Upgrade Guide 11.5: Upgrade Options

Document created by RSA Information Design and Development Employee on Sep 9, 2020Last modified by Sudha Ashok on Sep 30, 2020
Version 5Show Document
  • View in full screen mode

Upgrade the systems in your environment in the following order:

  1. NW Server hosts
  2. Analyst UI hosts
  3. ESA Primary hosts
  4. ESA Secondary hosts
  5. The rest of your component hosts

Note: NW Server, Analyst UI, and ESA Primary and Secondary hosts must all be upgraded on the same day. The rest of your component hosts can be upgraded on the same day or later.

For information about all the host types in NetWitness Platform, see the Host and Services Getting Started Guide for RSA NetWitness Platform 11.x. Go to the Master Table of Contents to find all RSA NetWitness Platform 11.x documents.

Important Notes - Read This First

Synchronize Time on Component Hosts with NW Server Host

Before upgrading your hosts, make sure that the time on each host is synchronized with the time on the NetWitness Server.
To synchronize the time, do one of the following:

  • Configure the NTP Server. For more information, see"Configure NTP Servers" in the System Configuration Guide.
  • Perform the following steps on each host:
    1. SSH to a component host.
    2. Run the following commands.
      systemctl stop ntpd
      ntpdate nw-node-zero
      systemctl start ntpd

Mixed Mode Unsupported for ESA Hosts

Mixed mode is not supported for ESA hosts in NetWitness Platform version 11.5 and later. The NetWitness server, ESA primary host, and ESA secondary host must all be on the same NetWitness Platform version.

Endpoint Hybrid Systems Not Supported

For RSA NetWitness Endpoint customers only, Endpoint Hybrid is not supported in 11.3.0.0 and later releases.
If you have deployed an Endpoint Hybrid host in 11.2.x.x and did not install an Endpoint Log Hybrid host in 11.3.x.x or 11.4.x.x, you must install an Endpoint Log Hybrid host in 11.5. See the Physical Host Installation Guide for RSA NetWitness Platform or the Virtual Host Installation Guide for RSA NetWitness Platform for instructions on how to install an 11.5 Endpoint Log Hybrid on a physical host.

Respond Server Service Not Enabled Until NW Server and Primary ESA Host Upgraded to 11.5

After upgrading the primary NW Server (including the Respond Server service), the Respond Server service is not automatically re-enabled until after the Primary ESA host is also upgraded to 11.5. The Respond post-upgrade tasks only apply after the Respond Server service is upgraded and is in the enabled state.

Upgrade Options

You can choose one of the following upgrade methods based on your Internet connectivity. They are listed in the order recommended by RSA.

The following rules apply when you are upgrading hosts for all of these upgrade methods:

  • You must upgrade the NW Server host first.
  • You can only apply a version that is compatible with the existing host version.
  • The NW Server, ESA primary, ESA secondary, and Analyst UI hosts must all be on the same NetWitness Platform version.

Option 1: User Interface Method with Connectivity to the Internet

You can use this method if the NW Server host is connected to Live Services and if you are able to obtain the package.

Prerequisites

Make sure that:

  1. The Automatically download information about new upgrades every day option is selected and is applied in Admin > System > Updates.
  2. Updates are available. Go to Admin > Hosts > Update > Check for Updates to check for updates. The Host view displays the Update Available status.
  3. 11.5 is available in the Update Version column.

Procedure

  1. Go to Admin > Hosts.
  2. Select the NW Server (nw-server) host.
  3. Check for the latest updates.

  4. Update Available is displayed in the Status column if you have a version update in your Local Update Repository for the selected host.
  5. Select 11.5 from the Update Version column. If you:

    • Want to view a dialog with the major features in the upgrade and information on the updates, click the information icon () to the right of the upgrade version number.
    • Cannot find the version you want, select Update > Check for Updates to check the repository for any available updates. If an update is available, the message "New updates are available" is displayed and the Status column updates automatically to show Update Available. By default, only supported updates for the selected host are displayed.
  6. Click Update > Update Host from the toolbar.
  7. Click Begin Update.
  8. Click Reboot Host.
  9. Repeat steps 6 to 8 for other hosts.

Note: You can select multiple hosts to upgrade at the same time only after updating and rebooting the NW Server host. All ESA, Endpoint, and Malware Analysis hosts should be upgraded to the same version as that of the NW Server host.

Option 2: User Interface with No Connectivity to the Internet

Caution: The offline User Interface method is only available if you are upgrading a host from the following versions: 11.3.1.0, 11.3.1.1, 11.3.2.0, 11.3.2.1, 11.4.1.1 or 11.4.1.2 to 11.5. If you are upgrading a host on an earlier version, you must use the Upgrade Options method. After you complete Step 5 in Task 2. Apply Upgrades from the Staging Area to Each Host, go to Upgrading from 11.3.1.0, 11.3.1.1, 11.3.2.0, 11.3.2.1, 11.4.1.1 or 11.4.1.2 .

Caution: If you are upgrading a host from 11.4.0.0 or 11.4.0.1 to 11.5 using the offline User Interface method, in Step 5 of Task 2. Apply Upgrades from the Staging Area to Each Host, the upgrade will fail with the message Download error. You can still complete the upgrade successfully by following the steps in Upgrading from 11.4.0.0 or 11.4.0.1 . This issue has been fixed in 11.4.1.0 and later.

Task 1. Populate Staging Folder (/var/lib/netwitness/common/update-stage/) with Version Upgrade Files

  1. Download the upgrade package netwitness-11.5.0.0.zip from RSA Link (https://community.rsa.com/) > Downloads > NetWitness Platform > Version 11.5 to a local directory:
  2. SSH to the NW Server host.
  3. Copy netwitness-11.5.0.0.zip from the local directory to the /var/lib/netwitness/common/update-stage/ staging folder.
    For example:
    sudo cp /tmp/netwitness-11.5.0.0.zip /var/lib/netwitness/common/update-stage/

    Note: NetWitness Platform unzips the file automatically.

Task 2. Apply Upgrades from the Staging Area to Each Host

Caution: You must upgrade the NW Server host before upgrading any non-NW Server host.

  1. Log in to NetWitness Platform.
  2. Go to Admin > Hosts.
  3. Check for updates and wait for the upgrade packages to be copied, validated, and ready to be initialized.

    "Ready to initialize packages" is displayed if:

    • NetWitness Platform can access the upgrade package.
    • The package is complete and has no errors.

    Refer to Troubleshooting Version Installations and Updates for instructions on how to troubleshoot errors (for example, "Error deploying version <version-number>" and "Missing the following update package(s)," are displayed in the Initiate Update Package for RSA NetWitness Platform dialog.)

  4. Click Initialize Update.

    It takes some time to initialize the packages because the files are large and need to be unzipped. The time varies depending on how the host is configured.
    After the initialization is successful, the Status column displays Update Available and you complete the rest of the steps in this procedure to finish the upgrade of the host.

  5. Click Update > Update Hosts from the toolbar.

Upgrading from 11.3.1.0, 11.3.1.1, 11.3.2.0, 11.3.2.1, 11.4.1.1 or 11.4.1.2

After you click Update Hosts in step 5, complete these steps:

  1. Click Begin Update from the Update Available dialog.
    After the host is upgraded, it prompts you to reboot the host.
  2. Click Reboot Host from the toolbar.

Upgrading from 11.4.0.0 or 11.4.0.1

After you click Update Hosts in step 5, the upgrade will fail with the message Download error. You can successfully complete the upgrade by following these steps.

  1. In the Command Line Interface (CLI):

    1. SSH to NW Server.

    2. Run the following command:
      upgrade-cli-client –-upgrade --host-key <ID, IP address, hostname or display name of host> --version 11.5.0.0
  2. After the NW Server is successfully updated, log in to the NW Server user interface and go to (Admin) > Hosts, where you are prompted to reboot the host.
  3. Click Reboot Host from the toolbar.

You can upgrade all the other hosts directly from the user interface:

  1. Click Begin Update from the Update Available dialog.
    After the host is upgraded, it prompts you to reboot the host.
  2. Click Reboot Host from the toolbar.

Option 3: Command Line Interface (CLI) with No Connectivity to the Internet

Follow the instructions in Appendix A. Offline Method (No Connectivity to Live Services) - Command Line Interface .

 

You are here

Table of Contents > Upgrade Tasks

Attachments

    Outcomes