Physical Host Upgrade Checklist for RSA NetWitness Platform 10.6.6.x to 11.3

Document created by RSA Information Design and Development on Apr 10, 2019Last modified by David O'Malley on Apr 24, 2019
Version 9Show Document
  • View in full screen mode
TaskDescription

Prepare for Upgrade

1.

Download Physical Host Upgrade Guide from RSA Link (https://community.rsa.com/docs/DOC-100385) and review it.

 
2.Carefully read the sections on Event Stream Analysis (ESA) Upgrade Considerations and Investigate in Mixed Mode. 

3.

Be aware of the hardware, deployments, services, and features not supported in 11.3.

 

4.

Perform the upgrade preparation tasks for the features you use.

Caution: Make sure that you implement and test the new ports so that upgrade does not fail due to missing ports.

 

5.

Create CentOS 6 external host to save backup tar files.

 

6.

Download the nw-backup-v4.3.zip (or later) file from RSA Link (https://community.rsa.com/docs/DOC-81514) to external host.

 

7.Execute get-all-systems.sh and ssh-propagate.sh script from external host. 

8.

Preserve a copy of the get-all-systems-master file for future reference.

 

9.Execute nw-backup.sh in TEST mode to evaluate the space requirements from external host (for example: nw-backup –t -l –D). 

10.

Review the back up options for nw-backup.sh by displaying the help menu (nw-backup.sh -h) .

 

 

 

 

TaskDescription

Phase 1 - Upgrade SA Server, ESA, Malware Analysis, and Broker/Concentrator Hosts

11.Update the contents of the all-systems so they consist of SA, ESA's, MA and Broker/Concentrator backup data. 
12.For ESA hosts, reset the Mongo Database admin password to 'netwitness' if it contains special characters .
13.Execute nw-backup.sh with -u flag for all Phase 1 hosts and confirm that it completes with no errors. 

14.

If your environment has multiple ESA appliances, designate a primary ESA (Where the Context Hub service is running) and copy controldata-mongodb.tar.gz.* files from the secondary ESAs to designated primary ESA default backup path.

 

15.Confirm that backup tar files are saved locally and remotely. 

16.

Attach media (media that contains the ISO file, for example a build stick) to the SA Server host. Download USB Build Stick Instruction - 11.3 and Later document from RSA Link (https://community.rsa.com/docs/DOC-100386) for instructions on how to get ISO and prepare it.

IMPORTANT: The ISO is unreadable in a Windows files system. Use a third-party tool (for example, Etcher - available at: https://etcher.io) to etch an Linux file system on the USB drive.

 

17.Create base image on the host from the attached media. 
18.

Upgrade the host to 11.3 by running the nwsetup-tui program on the host.

 
19.

Repeat steps 16, 17, and 18 on the:

  1. ESA Primary host (and other ESA hosts if you have any).
  2. Malware Analysis host.
  3. Broker or Concentrator host.
 
20.

Install the ESA, Malware Analysis, and Broker or Concentrator services in the NetWitness 11.3 User Interface.

 

 

TaskDescription
Phase 2 - Upgrade All Other Hosts
21.Update the contents of the all-systems so they consist of Phase 2 host backup data. 
22.Execute nw-backup.sh in TEST mode to evaluate the space requirements from external host (for example: nw-backup –t -l –D). 

23.

Execute nw-backup.sh with -u flag for all Phase 2 hosts and confirm that it completes with no errors.

 

24.Confirm that backup tar files are saved locally and remotely. 

25.

For all other hosts:

  1. Attach media (that is Build Stick or DVD ISO) to the SA Server host. Refer the USB Build Stick Instruction - 11.3 and Later document that you downloaded in step 16 from RSA Link for instructions on how to get ISO and prepare it.
  2. Create base image on the host from the attached media.
  3. Upgrade the 10.6.6.x host to 11.3 by running the nwsetup-tui program on the host.
  4. Install the Category (service category) in the NetWitness 11.3 User Interface.

 

Preform Post Upgrade Adjustments

26.

Perform the post upgrade tasks for the features you use.

 

 

 

 

You are here

Table of Contents > Physical Host Upgrade Checklist for RSA NetWitness Platform 10.6.x to 11.x

Attachments

    Outcomes