Professional Documents
Culture Documents
Version 7.3
Installation Guide
The only warranties for Micro Focus products and services are set forth in the express warranty statements accompanying such products
and services. Nothing herein should be construed as constituting an additional warranty. Micro Focus shall not be liable for technical or
editorial errors or omissions contained herein.
Confidential computer software. Valid license from Micro Focus required for possession, use or copying. Consistent with FAR 12.211 and
12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the
U.S. Government under vendor's standard commercial license.
Copyright notice
Trademark notices
Microsoft® and Windows® are U.S. registered trademarks of Microsoft Corporation.
Red Hat Enterprise Linux is distributed under the GNU General Public License.
Python is licensed by Python Software Foundation (PSF, see http://www.python.org/psf/).
Boost C++ Libraries are distributed under the Boost Software License, Version 1.0.
SQLite is licensed by Hwaci.
Libxml2 and Libcurl are distributed under the MIT License through the Open Source Initiative OSI.
Struts and Apache Jakarta ORO are distributed under the Apache Software License, Version 1.1.
log4cxx, Castor, Jetty, MyFaces, Tomahawk, Xerces, Jasper, JSP Standard Tag Library, Apache log4j, Tomcat, Axis Web Services Framework, xalan and Apache Jakarta Commons are
licensed under the Apache License Version 2.0.
libiconv, GNU Privacy Guard, and TinyMCE are distributed under the GNU Lesser General Public License, Version 2.0.
GNU Multiple Precision Arithmetic Library (GMP) is distributed under the GNU Lesser General Public License, Version 3, and is available at http://www.gmplib.org/.
CentOS and GNU libstdc and libgcc are distributed under the GNU General Public License, Version 2.0.
zlib is licensed by Jean-loup Gailly and Mark Adler.
Windows Template Library (WTL), the Windows Installer XML (WiX), and HTML Parser are distributed under the Common Public License Version 1.0 through the Open Source
Initiative OSI.
spc_email_isvalid function is licensed through the Secure Programming Cookbook for C and C++.
Gecko SDX also known as XULRunner SDK and Mozilla NSS are licensed under the Mozilla Public License 1.0.
JavaService and Yahoo UI Library are distributed under Berkeley Software Distribution (BSD) through the Open Source Initiative OSI.
Django Web Application Framework is licensed by the Django Software Foundation and individual contributors.
FreeMarker is licensed by the Visigoth Software Society.
Bouncy Castle JCE Provider is licensed by the Legion Of The Bouncy Castle (http://www.bouncycastle.org).
JavaBean Activation Framework, JavaMail, and Java Runtime Environment (JRE) are licensed under the Sun Microsystems, Inc. Binary Code License Agreement.
Simple Logging Facade for Java (SLF4J) is distributed under the X License or the X11 License, which is a simple, permissive non-copyleft free software license.
Prototype JavaScript Framework is distributed under the X License or the X11 License, which is a simple, permissive non-copyleft free software license.
Scriptaculous is distributed under an open source license by Thomas Fuchs.
Open SSL is licensed by the OpenSSL Project.
cx_Oracle is licensed by Anthony Tuininga and Computronix (Canada) LTD.
pysqlite is distributed as a public domain project created by D. Richard Hipp.
lighttpd distributed under an open source license by Jan Kneschke.
FastCGI is distributed under an open source license by Open Market, Inc.
BIRT is licensed by Eclipse Public License, Version 1.0.
Jersey and JSR311 are licensed under Common Development and Distribution License (CDDL) Version 1.1.
ASM is licensed by INRIA, France Telecom.
Some Voltage products include software developed by the Visigoth Software Society (http://www.visigoths.org/).
Crypt::X509 is licensed by Mike Jackson (mj@sci.fi). Copyright 2001-2002 Norbert Klasen, DAASI Int’l GmbH under Artistic License.
Convert::ASN1 is licensed by Graham Barr (gbarr@cpan.org) under Artistic License.
Digest::SHA::PurePerl is licensed by Mark Shelor under Artistic License.
VOMS::Lite::PEMHelper is licensed by Mike Jones (mike.jones@manchester.ac.uk) under Artistic License.
Contents
iii CONFIDENTIAL
Installing the Management Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3
Installing the Voltage SecureMail Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4
Starting the Voltage SecureMail Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-7
Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-8
Chapter 4 Understanding the Management Console. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1
Logging into the Management Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1
Restricting Management Console Remote Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2
Chapter 5 Upgrading from a Previous Version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1
Upgrading SecureMail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3
Back Up Your Voltage SecureMail Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3
Upgrade MariaDB (Windows) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5
Upgrade the Management Console Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-6
Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-6
Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-6
Upgrade the Voltage SecureMail Server Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-7
Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-7
Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-7
Restoring Your System From a Backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-8
Verify the Active Directory Domain Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-9
Update All Clusters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-9
Upgrading a Linux Appliance with the Upgrade Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-11
Chapter 6 Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1
Voltage SecureMail Services Do Not Start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1
Management Console Does Not Display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-2
Tuning JVM Memory on Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-2
Client to Server Communication Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-3
CONFIDENTIAL iv
1 Planning a Voltage SecureMail Deployment
Voltage SecureMail offers a variety of deployment options to satisfy your secure
communication requirements. You can deploy a system that does not use any client software or
you can deploy a secure end-to-end channel that extends all the way to each user’s desktop.
• In a clientless solution, users send outbound mail as usual. The Voltage SecureMail
Gateway automatically encrypts messages based on a policy that you specify. Recipients
receive encrypted messages in their inbox. Each message includes instructions for
posting the message to a secure website, where the recipient authenticates his or her
identity and reads the secure messages. External users can go to the same website to
reply securely. The Gateway can decrypt the replies bound for the internal users, so they
do not need to install a client.
• In an end-to-end solution, users in your organization can send and receive secure
messages using their desktop email tool or mobile email apps. Messages can be
automatically encrypted based on a policy that you specify, or users can specifically
choose to send a message securely using the Voltage SecureMail Encryption Client.
They can read their secure messages in the same way as they read any message.
Recipients outside your organization use the secure website that is available for the
clientless solution to read messages sent securely from within your organization.
In all cases, the identity of recipients is authenticated before they can read secure messages.
You can configure one or more authentication methods using a web-based console.
1-1 CONFIDENTIAL
Voltage SecureMail Server Installation Guide Version 7.3
2. The mail server routes the message through the Voltage SecureMail Server/Gateway.
3. The Gateway checks the message header and, depending on the security policy,
encrypts the message before sending it on to the recipient.
4. The recipient clicks a link, and is connected to the Voltage SecureMail Server for identity
authentication.
1-2 CONFIDENTIAL
Voltage SecureMail Server Installation Guide Version 7.3
Figure 1-2 shows a simplified example of an end-to-end solution. Using the Voltage SecureMail
Encryption Client a message is sent securely to an external recipient from inside your
organization.
1. The user sends a secure message to an external recipient using the Voltage SecureMail
Encryption Client.
3. The recipient opens the message, which provides a link to a web page served by the
Voltage SecureMail Server. This web page authenticates the identity of the recipient,
and then decrypts the message.
The Voltage SecureMail software provides all of the services needed for generating keys used
for encryption and decryption, configuring identity authentication methods, setting up
automatic policy-based message encryption, and managing a secure website used for sending
and reading encrypted messages.
1-3 CONFIDENTIAL
Voltage SecureMail Server Installation Guide Version 7.3 Voltage SecureMail Components
• Voltage SecureMail Server: You can install one or more Voltage SecureMail Servers on
Linux-compatible hardware or on Windows servers. The Server includes the following
services:
• IBE Key Management Service: Manages the authentication methods used to verify
the identity of email senders and recipients, and generates private keys for
authenticated users.
• ZDM Service: Controls the Zero Download Messenger, which serves web pages that
allow users to read and compose secure messages without downloading any
Voltage SecureMail software.
1-4 CONFIDENTIAL
Voltage SecureMail Server Installation Guide Version 7.3 Understanding the Software Installation Process
Figure 1-3 Overview of the Voltage SecureMail Components and Message Flow
This diagram shows the Management Console serving as a central point of control,
communicating with the Voltage SecureMail Server and the Gateway. It also shows the
following example of a message flow in a clientless solution:
4. The recipient opens the message, which provides access to a web page served by the
ZDM service. The IBE service authenticates the identity of the recipient, and then
decrypts the message.
Before you begin, you should have a good understanding of the mail flow for your domain, including
the approximate average and peak volume of messages. This information is important in estimating
the number of machines required. The successful installation of the Voltage SecureMail components
depends on the number of machines and which operating system is running on each machine in
your deployment.
1-5 CONFIDENTIAL
Voltage SecureMail Server Installation Guide Version 7.3 Understanding the Software Installation Process
Linux
On Linux-compatible hardware, you install a single ISO image that contains both Centos 7 and
all Voltage SecureMail components. The ISO image also contains the MariaDB software and the
Mail Transfer Agent (Sendmail). Both of these are automatically installed and configured. The
machine becomes a dedicated Voltage SecureMail Appliance after installation is complete.
Before you start installing the Voltage SecureMail Appliance, make sure that your hardware
meets the following requirements:
• 8 GB RAM
• Ability to load an ISO image containing the operating system, such as a physical or
virtual CD-ROM drive.
• If you are installing on a VM, use a real or virtual CD-ROM or a mounted ISO image.
• All hardware compatible with RedHat Enterprise Linux 7.0 64-bit (see https://
hardware.redhat.com/ for a complete list)
After installation, a setup wizard guides you through the process of configuring each
component, and then you can control each component using the Appliance Menu. If you are
installing the software for the first time on a single Linux-compatible machine, all of the
information you need is in the Voltage SecureMail Quick Start Guide.
1-6 CONFIDENTIAL
Voltage SecureMail Server Installation Guide Version 7.3 Understanding the Software Installation Process
Windows
You must be logged in as a member of the administrators group in order to install the software.
On a Windows server, you install each component from its own executable file. You must also
download and install the MariaDB software. After the components are installed, you control
them from the Services window of the Windows Administrative Tools.
Installing and configuring the software on a Windows server typically takes about 40 minutes.
You must install the software on one of the following versions of the Windows Server:
• 2 GHz CPU
• 2 GB RAM
• 30 GB disk space
In addition to the Voltage SecureMail software, you must also install MariaDB version 10.2.12. A
64-bit version is available for installation on Windows Server 2008, 2012, 2016 or 2019.
If you are planning to use Microsoft Exchange with Active Directory, Voltage SecureMail Server
supports Microsoft Exchange 2010 SP2, Exchange 2013, Exchange 2016 and Exchange
2019.
1-7 CONFIDENTIAL
Voltage SecureMail Server Installation Guide Version 7.3 Deployment Options
Deployment Options
In planning your deployment, use the following guidelines to determine how many machines of
each type you need:
• If you want to use the Gateway you must install Voltage SecureMail Server on at least
one Linux appliance.
• If you expect a large amount of mail traffic to be read using the ZDM Service, you should
install multiple Appliances on Linux.
• If you want to use Windows to authenticate the identity of senders or recipients, you
must install at least one Voltage SecureMail Server on Windows.
If you want to use Active Directory user authentication and you will use a Linux or mobile IBE
server, you must have at least one Trusted LDAP Server Certificate imported. If you do not,
then the Active Directory user authentication method will only be enabled on Windows for non-
Mobile requests. On a Linux or mobile IBE server, all user email addresses are processed as
1-8 CONFIDENTIAL
Voltage SecureMail Server Installation Guide Version 7.3 Deployment Options
non-matches by the Active Directory user authentication method and fall through to the next
method in the User Authentication table unless a valid Trusted LDAP Server Certificate is
specified. For more information on configuring an Active Directory user authentication method
and importing Trusted LDAP Server Certificates, see the Voltage SecureMail Management
Console Administrator Guide.
Figure 1-1 on page 1-2 shows the path of a message that is encrypted at the Gateway. If you
are planning this type of deployment, see the Voltage SecureMail Quick Start Guide.
• Install both the Management Console and the Voltage SecureMail Server software on a
Windows server, which resides in your internal network.
• Install the Voltage SecureMail Server software (which includes the Gateway) on Linux-
compatible hardware.
Figure 1-4 shows the path of a message in which an external recipient replies to a secure
message sent by an internal sender. The external user accesses the original message through
the ZDM, and the reply is also sent securely. The internal user (who originated the message) is
authenticated using Active Directory.
1-9 CONFIDENTIAL
Voltage SecureMail Server Installation Guide Version 7.3 Deployment Options
Figure 1-4 Deployment with One Linux Server and One Windows Server
1. The external user logs into the ZDM (hosted on the Voltage SecureMail Server) to read
and reply to a secure message.
2. The ZDM encrypts the reply and delivers it to the internal mail server.
4. The client requests a key when the internal user opens the message.
5. The server communicates with the Active Directory system to authenticate the user.
The recipient can now read the decrypted message on the machine on which the client is
installed.
1-10 CONFIDENTIAL
Voltage SecureMail Server Installation Guide Version 7.3 Deployment Options
If you are planning this type of deployment, see Chapter 2, “Installing Voltage SecureMail
Server on Linux” for instructions on installing the Gateway and the Voltage SecureMail Server
software on Linux. See Chapter 3, “Installing Voltage SecureMail Server on Windows” for
instructions on installing the Voltage SecureMail Server and the Management Console on
Windows.
NOTE: When installing the Voltage SecureMail Software on Linux, be sure to choose
Distributed as the deployment type and Front-End Services as the Appliance role. See “The
Deployment Model Page” on page 2-5 and “The Appliance Role Page” on page 2-5 for
details.
Figure 1-5 Deployment with Multiple Linux Servers and One Windows Server
1-11 CONFIDENTIAL
Voltage SecureMail Server Installation Guide Version 7.3 Deployment Options
In this diagram, an external recipient replies to a secure message sent by an internal sender.
The external user accesses the original message through the ZDM, after being directed by the
load balancer to one of the servers that hosts the ZDM. As before, the internal user (who
originated the message) is authenticated using Active Directory.
1. The external user browses to the ZDM page, and is directed to the load balancer.
2. The load balancer directs the user to one of the machines that is hosting the ZDM,
where the user can read and reply to a secure message.
3. The ZDM encrypts the reply and delivers it to the internal mail server.
5. The client requests a key when the internal user opens the message.
6. The server communicates with the Active Directory system to authenticate the user.
The recipient can now read the decrypted message on the machine on which the client is
installed.
If you are planning this type of deployment, see Chapter 2, “Installing Voltage SecureMail
Server on Linux” and Chapter 3, “Installing Voltage SecureMail Server on Windows” for
instructions.
NOTE: When installing the Voltage SecureMail Software on Linux, be sure to choose
Distributed as the deployment type and Front-End Services as the Appliance role. See “The
Deployment Model Page” on page 2-5 and “The Appliance Role Page” on page 2-5 for
details.
1-12 CONFIDENTIAL
Voltage SecureMail Server Installation Guide Version 7.3 Deployment Options
If you are planning this type of deployment, see Chapter 2, “Installing Voltage SecureMail
Server on Linux” for instructions on installing the Voltage SecureMail Server on Linux. See
Chapter 3, “Installing Voltage SecureMail Server on Windows” for instructions on installing the
Voltage SecureMail Server and the Management Console on separate Windows machines.
NOTE: When installing the Voltage SecureMail Software on Linux, be sure to choose
Distributed as the deployment type and Front-End Services as the Appliance role. See “The
Deployment Model Page” on page 2-5 and “The Appliance Role Page” on page 2-5 for
details.
1-13 CONFIDENTIAL
Voltage SecureMail Server Installation Guide Version 7.3 Network Configuration Settings
IP Address Requirements
The IP address requirements depend on the configuration of your installation. In the Setup
Wizard for Linux, you can choose to configure the Appliance as a stand-alone Appliance or as a
distributed Appliance that is part of a cluster. If you are using Windows, your deployment is
likely to be distributed, since the Gateway can only be installed on Linux.
If you are configuring a machine to run the Management Console component, you need only
one IP address. If you are configuring a machine to run the Voltage SecureMail Server
component, you need at least two IP addresses: one IP address for the Management Console to
use for communicating with the Voltage SecureMail Servers and one for the Voltage SecureMail
Servers to host the Public Parameters. If you want to use a more readable name as the user-
facing host name, you need a third IP address for this. Finally, if you configure multiple clusters,
it is possible that you need a separate IP address for inter-cluster communication.
1-14 CONFIDENTIAL
Voltage SecureMail Server Installation Guide Version 7.3 Network Configuration Settings
• Port 443 to anywhere for public parameter retrieval / Multi-cluster ZDM Proxy
Enable the following ports for communication from the Internet to the Voltage SecureMail
Servers:
Enable the following port for communication between multiple Voltage SecureMail Servers:
• Port 3306 for MariaDB database access, including data replication (optional)
To connect to a Windows server remotely, use port 3389 for Remote Desktop.
1-15 CONFIDENTIAL
Voltage SecureMail Server Installation Guide Version 7.3 Upgrading Voltage SecureMail Server
For Windows-based servers, you can upgrade to Version 7.3 from Version 6.0 or later. For
Linux-based servers with Voltage SecureMail versions prior to 6.3, you must first upgrade to
version 6.3.x before restoring a backup on a new install of version 7.0. See Chapter 5,
“Upgrading from a Previous Version” for details. If you are upgrading from a version prior to 6.0,
contact Micro Focus Voltage Support for assistance.
Additional Documentation
1-16 CONFIDENTIAL
2 Installing Voltage SecureMail Server on
Linux
This chapter describes how to install Version 7.3 of the Voltage SecureMail software on Linux-
compatible hardware. Installation creates a dedicated Voltage SecureMail Appliance that can
be configured to serve as one or more of the following components:
If you are deploying a multiple server configuration, install the Voltage SecureMail ISO on each
Linux-compatible machine. If your deployment includes Windows servers, see Chapter 3,
“Installing Voltage SecureMail Server on Windows” for instructions.
CAUTION: Installing the Voltage SecureMail Appliance from disk reformats the hard drive of
the machine on which you install. This deletes all data and the operating system. There is no
way to recover deleted data or software once the installation begins.
Before installing the Voltage SecureMail software, make sure that the hardware time is set
correctly on the machine. An incorrect hardware time can cause Sendmail errors on the server.
Set the correct time from the BIOS.
1. Insert the a CD with the Voltage SecureMail ISO into the CD-ROM drive and boot up the
system.
When the installation is complete, the system automatically reboots and starts the
services. Numerous system startup messages are displayed, and the licensing
agreement displays.
3. To accept the licensing agreement and continue, ensure that I Agree is highlighted, and
then press Enter.
2-1 CONFIDENTIAL
Voltage SecureMail Server Installation Guide Version 7.3 Configuring the Software
When the installation process completes, the machine is configured as a Voltage SecureMail
Appliance. The next step is to configure the Appliance settings using the Setup Wizard, as
described in the following section.
After you install the Voltage SecureMail Appliance and accept the licensing agreement, the
Setup Wizard displays. The Setup Wizard takes you through the steps to configure your basic
network settings and to enable access to the Management Console. The first steps allow you to
select a timezone and change the passwords for the admin and root users.
2. Use the ARROW keys to move up or down the list of time zones. Highlight the correct
timezone to select it.
3. Press the TAB key to move to the Next button at the bottom of the screen. Leave the
System Clock Uses UTC field blank unless you set system clock time in the BIOS to
UTC.
4. Press Enter.
5. On the ‘admin’ Password line, type a new password for the admin user and then press
the Tab key.
Passwords must be at least eight characters in length and include at least one number.
Your passwords serve as a security check to protect your Voltage SecureMail Appliance.
Therefore, it is important to choose passwords that are not easily guessed.
The password you enter is checked against a system dictionary and a set of rules for
identifying poor choices. It is recommended that you choose a password that is at least
eight characters long and a mixture of upper and lower case letters, and numbers.
6. On the Confirm Password line, type the admin password again to confirm it.
8. On the ‘root’ Password line, type a new password for the root user and then press the
Tab key.
9. On the Confirm Password line, type the root password again to confirm it.
10. Press the Tab key to highlight Next and then press Enter.
2-2 CONFIDENTIAL
Voltage SecureMail Server Installation Guide Version 7.3 Configuring the Software
1. Enter the IP address associated with the hostname for this machine, and then press the
Tab key.
NOTE: If you are configuring this Appliance as a stand-alone Management Console of
a distributed environment, or as a stand-alone Appliance that includes both the
Management Console and Voltage SecureMail Server software on a single machine,
you only need to enter one IP address. If you are configuring this Appliance as a
Voltage SecureMail Server managed by a separate Management Console, you need
to enter two IP addresses.
2. Enter a second IP address if you are using more than one IP address, and then press the
Tab key.
3. Enter the Netmask address, and then press the Tab key.
4. Enter the Default Router IP address and then press the Tab key.
i. Verify that a certificate for using LDAP over TLS is available on your Active
Directory Server.
2-3 CONFIDENTIAL
Voltage SecureMail Server Installation Guide Version 7.3 Configuring the Software
This certificate is used for authentication between the Active Directory Server
and the Management Console. If your Active Directory Server does not already
have this type of certificate installed, see the Microsoft Knowledge base article at
http://support.microsoft.com/kb/321051 or the Active Directory Certificate
Services Step-by-Step Guide (http://go.microsoft.com/?linkid=9645085) for
instructions.
ii. Type the IP address of the DNS server that contains the Active Directory server
locator records (NS record of the AD domain) in the Primary Nameserver IP
field, and then press the TAB key.
3. Type the IP address of your Primary Nameserver, and then press the TAB key.
4. If you are using a Secondary Name Server, type the IP address for the Secondary
Nameserver, and then press the TAB key. If you are only using one Nameserver, press
the TAB key to bypass the line.
A list of the settings that you entered is displayed at the top of the Summary page.
Review the entries to ensure that they are correct. If anything is incorrect, return to the
appropriate page to fix it.
6. When you are sure that the entries are correct, make sure that Next is highlighted, press
ENTER.
A progress bar displays briefly, and then the Enter Account Information for Upgrades page
displays.
If the appliance has Internet access, it can access the upgrade repository if you supply the
correct authentication credentials.
To configure the authentication credentials that enable access to the upgrade repository, enter
the Account and Password information supplied by Micro Focus Voltage Support, then use the
Tab key to highlight Next and press Enter.
2-4 CONFIDENTIAL
Voltage SecureMail Server Installation Guide Version 7.3 Configuring the Software
1. Use the ARROW keys to select the type of deployment that you are configuring. Select
one of the following:
• Distributed: Your deployment consists of more than one appliance. When you select
a distributed deployment, you can choose to configure the Appliance to run the
Management Console, or to run the Voltage SecureMail Server. For more
information, see “The Appliance Role Page” on page 2-5.
2. Press the Tab key to highlight Next and then press Enter.
If you chose to configure the Appliance for a stand-alone deployment, the Management
Console Password page displays. Skip the next section and continue with the
instructions in“The Management Console Password Page” on page 2-6.
If you chose to configure the Appliance for a distributed configuration, the Appliance
Role page displays. Continue with the instructions in the following section, “The
Appliance Role Page”.
• Voltage SecureMail Server: This configures the Appliance to run as a server that
includes IBE Key Management services, ZDM services, and Gateway services.
2. Use the Tab key to highlight Next and then press Enter.
2-5 CONFIDENTIAL
Voltage SecureMail Server Installation Guide Version 7.3 Configuring the Software
If you chose Voltage SecureMail Server, the wizard configures the Appliance as a
distributed deployment and the Administrative IP Address page displays. See the
following section, “The Administrative IP Address Page” for instructions.
1. Use the Arrow keys to select the IP address that you want the Management Console to
use to contact the Appliance.
2. Press the Tab key until Next is highlighted and then press Enter.
The Done page displays a message that you have successfully configured the
Appliance. The Host Registration IP and Registration Key are displayed. Write these
down.
Since you did not configure a Management Console machine, the Management
Console Password Page is not displayed. Skip the following section and continue with
“Using the Voltage SecureMail Appliance Menu” on page 2-7.
1. On the ‘admin’ Password line, type a new password for the Management Console admin
user and then press the Tab key.
Passwords must be at least eight characters in length and include at least one number.
Your passwords serve as a security check to protect your Voltage SecureMail Appliance.
Therefore, it is important to choose passwords that are not easily guessed.
2. On the Confirm Password line, type the Management Console admin password again to
confirm it.
2-6 CONFIDENTIAL
Voltage SecureMail Server Installation Guide Version 7.3 Understanding the Voltage SecureMail Appliance Menu
The wizard configures the firewall. The Done window displays a message that you have
successfully configured the Voltage SecureMail Appliance and the URL that you can use
to log into the Management Console.
4. Write down the URL and press Enter to exit the wizard.
The next step is to log into the Management Console. For instructions, see Chapter 4,
“Understanding the Management Console”.
When you complete the Configuration Wizard, the Voltage SecureMail Appliance Menu
displays. Use this menu to configure, shut down or reboot the Appliance.
Use the admin username to perform all administrator functions on the Appliance. If you log in
with the root user name, the shell prompt displays instead of the Appliance Menu. Use the root
username only if you are troubleshooting with the help of a Micro Focus Voltage
representative. Treat both the admin and root passwords with the highest level of security.
1. Use the up or down arrow to highlight the menu option that you want to select.
or
Type the letter for the menu option that you want to select.
2. Press Enter.
or
You can also perform the following actions using function keys:
• From a secondary menu, Press F12 to return to the Main Menu or to return to the
previous menu.
2-7 CONFIDENTIAL
Voltage SecureMail Server Installation Guide Version 7.3 Understanding the Voltage SecureMail Appliance Menu
• Press F8 to exit the Appliance Menu and log out of the server.
For additional information about using the Voltage SecureMail Appliance menu, see the
Voltage SecureMail Appliance Administrator Guide.
2-8 CONFIDENTIAL
3 Installing Voltage SecureMail Server on
Windows
This chapter describes how to install the following Voltage SecureMail components on a
Windows server:
• Voltage SecureMail Server consists of the IBE Key Management Service, MariaDB, and
ZDM Service.
• Voltage SecureMail Management Console allows you to configure and administer your
system. This component stores configuration, logging and runtime information in a
MariaDB database
NOTE: The Voltage SecureMail Gateway in not supported on a Windows machine.
You must install it as a component of a Linux Appliance. See “Installing Voltage
SecureMail Server on Linux” on page 2-1for details.
See “Voltage SecureMail Components” on page 1-4 for more information about these
components.
You must be logged in as a member of the administrators group in order to install the software.
You can install both components on the same server or you can install each component on a
separate server. You can also create a cluster that includes multiple Voltage SecureMail Servers,
which can be used for load-balancing purposes. A cluster is a logically grouped set of hosts that
run the Voltage SecureMail Server services. Clusters also contain resources such as email
servers that are shared by the hosts within a cluster.
You must install the MariaDB software before you install these components on a Windows
server. The following MariaDB file is available at the same location as the Voltage SecureMail
software:
You must install the MariaDB 10.2.12 software on each server that runs the Voltage SecureMail
Server software or the Management Console software. These servers must not be running the
MySQL database software.
1. Double-click the following file to start the Setup Wizard for the MariaDB software:
3-1 CONFIDENTIAL
Voltage SecureMail Server Installation Guide Version 7.3 Installing the MariaDB Database Software
These files are available at the same location as the Voltage SecureMail software.
3. Accept the license agreement by clicking the acceptance check box, then click Next.
4. On the Custom Setup screen, click Next to accept the default settings.
5. On the Default instance property screen you have the option to set the root password.
If you want to set the root password now, enter and confirm it. Make note of the
password as you will need it when you install the Micro Focus Voltage software.
Otherwise, uncheck Modify password for database user ‘root’. You will have the option
to set the root password when you install the Voltage SecureMail software.
6. Check Use UTF8 as default server's character set and leave Create an anonymous
account unchecked, then click Next.
7. On the Default instance property screen, click Next to accept the default settings.
8. Choose whether to select the Enable the Feedback plugin and submit anonymous
usage information check box, then click Next.
11. Open the my.ini file in a text editor. The file is in the following location:
12. Add the following lines under [mysqld] in the my.ini file:
max_allowed_packet=100M
innodb_file_per_table
innodb_data_file_path=ibdata1:10M:autoextend:max:20G
15. Right-click the MySQL (MariaDB database server) service and choose Properties.
CAUTION: Do not change the name of the service. The Voltage SecureMail software
will not work correctly unless the service name is MySQL.
16. Click the Log On tab and choose Local System Account, then click OK.
A message indicates that you must restart the service for the change to take effect.
3-2 CONFIDENTIAL
Voltage SecureMail Server Installation Guide Version 7.3 Installing the Management Console
17. Right-click the MySQL (MariaDB database server) service and click Restart.
1. From the Windows Start menu, navigate to All Programs > MariaDB 10.2 > MySQL
Client (MariaDB 10.2).
mysql -u root.
3. Enter the root password if you have set one, or press Enter if no password is set.
Information about the MariaDB displays, followed by the MariaDB command prompt.
show databases;
The database information displays, which indicates that the MariaDB installation is complete,
and you can proceed to the following sections for instructions on installing the Voltage
SecureMail software.
The services that run on the Management Console are the Voltage SecureMail Management
Data Service and the Voltage SecureMail Management Server. Install the Management Console
on a single Windows server that you want to use to configure and administer the Voltage
SecureMail Servers.
3. In the License Agreement page, review the license and click I Agree to accept the
terms of the license agreement.
4. The User Settings page prompts you for the current MariaDB root password and allows
you to change the password.
3-3 CONFIDENTIAL
Voltage SecureMail Server Installation Guide Version 7.3 Installing the Voltage SecureMail Server
• Enter the current password if set. If you do not want to change the password, click
Next.
• If you did not set a password during the installation of MariaDB and do not want to
set a root password, leave all fields blank and click Next. You will be prompted to
confirm the action.
• To change or set a password, enter current password if set, select Modify root
password, enter new password, and confirm. Click Next.
NOTE: The password cannot include special characters. If the password includes
invalid characters, you are prompted to enter a different password.
If you leave the New password and Confirm password fields blank, you will remove
the current password. You will be prompted to confirm the action.
• In the Destination Folder field, enter the directory location where you would like the
server installed and then click Install.
The Management Console installation is complete, and you can proceed to the next section to
install the Voltage SecureMail Server.
The service that runs on a Voltage SecureMail Server is the Voltage SecureMail Server IBE
Server service. If you have a multiple-server configuration, install the Voltage SecureMail Server
on all of the hosts in your cluster.
NOTE: If you are installing a standalone Management Console on a Windows server, proceed
to the instructions in “Starting the Voltage SecureMail Services” on page 3-7 for that server
only.
1. In the Windows Services window, stop and disable the Internet Information Server (IIS).
NOTE: IIS and the Voltage SecureMail server software cannot run simultaneously on
the same machine. Do not restart IIS while the Voltage SecureMail server software is
running. Make sure that the IIS service is disabled so that it does not start
automatically when the server is rebooted. This also stops WWW Publishing service
and the SMTP service.
3-4 CONFIDENTIAL
Voltage SecureMail Server Installation Guide Version 7.3 Installing the Voltage SecureMail Server
4. In the License Agreement page, review the license and click I Agree to accept the
terms of the license agreement.
5. The User Settings page prompts you for the current MariaDB root password and allows
you to change the password.
• Enter the current password if set. If you do not want to change the password, click
Next.
• If you did not set a password during the installation of MariaDB and do not want to
set a root password, leave all fields blank and click Next. You will be prompted to
confirm the action.
• To change or set a password, enter current password if set, select Modify root
password, enter new password, and confirm. Click Next.
NOTE: The password cannot include special characters. If the password includes
invalid characters, you are prompted to enter a different password.
If you leave the New password and Confirm password fields blank, you will remove
the current password. You will be prompted to confirm the action.
• In the Destination Folder field, enter the directory location where you would like the
server installed and then click Install.
• If this is a new installation and you are not upgrading from a previous version, verify
that the Create registration password (new installs only) check box is selected,
and then click Finish.
• If you are upgrading from a previous version, verify that the Create registration
password (new installs only) check box is cleared, and then click Finish.
3-5 CONFIDENTIAL
Voltage SecureMail Server Installation Guide Version 7.3 Installing the Voltage SecureMail Server
8. If one or more Voltage SecureMail Servers are on a different machine than the
Management Console, you must edit the server.conf file on the machines running
Voltage SecureMail Servers. This step is required to enable communication with the
Management Console.
NOTE: You do not need to perform this step if the Management Console and the
Voltage SecureMail Server are running on the same machine.
1. On each machine hosting a Voltage SecureMail Server, open the server.conf file using
Notepad or another text editor. The file is in one of the following locations, depending
on your server:
— 32-bit OS:
C:\Program Files\Voltage Security\Voltage IBE Server\etc\server.conf
— 64-bit OS:
C:\Program Files (x86)\Voltage Security\Voltage IBE Server\etc\server.conf
Note that these are the default installation paths. If you entered a different location in
the Destination Folder field in Step 6, use that location.
Where <IP Address> is an IP address on the Voltage SecureMail Server machine that
communicates with the Management Console. The Data Service and Management
Console will make requests to the SecureMail Server using this IP address. This can be
any IP on the machine, other than the one used for the public parameters (voltage-pp-
0000.<domain>). See “IP Address Requirements” on page 1-14 for additional
information about IP address requirements.
The Voltage SecureMail Server installation is complete, and you can proceed to the following
section for instructions on how to start the Voltage SecureMail services.
3-6 CONFIDENTIAL
Voltage SecureMail Server Installation Guide Version 7.3 Starting the Voltage SecureMail Services
The Voltage SecureMail IBE Server, Voltage SecureMail Management Server and Voltage
SecureMail Management Data Service all run as services on your Windows servers. These
services are set to automatically start when the system is rebooted. You can also start the
services manually. After the services are started, you can configure the system using the
Management Console.
NOTE: The MySQL (MariaDB database server) service, which starts automatically when it is
installed, must be running before any of the Voltage SecureMail services can start. Stopping
this service stops all Voltage SecureMail servers, which must be restarted manually.
To start the Voltage SecureMail IBE Server service on the host machines:
1. From the Windows Start menu, go to Control Panel> Administrative Tools> Services.
2. Right-click Voltage IBE Server and select Start from the menu.
To start the Voltage SecureMail Management Data Service and the Voltage SecureMail
Management Server service on the machine hosting the Management Console:
1. From the Windows Start menu, go to Control Panel> Administrative Tools> Services.
2. Right-click Voltage Management Server and choose Start from the menu.
3. Right-click Voltage Management Data Service and choose Start from the menu.
b. Navigate to the \etc\mysql directory of the install location you used in “Installing the
Management Console” on page 3-3. The default locations are:
— 32-bit OS:
C:\Program Files\Voltage Security\Voltage IBE Server\etc\server.conf
— 64-bit OS:
C:\Program Files (x86)\Voltage Security\Voltage IBE Server\etc\server.conf
d. At the prompt that asks for the current password, enter the password, or if a
password has never been set, press Enter.
e. At the next prompt, enter the new password and a confirmation of that new
password.
3-7 CONFIDENTIAL
Voltage SecureMail Server Installation Guide Version 7.3 Troubleshooting
After the Voltage SecureMail services are all started, you can log into the Management Console
by opening a browser and going to the following location:
http://localhost:8080/console
NOTE: The Management Console might not be available immediately after starting the
Voltage SecureMail services. If you cannot access it, try again a few minutes later.
If you installed the Voltage SecureMail Server and the Management Console on the same
machine, the Voltage SecureMail Setup Assistant begins.
Troubleshooting
You might experience errors or failures if you did not install the MariaDB software exactly as
specified in “Installing the MariaDB Database Software” on page 3-1.
3-8 CONFIDENTIAL
4 Understanding the Management Console
You configure the Voltage SecureMail Server and the Gateway using the Management Console
graphical interface, which runs in a web browser. Because the Voltage SecureMail Appliance
does not have a web browser installed, you must connect from a separate machine that has a
web browser installed.
The first time you log into the Management Console, you are directed through a setup wizard.
After finishing the wizard, you can configure the settings to allow access to the Management
Console from only the machines that you specify. By default, access to the Management
Console is allowed on all machines.
This is the URL that you wrote down in step four of “The Management Console
Password Page” on page 2-6.
If you have not set up a DNS entry for the IP address yet, you can use the IP address.
Use the first IP address that you entered on the IP Addresses and Gateway page
described in, “The IP Addresses and Gateway Page” on page 2-3. Use the following
format:
https://<IP address>:8443/console
2. Log in using the admin username and the password that you entered in “The
Management Console Password Page” on page 2-6.
3. Complete the on-screen directions in the Setup assistant. Your Voltage SecureMail
Server is now configured. Optionally, continue with “Restricting Management Console
Remote Access” on page 4-1.
4-1 CONFIDENTIAL
Voltage SecureMail Server Installation Guide Version 7.3
The Remote Access IP Networks field displays the list of IP networks that have been
given access to the Management Console.
• To allow everyone:
IP Address: 127.0.0.1
Netmask: 0.0.0.0
5. On the machine for which you allowed access, open a browser and enter one of the
following URLs using the DNS name or the IP address to access the Management
Console:
https://<DNS name>:8443/console
or
https://<IPaddress>:8443/console
Log into the Management Console and follow the steps in the setup assistant.
For additional information about the Management Console, see the Voltage SecureMail
Appliance Administrator Guide.
4-2 CONFIDENTIAL
5 Upgrading from a Previous Version
For Windows-based servers, you can upgrade to Version 7.3 from Version 6.0 or later. For
Linux-based servers with Voltage SecureMail versions prior to 6.3, you must first upgrade to
version 6.3.x before restoring a backup on a new install of Version 7.3.
Use the checklist in Table 5-1 to make sure that you perform all of the required upgrade tasks
for each server, starting with the version you are currently running and continuing through
each version until you install Version 7.3. If you are upgrading from a version below 6.0, contact
Micro Focus Voltage Support for instructions.
5-1 CONFIDENTIAL
Voltage SecureMail Server Installation Guide Version 7.3
5-2 CONFIDENTIAL
Voltage SecureMail Server Installation Guide Version 7.3 Upgrading SecureMail
Upgrading SecureMail
Follow these steps to upgrade to Version 7.3 of the Voltage SecureMail Server:
2. Upgrade the MariaDB version if needed. See “Upgrade MariaDB (Windows)” on page 5-
5 for instructions.
3. Upgrade the Management Console software. See “Upgrade the Management Console
Software” on page 5-6 for instructions.
4. Upgrade the Voltage SecureMail Server software. See “Upgrade the Voltage SecureMail
Server Software” on page 5-7 for instructions.
5. If you are using Mobile Edition and Active Directory, log into the Management Console
and verify the server domain is specified, and not the server name. See “Verify the Active
Directory Domain Name” on page 5-9 for instructions.
6. Log into the Management Console and update all clusters. See “Update All Clusters” on
page 5-10 for instructions.
7. (Optional) If the hosts in your configuration are located in the same geographical region
but assigned to different clusters, move them to a single cluster. This step simplifies the
configuration while retaining the redundancy that was previously available only in a
multi-cluster configuration. See “Update All Clusters” on page 5-10 for instructions.
5-3 CONFIDENTIAL
Voltage SecureMail Server Installation Guide Version 7.3 Upgrading SecureMail
8. Back up your configuration, using the same procedure you used in Step 1.
CAUTION: After you install the update, you will not be able to restore backups
created from earlier versions. Be sure you make a backup right after you complete
the upgrade.
3. Click the Administration tab, and then click the Backup & Restore tab.
The export password must be at least 8 characters and contain both a letter and a
number.
8. Click Backup.
A message indicating that the backup file was successfully created is displayed.
10. Select Identity Data Backup from the Backup Type list.
5-4 CONFIDENTIAL
Voltage SecureMail Server Installation Guide Version 7.3 Upgrading SecureMail
12. Select the check box at the top left corner of the table to select all tenants, and then click
Select.
The export password must be at least 8 characters and contain both a letter and a
number.
A message indicating that the backup file was successfully created is displayed.
17. Restart the Voltage SecureMail Data Service (from either the Windows Services panel
or the Appliance menu).
a. From the Windows Start menu, navigate to Control Panel> Administrative Tools>
Services.
b. Right-click Voltage Management Data Service and choose Stop from the menu.
c. Right-click Voltage Management Server and choose Stop from the menu.
d. Right-click Voltage IBE Server and choose Stop from the menu.
e. Right-click the MySQL service and choose Stop from the menu.
2. Double-click the following file to start the Setup Wizard for the MariaDB software:
This file is available at the same location as the Voltage SecureMail software.
5-5 CONFIDENTIAL
Voltage SecureMail Server Installation Guide Version 7.3 Upgrading SecureMail
6. Navigate to Control Panel > Administrative Tools Group > Services and restart the
MySQL service.
NOTE: Do not change the name of the service. The Voltage SecureMail software will
not work correctly unless the service name is MySQL.
To verify that the upgrade succeeded, open a Windows command prompt as Administrator,
and enter the following command:
mysql -u root
The response provides a welcome to MariaDB message confirming the upgrade was successful.
Windows
The services that run on the Management Console machine are the Voltage SecureMail
Management Data Service and the Voltage SecureMail Management Server. Before you begin
the upgrade, you can delete existing events by running delete_events.bat, located in the
C:\Program Files\Voltage Security\Voltage Management Server\bin directory. See “Backing Up
and Purging Events” in the Voltage SecureMail Management Console Administrator Guide for
details.
3. On the License Agreement page, review the license and click I Agree to accept the
terms of the license agreement.
5-6 CONFIDENTIAL
Voltage SecureMail Server Installation Guide Version 7.3 Upgrading SecureMail
Linux
Before you begin the upgrade, you can delete existing events by running /opt/vsmgmt/bin/
delete_events. See “Backing Up and Purging Events” in the Voltage SecureMail
Management Console Administrator Guide for details.
1. Create a backup of your existing configuration. See “Back Up Your Voltage SecureMail
Configuration” on page 5-4.
NOTE: Only backups from versions 6.3.X and later can be restored to Version 7.3.
If you are restoring from a version prior to 6.3, upgrade to 6.3 and back up your
system.
2. Install Voltage SecureMail 7.1 as described as in “Upgrading a Linux Appliance with the
Upgrade Script” on page 5-11.
3. Restore your system backup as described in “Restoring Your System From a Backup” on
page 5-8.
Windows
To upgrade the Voltage SecureMail Server software on a Windows server:
3. In the License Agreement page, review the license and click I Agree to accept the
terms of the license agreement.
NOTE: The installer may require a reboot if any applications were running from the
installation directory during the install.
Linux
To manually upgrade the Voltage SecureMail Server software on a Linux Appliance:
5-7 CONFIDENTIAL
Voltage SecureMail Server Installation Guide Version 7.3 Upgrading SecureMail
1. Create a backup of your existing configuration. See “Back Up Your Voltage SecureMail
Configuration” on page 5-4.
2. Install Voltage SecureMail 7.1 as described as in “Upgrading a Linux Appliance with the
Upgrade Script” on page 5-11.
3. Restore your system backup as described in “Restoring Your System From a Backup” on
page 5-8.
1. Go to the Administration > Backup and Restore page on the Management Console,
then click Restore from a previous backup. This starts the Restore Wizard.
2. Choose the type of restore that you want to perform from the drop-down list. The type
of restore you select depends on the type of backup you selected when creating the
backup file. In this case, you should be restoring a System Recovery Backup.
• Service Data Backup: Backs up the application state of one or more selected
tenants. The Service Data Backup includes:
— Configuration data for each tenant, such as, the tenant name, domain, brand and
certificates.
— Services configuration for each tenant, such as, ZDM, Client, Gateway and
Enrollment Server configurations.
• Identity Data Backup: Backs up the identity data of one or more selected tenants.
The identity data includes the PKI keys for the Gateway Service and username and
passwords for the Enrollment Service.
• System Recovery Backup: Backs up the entire state of the system including all
tenant, service and system deployment configurations.
3. In the Upload Backup File field, click Browse to navigate to the file.
NOTE: If the file is not accessible from the Management Console machine, move the
file to an accessible location using a tool such as WinSCP. When using WinSCP, the
default port (22) does not work and you must connect on port 10022
4. Enter the password that you entered when you created the backup file in the Password
field.
5. Click Validate Password and Upload. When the file has been successfully uploaded,
the following message is displayed:
5-8 CONFIDENTIAL
Voltage SecureMail Server Installation Guide Version 7.3 Upgrading SecureMail
7. Select the Tenants that you want to restore. If you want to overwrite current tenant
information with the information in the backup file, select Restore Tenant Details.
8. Click Next.
11. Click Finish to confirm the restore options that you selected, or click Back to change
your selections.
12. Click OK to confirm that you want to restore. When the file is successfully restored, you
are returned to the Backup and Restore page where the following message displays:
3. Click the System tab. If there are multiple clusters, click the plus icon (+) next to name of
the cluster in the table, click the plus icon (+) next to Resources, and then click Active
Directory.
4. In the Active Directory Domain text box, verify that the domain displays. If the server
name displays, enter the domain.
5-9 CONFIDENTIAL
Voltage SecureMail Server Installation Guide Version 7.3 Upgrading SecureMail
3. Click the System tab, and then click Update Cluster for any existing cluster.
4. (Optional) If the hosts in your configuration are located in the same geographical region
but assigned to different clusters, and you want to move them to a single cluster, use the
following procedure:
a. Click the host name on the System tab to display the Host Details page.
b. If the host that runs on the same server as the Management Console uses the local
IP address of 127.0.0.1 as the Management IP Address, click that host, then enter a
new IP address. If you want to reuse an IP address, you can specify a port number in
the Management Port field.
This is needed because 127.0.0.1 cannot be the Management IP Address for a host
if there are any other hosts in the same cluster. Note that you do not need to enter a
password on this page because the software reuses the secure connection that is
already established.
d. In the Move Host to Cluster list, select a new cluster for the host, then click Move.
The System tab displays, showing the host assigned to the new cluster.
f. (Optional) If you have removed all of the hosts from a particular cluster, click the
associated Delete link to remove the cluster from the system.
Note that if a cluster no longer has any associated hosts, an error message displays
to let you know that the cluster cannot be updated because it has no hosts.
5-10 CONFIDENTIAL
Voltage SecureMail Server Installation Guide Version 7.3 Upgrading a Linux Appliance with the Upgrade Script
You can use a manual upgrade script to upgrade SecureMail Version 7.0 version to Version 7.1.
Before using upgrade script, you need to execute a helper script. Contact your Micro Focus
Voltage Customer Representative to receive the script.
IMPORTANT: You cannot use an upgrade script to upgrade to version 7.0 and later. Version
7.0 and later requires a fresh install and system restore from your previous 6.X version.
To use the upgrade script to upgrade to Version: You must be upgrading from Version:
6.1 6.0
6.3 6.1
6.4 6.3
7.1 7.0
7.2 7.1
7.3 7.2
2. Copy the helper script into the /tmp directory on the appliance
1. Edit the /etc/hosts file to include an incorrect IP address (such as 0.0.0.0) for
updates.voltage.com, similar to the following line:
0.0.0.0 updates.voltage.com
3. Copy the patch script into the /tmp directory on the server.
5-11 CONFIDENTIAL
Voltage SecureMail Server Installation Guide Version 7.3 Upgrading a Linux Appliance with the Upgrade Script
5-12 CONFIDENTIAL
6 Troubleshooting
You might experience errors or failures if you did not install or upgrade the MariaDB software
exactly as specified.
You can use the Windows Event Viewer to check for possible silent failures or errors that
occurred during the installation. To open the Event Viewer, click the Windows Start menu and
navigate to Administrative Tools > Event Viewer.
If you installed the MariaDB software in non-default location, follow these instructions to enable
Voltage SecureMail software to communicate with it:
3. Open the voltage_settings.bat file for editing. The file is in one of the following locations:
• 32-bit OS:
C:\Program Files\Voltage Security\Voltage Management Server\etc\mysql
• 64-bit OS:
C:\Program Files (x86)\Voltage Security\Voltage Management Server
\etc\mysql
4. Change the “Set this to MySQL install directory” section to specify the correct install
path for the MariaDB software:
"SET MYSQL_DIR=<Install_Location>\MariaDB 10.2"
• 32-bit OS:
C:\Program Files\Voltage Security\
Voltage Management Server\etc\mysql\setup_db.bat
6-1 CONFIDENTIAL
Voltage SecureMail Server Installation Guide Version 7.3
• 64-bit OS:
C:\Program Files (x86)\Voltage Security
\Voltage Management Server\etc\mysql\setup_db.bat
6. Repeat steps 3, 4 and 5 to set the MariaDB installation location for the IBE server if the
IBE server is installed on the same machine.
If you see these messages, add the following lines to the my.ini file under [mysqld], and then
restart the database and Voltage SecureMail services:
max_allowed_packet=100M
innodb_file_per_table
innodb_data_file_path=ibdata1:10M:autoextend:max:20G
1. For the Voltage IBE Server, from the command prompt, enter:
cd c:\Program Files (x86)\Voltage Security\Voltage IBE Server\bin
For the Voltage Management Server or Voltage Data Management Service, from the
command prompt, enter:
cd c:\Program Files (x86)\Voltage Security\Voltage Management
Server\bin
6-2 CONFIDENTIAL
Voltage SecureMail Server Installation Guide Version 7.3
2. Run the one of the commands below depending on the server or service for which you
want increase memory.
CAUTION: Do not make any other changes in vsservice without direction from Micro
Focus Voltage Support.
4. Change the Initial memory pool and Maximum memory pool values as needed. Do
not allocate more than 1024 MB to the maximum memory pool.
5. Click OK.
6-3 CONFIDENTIAL
Voltage SecureMail Server Installation Guide Version 7.3
versions that support TLS 1.2. You can force the server to use less secure communication
protocols using an advance setting. Contact Micro Focus Voltage Support for assistance with
this option.
If you have client users on Windows 7 with latest update or Windows Server 2008 R2, and they
are unable to download keys, there is a patch to Windows 7 that enables TLS 1.1 and TLS 1.2
as a default secure protocols in WinHTTP.
6-4 CONFIDENTIAL