) must also be restarted so that the new or updated port information is read from NIS.
Add Kerberos
If Kerberos is configured after EPM-UL installation, the Kerberos settings in the settings file need to be updated:
- Change the existing kerberos setting from no to yes.
- Check the keytab setting to see if it is relevant.
- Ensure that all of the principals and other Kerberos artifacts are added as appropriate.
For more information, see keytab.
Add NFS
When mounting file systems across different platforms, ensure that the correct platform executable files are available for each platform and that the PATH environment variable points to the correct executable files for that platform.
Remember that EPM-UL daemon error logs, event logs, and I/O logs on remote mounted file systems are not supported.
Add DNS
When using DNS to resolve unqualified host names, run nslookup to verify a host name exists and resolves properly.
In all cases, remember to do the name and reverse lookup. Both must work correctly for EPM-UL to function.
Add a Firewall
If your installation needs to be updated to work through a firewall, then specific entries need to be updated or added in the /etc/pb.settings file.
Add SSL
Entries need to be updated or added in the /etc/pb.settings file if your EPM-UL installation needs to be updated to work with SSL.
