Deploying the Rotated Key Encryption Key - Encrypted Alpha Keywords - English - Foundation 22.1 - OnBase - Essential - Premier - Standard - external - Standard - Essential - Premier

Encrypted Alpha Keywords

Platform
OnBase
Product
Encrypted Alpha Keywords
Release
Foundation 22.1
License
Standard
Essential
Premier

Once you have rotated the Key Encryption Key (KEK), you must deploy the new OnBase Client and Configuration executables, as well as the Hyland.Core.GrabIcon.dll if you are using the OnBase Application Server. Depending on whether you are using a legacy version of the OnBase Core, you may also need to deploy the dmcore.dll.

Deploying the KEK involves locating the new executables and DLLs created by rotating the KEK and copying them over to where the old files reside, thereby deleting the old executables and DLLs and replacing them with the new ones. The new files must then be copied to all the workstations that require use of these files.

The new executables and DLLs are stored in a folder named NewKEKExecutables#, where # is the number of times that you have rotated the KEK for the selected set of executables. For example, if this is the first time you have rotated the KEK for this set of executables, the folder is named NewKEKExecutables1. If this is the fourth time you have rotated the KEK for this set of executables, the folder is named NewKEKExecutables4. The NewKEKExecutables# folders are located in the same folder as the current executables (e.g., C:\Program Files\Hyland\ OnBase Client).

If you delete the NewKEKExecutables# folder, OnBase increments the NewKEKExecutables# folder number based on any folders that exist the next time you rotate the KEK. For example, you rotate the KEK three times. You delete NewKEKExecutables2 and NewKEKExecutables3. When you rotate the KEK the fourth time, the folder is named NewKEKExecutables2. If you delete all copies of the NewKEKExecutables# folder, such that no NewKEKExecutables# folders exist, the new folder is named NewKEKExecutables1.

Note:

When you upgrade your OnBase executables, any existing NewKEKExecutables# folders are deleted.

To deploy the KEK:

  1. Navigate to the file path(s) you specified in the Executable Files field as the locations of your OnBase Client and Configuration executables.
  2. Deploy these new OnBase Client and Configuration executables by copying the executables from the NewKEKExecutables# folder and placing them in the folder where the current executables reside. This will overwrite the current executables.
  3. If you selected the Generate Core dll check box, a new Hyland.Core.GrabIcon.dll is also available in the NewKEKExecutables# folder.

    Copy the new Hyland.Core.GrabIcon.dll from this folder and paste it in the following locations, overwriting the old version of this file:

    • OnBase Core Services: In a default installation, the Core files are located at C:\Program Files\Hyland\Core(32-bit operating systems) or C:\Program Files(x86)\Hyland\Core(64-bit operating systems).

    • OnBase Application Server: In a default installation, this file is located at C:\Inetpub\wwwroot\AppServer\bin.

    • OnBase Web Server: In a default installation, this file is located at C:\Inetpub\wwwroot\AppNet\bin.

      Tip:

      To ensure that you replace all old versions of Hyland.Core.GrabIcon.dll, perform a Windows search for Hyland.Core.GrabIcon.dll.

  4. If you are using a legacy OnBase Core (released prior to OnBase 8.0), you also need to copy the new dmcore.dll from the NewKEKExecutables# folder and paste it in the folder containing the legacy OnBase Core files, overwriting the old version of the file. In a default installation the Core is installed to C:\Program Files\Hyland\Core\ for 32-bit operating systems or C:\Program Files(x86)\Hyland\Core\ 64-bit operating systems.
  5. If your OnBase version is older than OnBase 11.0 and includes the OnBase Core, you will also need to copy the new OBCorePlatMgmt.dll from the NewKEKExecutables# folder and paste it in the folder containing the OnBase Core files, overwriting the old version of the file. In a default installation the Core is installed to C:\Program Files\Hyland\Core\ for 32-bit operating systems or C:\Program Files(x86)\Hyland\Core\ 64-bit operating systems.
  6. Unlock your OnBase database.
  7. Perform an IIS reset on the OnBase Application Server.