Host GS: Update Hosts in Correct Sequence

Document created by RSA Information Design and Development on Apr 9, 2016
Version 1Show Document
  • View in full screen mode
 
  

You must follow a specific sequence when you update hosts to a new version. RSA recommends that you follow the guidelines described in this topic.

Basic Update Sequence

RSA strongly recommends that customers:

  • Update all hosts at the same time (during the same session).

Note:  If you stagger the update over multiple sessions:
           •  You will not lose data.
            •  You may not have all the features operational until you update your entire deployment.

  • Update hosts in a the following order:
  1. Security Analytics Servers

Note: The Security Analytics Server is the host the on which the Security Analytics Server resides.

  1. Event Stream Analysis (ESA), Malware
  2. Decoders
  3. Concentrators
  4. Archivers
  5. Brokers
  • Avoid mixed-modes (for example, one host at 10.4.x, another host at 10.5.x, and another host 10.6.x in the same Security Analytics deployment).   

Caution: If you deploy multiple Security Analytics Servers, you must determine which host is the Primary Security Analytics Server and which hosts are the Secondary Security Analytics Servers.

Update Security Analytics in a Multiple Security Analytics Server Environment

The following section describes how to update a Multiple Security Analytics Server deployment.

Primary Security Analytics Server

After you apply updates to a Security Analytics Server, that Security Analytics Server becomes the Primary Security Analytics Server for your deployment. All other Security Analytics Servers are the secondary Security Analytics Servers.  The Primary Security Analytics Server has all the Security Analytics server functionally including:

  1. Fully functional Hosts view including the Updates column.
  2. Access to Health & Wellness views.
  3. Full use of the trusted connections feature.

Secondary Security Analytics Server

A Secondary Security Analytics Server has the following limitations:

  1. The Update Version and Status columns on the Hosts view are valid for the Primary Security Analytics Server exclusively. They reflects the wrong status for a Secondary Security Analytics Server so you must not interact with them.
  2. You cannot use the Health & Wellness views.
  3. You cannot use the trusted connections feature.

Scenario 1. Full Update, Update Order (Strongly Recommended)

Customer v10.x deployment – 1 Security Analytics Server, 2 Decoders, 2 Concentrators, 1 Archiver, 1 Broker, 1 ESA, 1 Malware Analysis

  1. Update the Security Analytics Server.
  2. Update ESA and Malware Analysis.
  3. Update 2 Decoders.
  4. Update 2 Concentrators and Archiver.
  5. Update 1 Broker.

Scenario 2. Partial Update

Customer v10.x deployment – 1 Security Analytics Server, 2 Decoders, 2 Concentrators, 1 Broker, 1 ESA, 1 Malware Analysis

  1. Update the Security Analytics Server.
  2. Update ESA and Malware Analysis.
  3. Update 1 Decoder and 1 Concentrator.
    Time elapses during which Security Analytics processes a significant amount of data.
  4. Update 1 Decoder, 1 Concentrator, and 1 Broker.

Scenario 3. Regional Update with Multiple Brokers

Customer v10.x deployment – 4 Decoders, 4 Concentrators, 2 Brokers, 1 Security Analytics Server, 1 ESA, 1 Malware Analysis (2 sites, each with 2 Decoders, 2 Concentrators, and 1 Broker)

First Update Session at Site 1

  1. Update the Security Analytics Server.
  2. Update ESA and Malware Analysis.
  3. Update 2 Decoders, 2 Concentrators, and 1 Broker at site 1.

Second Update Session at Site 2

Update 2 Decoders, 2 Concentrators, and 1 Broker at site 2.

Scenario 4. Regional Update with Multiple Security Analytics Servers

Customer v10.x deployment – 2 Security Analytics Servers, 4 Decoders, 4 Concentrators, 2 Brokers, 1 ESA, 1 Malware Analysis (2 sites, each with 1 Security Analytics Server, 2 Decoders, 2 Concentrators, and 1 Broker)

First Update Session at Site 1

  1. Update the Primary Security Analytics Server.
  2. Update ESA and Malware Analysis.
  3. Update 2 Decoders, 2 Concentrators, and 1 Broker at site 1.

Second Update Session at Site 2

  1. Update the Secondary Security Analytics Server.
  2. Update 2 Decoders, 2 Concentrators, and 1 Broker at site 2.
You are here: Host Maintenance Procedures > Update Hosts in Correct Sequence

Attachments

    Outcomes