Apply Version Update to a Host

Document created by RSA Information Design and Development on Nov 7, 2017Last modified by RSA Information Design and Development on Nov 7, 2017
Version 2Show Document
  • View in full screen mode
 

You use the Hosts view to apply the latest version updates from your Local Update Repository (see the Manage NetWitness Updates topic in RSA NetWitness Suite System Maintenance for more information on your Local Update Repository).

Quick Look

The following example shows you how to update the version for a host.

Note: If you cannot find a version, you may need to populate your local update repository. For more information, see the Populate Local Update Repository topic in the RSA NetWitness Suite System Maintenance.

                         
 1  Select the version from the Update Version column.
  • If you do not have enough disk space in your Local Update Repository to download a version update, the Repository Space Management dialog is displayed with the contents and disk space status of the repository (see Maintain a Host for instructions on how to free disk space). You can delete a version or version that you do not need to free enough disk space to download the version you want.  (See Troubleshooting 10.0 Pre-Update and Update Warnings, Conflicts, and Errors).

Note: You can only update to the latest minor release or a patch.

 2  Select the host, or hosts, that you want to update.
  • The NetWitness (NW) Server Host should be updated to the latest version in your deployment before you apply that version to any other host.
  • If you select multiple hosts for an update, the NW Server Host is updated first.
  • If a host is currently on a version that is not a valid update path, the Hosts view tells you to contact Customer Care for instructions on how to update the host to a valid path.

Note: If you have conflicts updating any of the non-NW Server hosts, the NW Server Host remains grayed out until other host conflicts are resolved.

 3  Select Update > Update Host to start the update process.
 4  Monitor the progress of the update in the Status column. During the update process, NetWitness:
  1. Downloads the update package for the selected version if that package does not exist in your Local Update Repository.
  2. If you select multiple hosts to update, displays In Queue for Update while it applies the version to each host.
  3. Displays Running Pre-Update Checks while it validates your current version configuration. 
  • Displays Update warning. View details if there is an issue in your existing configuration that does not prevent you from updating to the new version.
  • Displays Update conflict. View details if there is a conflict in your existing configuration that blocks you from updating to the new version. 

See Troubleshooting 11.x.x.x Pre-Update and Update Warnings, Conflicts, and Errors for instructions on how to resolve these configuration warnings and conflicts.

  1. Initiates the update if there are no conflicts.
  2. Applies each package for the selected update version.
  3. Monitors the update. If there is an error that blocks the update, NetWitness displays Update error. View details. See Troubleshooting 11.x.x.x Pre-Update and Update Warnings, Conflicts, and Errors for instructions on how to resolve these errors.
  4. Prompts you to Reboot Host after the host has been updated.
 5  Click Reboot Host.
  • When you are updating multiple hosts, after each host is updated and running, Up-to-Date is displayed.
  • If the host is updated, but all the services are not restarted after reboot, NetWitness displays the services in red. Services may take several minutes to come online. Contact Customer Care if the host does not come back online.

Version Naming Conventions

You must understand the update version naming convention to know which version you want to apply to the host. The naming convention is major-release.minor-release.service-pack.patch. For example, if you choose 11.6.1.2, you would be applying the following version to the host.

                     
Major ReleaseMinor ReleaseService PackPatch
11612

Deploy Multiple Versions

NetWitness Suite supports multiple versions in your deployment. The NetWitness (NW) Server Host is updated first and all other hosts must have the same or earlier version as the NW Server Host.

Note: The Hosts view ensures that the NW Server Host is updated first and that all other hosts have the same or earlier version as the NW Server Host.

In the following example of a multiple version deployment.

  • Version updates currently available in your Local Update Repository are 11.0.0.0 and 10.6.3.1 for the Broker, Log Collector/Log Decoder (LC/DC), and Log Decoder hosts.
  • The NW Server Host and all the other hosts are currently updated to 11.0.0.0.

This means that you have the option to update the Broker, LC/DC, and Log Decoder hosts to 11.0.0.0 or 10.6.3.1.

Update Hosts in Correct Sequence

When updating hosts to a new version, RSA recommends that you follow the guidelines described in this topic.

Basic Update Sequence

RSA strongly recommends that customers:

  • Update all hosts at the same time (during the same session).

Note:  If you stagger the update over multiple sessions:
           •  You will not lose data.
            •  You may not have all the features operational until you update your entire deployment.

  • Update hosts in a the following order:
  1. NetWitness Servers

Note: The NetWitness Server is the host the on which the NetWitness Server resides.

  1. Event Stream Analysis (ESA), Malware
  2. Decoders
  3. Concentrators
  4. Archivers
  5. Brokers
  • Avoid mixed-modes (for example, one host at 10.5.x.x.x, another host at 10.6.x.x.x, and another host 11.0.x.x.x in the same NetWitness Suite deployment).   

Caution: If you deploy multiple NetWitness Servers, you must determine which host is the Primary NetWitness Server and which hosts are the Secondary NetWitness Servers.

Update NetWitness Suite in a Multiple NetWitness Server Environment

The following section describes how to update a Multiple NetWitness Server deployment.

Primary NetWitness Server

After you apply updates to a NetWitness Server, that NetWitness Server becomes the Primary NetWitness Server for your deployment. All other NetWitness Servers are the secondary NetWitness Servers.  The Primary NetWitness Server has all the NetWitness Server functionally including:

  1. Fully functional Hosts view including the Update Version column.
  2. Access to Health & Wellness views.
  3. Full use of the trusted connections feature.

Secondary NetWitness Server

A Secondary NetWitness Server has the following limitations:

  1. The Update Version and Status columns on the Hosts view are valid for the Primary NetWitness Server exclusively. They reflects the wrong status for a Secondary NetWitness Server so you must not interact with them.
  2. You cannot use the Health & Wellness views.
  3. You cannot use the trusted connections feature.

Scenario 1. Full Update, Update Order (Strongly Recommended)

Customer v11.x.x.x deployment – 1 NetWitness Server, 2 Decoders, 2 Concentrators, 1 Archiver, 1 Broker, 1 ESA, 1 Malware Analysis

  1. Update the NetWitness Server.
  2. Update ESA and Malware Analysis.
  3. Update 2 Decoders.
  4. Update 2 Concentrators and Archiver.
  5. Update 1 Broker.

Scenario 2. Partial Update

Customer v11.x.x.x deployment – 1 NetWitness Server, 2 Decoders, 2 Concentrators, 1 Broker, 1 ESA, 1 Malware Analysis

  1. Update the NetWitness Server.
  2. Update ESA and Malware Analysis.
  3. Update 1 Decoder and 1 Concentrator.
    Time elapses during which NetWitness Suite processes a significant amount of data.
  4. Update 1 Decoder, 1 Concentrator, and 1 Broker.

Scenario 3. Regional Update with Multiple Brokers

Customer v11.x.x.x deployment – 4 Decoders, 4 Concentrators, 2 Brokers, 1 NetWitness Server, 1 ESA, 1 Malware Analysis (2 sites, each with 2 Decoders, 2 Concentrators, and 1 Broker)

First Update Session at Site 1

  1. Update the NetWitness Server.
  2. Update ESA and Malware Analysis.
  3. Update 2 Decoders, 2 Concentrators, and 1 Broker at site 1.

Second Update Session at Site 2

Update 2 Decoders, 2 Concentrators, and 1 Broker at site 2.

Scenario 4. Regional Update with Multiple NetWitness Servers

Customer v11.x.x.x deployment – 2 NetWitness Servers, 4 Decoders, 4 Concentrators, 2 Brokers, 1 ESA, 1 Malware Analysis (2 sites, each with 1 NetWitness Server, 2 Decoders, 2 Concentrators, and 1 Broker)

First Update Session at Site 1

  1. Update the Primary NetWitness Server.
  2. Update ESA and Malware Analysis.
  3. Update 2 Decoders, 2 Concentrators, and 1 Broker at site 1.

Second Update Session at Site 2

  1. Update the Secondary NetWitness Server.
  2. Update 2 Decoders, 2 Concentrators, and 1 Broker at site 2.
You are here
Table of Contents > Apply Version Update to a Host

Attachments

    Outcomes