Upgrade Tenable Identity Exposure

Required User Role: Administrator on the local machine

Before you start

Tenable strongly recommends that you take a snapshot of your environment before you upgrade. If the upgrade fails, Tenable Identity Exposure support cannot perform a rollback, and this results in a fresh installation and cause you to lose your previous data.

Back up and restore the Storage Manager

Tenable strongly recommends that you back up the Storage Manager before you upgrade Tenable Identity Exposure.

For instructions on how to back up or restore MSSQL, see the official Microsoft documentation.

Upgrade to use Secure Relay

Tenable Identity Exposure v. 3.59 introduces Secure Relay, a new secure external transfer mode using HTTPS for your Active Directory data to the rest of the platform. Internally, it continues to use Advanced Message Queuing Protocol Secure (AMQPS).

Another advantage of Secure Relay lies in its ability to upgrade automatically when you upgrade Tenable Identity Exposure, especially if your platform uses several DLs.

For more information, see Secure Relay in the Tenable Identity Exposure Administrator Guide.

Upgrade path

To upgrade to the latest version of Tenable Identity Exposure, you must follow this installation path: 2.7 -> 3.1 -> 3.11 -> 3.19 -> 3.29 -> 3.42 -> 3.59.

Note: You can upgrade to the next major release from any minor release.

Upgrade order

To upgrade Tenable Identity Exposure, proceed in the following order:

  1. Upgrade the Directory Listener.

  2. Upgrade Security Engine Nodes.

  3. Upgrade the Storage Manager.

Note: During the upgrade, the Tenable Identity Exposure installer asks you to choose a TLS installation type. For more information, see Installation Options.

Update the TLS certificate

It is possible to update the TLS certificate either during an upgrade of Tenable Identity Exposure or if you need to renew an expired certificate, as follows:

  1. Update the certificate (CRT) and KEY files in the default folder Tenable\Tenable.ad\Certificates.

    Note: If your new certificate is in Personal Information Exchange (PFX) format, you can use the installed openssl.exe command line to extract the CRT and KEY.
  2. Restart Services.

See also