Upgrade Guide 11.4: Upgrade Tasks

Document created by RSA Information Design and Development Employee on Jan 30, 2020Last modified by RSA Information Design and Development Employee on Jun 25, 2020
Version 9Show Document
  • View in full screen mode
 

Note: For RSA NetWitness Endpoint customers only, Endpoint Hybrid is not supported in 11.3.0.0 and later releases.
If you have deployed an Endpoint Hybrid host in 11.2.x.x and did not install an Endpoint Log Hybrid host in 11.3.x.x, you must install an Endpoint Log Hybrid host in 11.4. See the Physical Host Installation Guide for RSA NetWitness Platform 11.3 or the Virtual Host Installation Guide for RSA NetWitness Platform 11.3 for instructions on how to install an 11.3 Endpoint Log Hybrid on a physical host.

Note: After upgrading the primary NW server (including the Respond Server service), the Respond Server service will not be re-enabled until after the Primary ESA host is also upgraded to 11.4. The Respond post-upgrade tasks only apply after the Respond Server service is upgraded and is in the enabled state.

Note: If you are using S4s devices that use SD cards, SSH to NW Server and run the following command before starting the upgrade process.
manage-stig-controls --disable-control-groups 7 --host-id <node uuid>

Note: Before upgrading the hosts make sure that the time on each host is synchronized with the time on the NetWitness Server.
To synchronize the time do one of the following:
- Configure the NTP Server. For more information, see "Configure NTP Servers" in the System Configuration Guide.
- Run the following commands on each hosts:
1. SSH to NW host.
2. Run the following commands.
systemctl stop ntpd
ntpdate nw-node-zero
systemctl start ntpd

Use one of the following methods to apply version updates (for example, 11.4.0.0) to a host.

Online Method (Connected to RSA Live)

Use this method if NetWitness Platform has an RSA Live Update Repo Connection (Web Access).

Task 1. Populate Local Repo or Set Up an External Repo

When you set up your NW Server, you select the Local Repository (Repo) or an External Repository (Repo). The Hosts view retrieves version updates from the repo you selected.

If you select the Local Repo, you do not need to set it up, but you must make sure that it is populated with the latest version updates. See Appendix A. Populate Local Repo for instructions on how to populate it with a version update.

Note: If you selected an External Repo, you must set it up. For more information on how for instructions on how to populate it with a version update see Appendix B. Set Up External Repo.

Task 2. Apply Updates from the Hosts View to Each Host

The Hosts view displays the software version updates available in your Local Update Repository, and you choose and apply the updates you want from the Host view.

This procedure tells you how to update a host to a new version of NetWitness Platform. 

  1. Log in to NetWitness Platform.
  2. Go to Admin > Hosts
  3. (Conditional) Check for the latest updates.

    The Update drop down list

  4. Select a host or hosts.

    You must update the NW Server to the latest version first. You can update the other hosts in any sequence you prefer, but RSA recommends that you follow the guidelines in Running in Mixed Mode.
    Update Available is displayed in the Status column of the Hosts list view if you have an version update in your Local Update Repository for the selected hosts.

  5. Select the version you want to apply from the Update Version column.

    Example of a drop-down list of versions in the Update Version column

    If you:

    • Want to update more than one host to that version, after you update the NW Server host, select the checkbox to the left of the hosts. Only currently supported update versions are listed.
    • Want to view a dialog with the major features in the update, click the The inline help icon to the right of the update version number. The following is an example of this dialog.

      Example of the Update Available dialog with Close button

    • Cannot find the version you want, select Update > Check for Updates to check the repository for any available updates. If an update is available, the message New updates are available is displayed, and the Status column updates automatically to show Update Available. By default, only supported updates for the selected host are displayed.
  6. Click Update > Update Host from the toolbar.

     A dialog is displayed with information about the selected update. Click Begin Update.

    Example of the Update Available dialog with Begin Update button

    The Status column tells you what is happening in each of the following stages of the update:

    • Stage 1 - Downloading update packages - downloads the repository artifacts to the NW Server applicable to the services on the host you chose.
    • Stage 2 - Configuring update packages - configures update files in to correct format.
    • Stage 3 - Update in progress - updates host to the new version.
  7. When you see Update in progress, refresh the browser.

    This may display the NetWitness Log In screen from which you log in again and navigate back to the Host view.

    After the host is updated, NetWitness Platform prompts you to Reboot Host.

  8. Click Reboot Host from the toolbar.

    NetWitness Platformshows the status as Rebooting... until the host comes back online and the Status shows Up-to-Date. Contact Customer Care if the host does not come back online.

Note: If you have the Defense Information Systems Agency Security Technical Implementation Guide (DISA STIG) enabled, opening core services can take approximately 5 to 10 minutes. This delay is caused by the generation of new certificates.

Offline Method from Hosts View

Use this method if NetWitness Platform does not have an RSA Live Update Repo Connection (No Web Access) and you want to apply updates from the Admin > Hosts view.

Note: The offline User Interface method is only available if you are upgrading a host from 11.3.1.0 or later to 11.4.0.0. If you are upgrading a host on an earlier version, you must use the Offline Method described in Offline Method Using Command Line Interface .

Follow these instructions to apply version updates from the User Interface without a NetWitness Platform connection to the Internet (for example, no Live connection). The follow rules apply when you apply version updates:

  • You must update the NW Server host first.
  • You can only apply a version that is the compatible with the existing host version.

Task 1. Populate Staging Folder (/var/lib/netwitness/common/update-stage/) with Version Updates

  1. Download .zip update package for the version you want (for example, netwitness-11.4.0.0.zip) from RSA Link to a local directory.
  2. SSH to the NW Server host.
  1. Copy update package you want from the local directory to the /var/lib/netwitness/common/update-stage/ staging folder. For example:
    sudo cp /tmp/netwitness-<version-number>.zip /var/lib/netwitness/common/update-stage/

    Note: NetWitness Platform unzips the file automatically.

Task 2. Apply Updates from the Staging Area to Each Host

Caution: You must update the NW Server host before updating any Non-NW Server host.

  1. Log in to NetWitness Platform.
  2. Go to Admin > Hosts.
  3. Check for updates and wait for the update packages to be copied, validated, and ready to be initialized.

    Example of Initialize Update Package for RSA NetWitness Platform dialogs

    Ready to initialize the update packages is displayed if:

    • NetWitness Platform can access the update package.
    • The package is complete and has no errors.

    Refer to Appendix C. Troubleshooting Version Installations and Upgrades for instructions on how to troubleshoot errors (for example, Error deploying version <version-number> and Missing the following update package(s), displayed in the Initiate Update Package for RSA NetWitness Platform dialog.

  4. Click Initialize Update.

    Example of Initialize Update Package for RSA NetWitness Platform dialog

    It takes some time to initialize the packages because the files are large and need to be unzipped. After the initialization is successful, the Status column displays Update Available and you complete the rest of the steps in this procedure to finish the update of the host.

  5. Click Update > Update Hosts from the toolbar.

    Figure of update button with Update Host selected

  6. Click Begin Update from the Update Available dialog.

    After the host is updated, it prompts you to reboot the host.

  7. Click Reboot from the toolbar.

Offline Method Using Command Line Interface

Use this method if NetWitness Platform does not have an RSA Live Update Repo Connection (No Web Access) and you want to apply updates using the Command Line Interface.

If your RSA NetWitness Platform deployment does not have Web access, complete the following procedure to apply a version update.

  1. Download the .zip update package for the version you want (for example, netwitness-11.4.0.0.zip) from RSA Link to the /root directory.
  2. SSH to the NW Server host.
  3. Make a /tmp/upgrade/<version> staging directory for the version you want (for example, /tmp/upgrade/11.4.0.0).
    mkdir –p /tmp/upgrade/11.4.0.0
  4. Copy the .zip update package to the /root directory).

    Note: 1.) Make sure that you copy the netwitness-11.4.0.0.zip file to a directory path other than the staging directory path (for example, the /root directory). 2.) Make sure that you extract the rpm files to the staging directory path (for example, /tmp/upgrade/11.4.0.0 directory).

  5. Unzip the package into the staging directory you created (for example, /tmp/upgrade/11.4.0.0).
    unzip /root/netwitness-11.4.0.0.zip -d /tmp/upgrade/11.4.0.0
  6. Initialize the update on the NW Server.
    upgrade-cli-client --init --version 11.4.0.0 --stage-dir /tmp/upgrade/
  7. Apply the update to the NW Server.
    upgrade-cli-client --upgrade --host-addr <NW Server IP> --version 11.4.0.0
  8. Log in to NetWitness Platform, go to Admin > Hosts, and reboot the NW Server host in the Host view.
  9. For each component host:
    1. Apply the update to each component host:
      upgrade-cli-client --upgrade --host-addr <component-host IP address> --version 11.4.0.0
      The update is complete when the polling is completed.
    1. Log in to NetWitness Platform, go to Admin > Hosts, and reboot the component host in the Host view.

You can verify the version applied to the host with the following command.
upgrade-cli-client --list

Note: 1.) If you have DISA STIG enabled, opening Core Services can take approximately 5 to 10 minutes. This delay is caused by the generating of new certificates.
2.) If you have Unity storage, check the PowerPath status and verify the it can see the Unity device.
3.) If you get the error illustrated in the following example, the update installs correctly and no action is required. If you encounter additional errors during the update, contact Customer Support
2019-01-28 20:13:26.580 ERROR 7994 — [ 127.0.0.1:5671] o.s.a.r.c.CachingConnectionFactory : Channel shutdown: connection error; protocol method: #method<connection.close>(reply-code=320, reply-text=CONNECTION_FORCED - broker forced connection closure with reason 'shutdown', class-id=0, method-id=0)

You are here
Table of Contents > Upgrade Tasks

Attachments

    Outcomes