Deployment: Host Update Sequence

Document created by RSA Information Design and Development on Jul 27, 2016
Version 1Show Document
  • View in full screen mode
 

RSA strongly recommends that customers:

  • Update all hosts at the same time (during the same session).

Note:  If you stagger the update over multiple sessions:
•  You will not lose data.
•  You may not have all the features operational until you update your entire deployment.

  • Update hosts in the following, bottom-up order:
    1. Application hosts

      Note: The Application host is the host the on which the Security Analytics server resides.

    2. ESA, Malware
    3. Decoders
    4. Concentrators
    5. Archivers
    6. Brokers
  • Avoid mixed-modes (fore example, one host at 10.3.x, another host at 10.4.x, and another host 10.5.x in the same Security Analytics deployment).  

Caution: If you deploy multiple Application hosts, you must determine which host is the Primary Application host and which hosts are the Secondary Application hosts.

Multiple Application Hosts

Primary Application Host

After you apply updates to an Application host, that Application host becomes the Primary Application host for your deployment. All other Application hosts are the secondary Application hosts.  The Primary Application host has all the Security Analytics server functionally including:

  1. Fully functional Hosts view including the Updates column.
  2. Access to Health & Well views.
  3. Full use of the trusted connections feature.

Secondary Application Host

A Secondary Application host has the following limitations:

  1. The Updates column on the Hosts view is valid for the Primary Application host exclusively. It reflects the wrong status a Secondary Application host so you must not click it.
  2. You cannot use the Health & Wellness views.
  3. You cannot use the trusted connections feature.

Scenario 1 -> Full Update, Update Order (Strongly Recommended)

Customer v10.x deployment – 1 Application host, 2 Decoders, 2 Concentrators, 1 Archiver, 1 Broker, 1 ESA, 1 Malware

Step 1 - Update Application host

Step 2 - Update Event Stream Analysis (ESA), Malware

Step 3 - Update 2 Decoders

Step 4 - Update 2 Concentrators, Archiver

Step 5 - Update 1 Broker

Scenario 2 -> Partial Update

Customer v10.x deployment – 1 Application host, 2 Decoders, 2 Concentrators, 1 Broker, 1 ESA, 1 Malware

Step 1 - Update Application host

Step 2- Update ESA, Malware

Step 3 - Update 1 Decoder and 1 Concentrator

Time elapses during which Security Analytics processes a significant amount of data.

Step 4 - Update 1 Decoder, 1 Concentrator, and 1 Broker

Scenario 3 -> Regional Update with Multiple Brokers

Customer v10.x deployment – 4 Decoders, 4 Concentrators, 2 Brokers, 1 Application host, 1 ESA, 1 Malware (2 sites, each with 2 Decoders, 2 Concentrators, and 1 Broker)

First Update Session – Site 1

Step 1 - Update Application host

Step 2- Update ESA, Malware

Step 3 – Update 2 Decoders, 2 Concentrators and 1 Broker at site 1.

Second Update Session – Site 2

Step 4 – Update 2 Decoders, 2 Concentrators, and 1 Broker at site 2.

Scenario 4 -> Regional Update with Multiple Application Hosts

Customer v10.x deployment – 2 Application hosts, 4 Decoders, 4 Concentrators, 2 Brokers, 1 ESA, 1 Malware (2 sites, each with 1 Application host, 2 Decoders, 2 Concentrators, and 1 Broker)

First Update Session - Site 1

Step 1 - Update Application host

Step 2- Update ESA, Malware

Step 3 – Update 2 Decoders, 2 Concentrators and 1 Broker at site 1.

Second Update Session – Site 2

Step 4 - - Update Application host

Step 5 – Update 2 Decoders, 2 Concentrators, and 1 Broker at site 2.

You are here: References > Host Update Sequence

Attachments

    Outcomes