Core Agent Appliance & ECA - In-place Upgrade
Core Agent Appliance Pre-upgrade Checks
-
Take screenshots below from Core Agent Appliance GUI:
a. About/Contact
noteThis provides details like version, OpenSUSE OS version and Appliance ID.
b. Continuous Op Dashboard
noteCheck that the Connectivity status is OK (green).
c. Easy Auditor >
- i. Report Schedule
- ii. Saved Queries
- iii. Active Auditor (Data Loss Protection, Mass Delete, Custom)
- iv. Robo Audit
noteVerify if this job is completing successfully.
d. Inventory View
noteMake sure all the clusters are populated with their configuration details.
e. Jobs >
- i. Job Definitions — Verify all the jobs status.
- ii. Running Jobs — Make sure all the jobs are completing successfully.
f. License Management
noteReview license details and Support License Expiry date.
g. Ransomware Defender >
- i. Learned Thresholds
- ii. Ignored List
- iii. Monitor Only Settings
- iv. Threshold
- v. File Filters
- vi. Security Guard — Verify if this job is completing successfully.
h. Manage Services
- i. ECA Monitor
- Make sure ECA VMs are receiving and sending events.
- Verify the status of all VMs.
-
Take screenshots below from Core Agent Appliance CLI:
a.
df -khnoteMake sure disk space usage is less than 80%. If it is above 80%, open a support ticket to troubleshoot further.
b.
grep syncIsilonsToZK /opt/superna/sca/data/system.xmlnoteMake sure it is set to true. If false, need to update to true post upgrade.
Core Agent Appliance Upgrade Steps
-
Take a VM level snapshot of the core agent appliance VM.
-
Download the latest Core Agent Appliance upgrade file from the support portal: https://support.superna.net/hc/en-us
-
Use WinSCP to transfer the upgrade run file under
/home/admin/in the core agent appliance. -
SSH to the Core Agent VM as the admin user.
a. Switch to root user:
sudo sub. Make the upgrade run file executable:
chmod +x <upgrade filename>warningMake sure the upgrade filename matches the OS version currently installed.
-
Run the upgrade:
./<upgrade filename>— if prompted, press Y to continue. -
Once the upgrade is completed, check the version:
a. Switch to root user:
sudo sub.
igls admin version -
Complete the Core Agent Appliance Post Upgrade checks.
-
Move on to ECA upgrade if applicable.
Core Agent Appliance Post Upgrade Checks
-
Take screenshots below from Core Agent Appliance GUI:
a. About/Contact
noteVerify the upgraded version.
b. Continuous Op Dashboard
noteCheck that the Connectivity status is OK (green).
c. Easy Auditor >
- i. Report Schedule
- ii. Saved Queries
- iii. Active Auditor (Data Loss Protection, Mass Delete, Custom)
- iv. Robo Audit
noteInitiate Robo Audit job and make sure it completes successfully.
d. Inventory View
noteMake sure all the clusters are populated with their configuration details.
e. Jobs >
- i. Job Definitions
noteIf jobs are not present under Job Definitions, check running jobs and make sure initial inventory is finished. If it's not finished, then wait. If it's finished and jobs are not present, then open a support ticket to troubleshoot further.
- ii. Running Jobs — Make sure all the jobs are completing successfully.
f. License Management
g. Ransomware Defender >
- i. Learned Thresholds
- ii. Ignored List
- iii. Monitor Only Settings
- iv. Threshold
- v. File Filters
- vi. Security Guard
noteInitiate Security Guard job and make sure it completes successfully.
h. Manage Services
- i. ECA Monitor
- Make sure ECA VMs are receiving and sending events.
- Make sure all VMs are in OK (green) status.
-
Take screenshots below from Core Agent Appliance CLI:
a.
df -hnoteMake sure disk space usage is less than 80%. If it is above 80%, open a support ticket to troubleshoot further.
b.
grep syncIsilonsToZK /opt/superna/sca/data/system.xmlnoteMake sure it is set to true. If false, need to update to true using the steps below:
- SSH to Core Agent VM as admin user:
- Switch to the root user:
sudo su nano /opt/superna/sca/data/system.xml- Search for
syncIsilonsToZKand update to true. - Save the file:
- Press Ctrl+X
- Answer yes to save and exit the nano editor.
- Restart sca service:
systemctl restart sca
- Switch to the root user:
- SSH to Core Agent VM as admin user:
ECA Cluster Pre-upgrade Checks
-
Take screenshot below from ECA Node 1:
a. SSH to ECA Node 1 as ecaadmin user.
b.
ecactl cluster exec "df -h"noteMake sure disk space usage is less than 80% on all ECA VMs. If it is above 80%, open a support ticket to troubleshoot further.
ECA Cluster Upgrade Steps
-
Take a VM level snapshot of all the ECA VMs.
-
Download the latest ECA upgrade file from the support portal: https://support.superna.net/hc/en-us
-
WinSCP to ECA VM 1 and copy the upgrade run file to
/home/ecaadmin/. -
SSH to ECA VM 1 as ecaadmin user.
-
Stop the running services:
ecactl cluster down -
Check the cluster status and make sure no container is running:
ecactl cluster status -
Make the run file executable:
chmod +x <eca upgrade run file>warningMake sure the upgrade filename matches the OS version currently installed.
-
Run the upgrade:
./<eca upgrade run file>a. Enter the ecaadmin password when prompted.
-
Once upgrade is completed, run the following commands:
a. Verify the version:
ecactl cluster exec "ecactl version"b. Restart docker:
ecactl cluster exec "sudo systemctl restart docker"c. Do cluster up:
ecactl cluster up --clean
ECA Post Upgrade Checks
-
Make sure Core Agent Appliance and ECA VMs version match.
-
Take screenshot below from ECA Node 1:
a. SSH to ECA Node 1 as ecaadmin user.
b.
ecactl cluster exec "df -h"noteMake sure disk space usage is less than 80% on all ECA VMs. If it is above 80%, open a support ticket to troubleshoot further.
c. Manage Services
- i. ECA Monitor
- Make sure ECA VMs are receiving and sending events.
- Make sure all VMs are in OK (green) status.
- i. ECA Monitor