This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA NetWitness® Platform Discussions

Discussions about the RSA NetWitness Platform.
DavidWaugh2
Beginner
Beginner
‎2018-01-11 04:40 AM

When will the Netwitness 10.6.X branch go end of support? Any Netwitness 11 Upgrade Experiences?

Jump to solution

Good Morning

 

In order to plan our netwitness 11 upgrade I would like to know when the Netwitness 10.6.X branch goes end of support / end of life.

 

I'd also be interested in your experiences if you have upgraded from 10.6.X to Netwitness 11.

 

We have some custom puppet scripts that we will lose, but have customers experiences been positive?

0 Likes
Reply
1 Solution

Accepted Solutions
MarinosRoussos1
Beginner
Beginner
‎2018-01-15 10:54 AM

Jump to solution

Assuming that you've seen some demo and you are convinced that you need to upgrade.

 

This is my personal summary of how and what I see the upgrade would involve from an admin perspective.

 

High level:

-10.6.x -> v11 involves about 250-300 pages worth of upgrade materials which have to be read, deciphered and potentially raise a few cases for clarifications.

 

-Familiarize yourself with the new technologies and CentOS 7 not covered in the release notes.  (Similarly to when Puppet & rabbitmq-server had to be kept a secret from customers when it was a critical component and the only thing failing in 10.4) 

 

-Test and retest the backup (& restore) scripts. I've had problems with the official but apparently the unofficial has been active and seems to work. I'm not suggesting to rely on the unofficial one as RSA won't Support you, just work with them if you have issues with their script.

 

-Dedicate about a day per host that you wish to upgrade after tested and rehearsed the upgrade for both physical and virtual systems. There are a lot of steps (80 pages to go through for each host) so it's very easy to miss, skip or even misread some of the steps.

 

Post upgrade:

-All patches in v11 up to 11.0.0.2 are manual and from CLI. So this takes us back to 10.3 era in terms of automation and user effort needed. More time needs to be allocated per host than 10.6 or earlier.

 

In my opinion, you have to have some very good reasons and gains from the new features to consider upgrading, so early anyway.

 

We almost have 2 more years until the time that we "have" to upgrade and many things could have changed by then. For example, now they use chef (secret), maybe in 11.2 they will use puppet again or who knows.

View solution in original post

Reply
5 Replies
MarinosRoussos1
Beginner
Beginner
‎2018-01-11 12:26 PM

Jump to solution

I can only answer your first question. Based on RSA, this is scheduled for Oct 2019 so that's nearly 2 years to go.

Product Version Life Cycle for RSA NetWitness Logs & Packets 

Reply
MarinosRoussos1
Beginner
Beginner
‎2018-01-15 10:54 AM

Jump to solution

Assuming that you've seen some demo and you are convinced that you need to upgrade.

 

This is my personal summary of how and what I see the upgrade would involve from an admin perspective.

 

High level:

-10.6.x -> v11 involves about 250-300 pages worth of upgrade materials which have to be read, deciphered and potentially raise a few cases for clarifications.

 

-Familiarize yourself with the new technologies and CentOS 7 not covered in the release notes.  (Similarly to when Puppet & rabbitmq-server had to be kept a secret from customers when it was a critical component and the only thing failing in 10.4) 

 

-Test and retest the backup (& restore) scripts. I've had problems with the official but apparently the unofficial has been active and seems to work. I'm not suggesting to rely on the unofficial one as RSA won't Support you, just work with them if you have issues with their script.

 

-Dedicate about a day per host that you wish to upgrade after tested and rehearsed the upgrade for both physical and virtual systems. There are a lot of steps (80 pages to go through for each host) so it's very easy to miss, skip or even misread some of the steps.

 

Post upgrade:

-All patches in v11 up to 11.0.0.2 are manual and from CLI. So this takes us back to 10.3 era in terms of automation and user effort needed. More time needs to be allocated per host than 10.6 or earlier.

 

In my opinion, you have to have some very good reasons and gains from the new features to consider upgrading, so early anyway.

 

We almost have 2 more years until the time that we "have" to upgrade and many things could have changed by then. For example, now they use chef (secret), maybe in 11.2 they will use puppet again or who knows.

View solution in original post

Reply
DavidWaugh2
Beginner
Beginner
‎2018-07-26 09:39 AM

Jump to solution

Hi I would just like to revive this thread.

 

  1. Have you successfully upgraded to 11.X from 10.6?
  2. Did you manage to do this without RSA Professional Services?
  3. How long did it take you?
  4. What did you do about the data on your old 10.6 systems - was this accessible through your New 11 interface?
  5. What are you doing about the Series 4 Appliances going end of life in June 2018?

 

We are working out what to do locally here and picking up the experience of others would be greatly appreciated.

Thanks

David

0 Likes
Reply
MarinosRoussos1
Beginner
Beginner
In response to DavidWaugh2
‎2018-07-30 06:37 AM

Jump to solution

I haven't upgraded yet and based on a few things I decided to delay the upgrade for as long as it's possible. My rough target version is 11.3 depending on how things go:

 

About 1.5 year ago 10.6.4 was supposed to be the last major version for 10.6. Now we are waiting for 10.6.6 and there is still plenty of time left so it certainly doesn't look like 10.6 is nowhere near dead.

 

-Lack of responses from customers about experiences could indicate that not many have upgraded.

 

-No proactive benchmarks comparison tables of  the two on Series 4s and 5 appliances, or figures to show if v11 is faster and on which areas. Or ad-hoc responses when someone asks.

 

-Lack of backup/restore software.

Since there is no liability/accountability when something goes wrong (see situations with some Hybrids on raid 0 with only 1 disk in the raid, the customer will have to live with the risk or re-image and fix it -RSA whistling) I would rather manage the risk myself and with my team.

 

-Various posts that show problems that don't exist in 10.6. ie dashboards, SSL decryption not working fully yet.

See Philip's experience on https://community.rsa.com/community/products/netwitness/blog/2018/07/20/11-reason-to-love-rsa-netwit... 

 

-Jay's response about potentially improving the upgrade experience in the future (however no details about version numbers) NW 11 upgrade with no Web access. This obviously does not guarantee anything but shows that something could be different in the future and perhaps easier.

 

-v11 has some nice features but missing a lot more (some of these new features could surely be improved to be more useful). The RFE process is currently non-existent so again, I would wait for as long as possible as I don't want to be stuck in a version with missing basic features (like shorting columns etc).

 

By the way, Series 4 and 4S reach their EOPS in June 2019 not 18 Product Version Life Cycle for RSA NetWitness Logs & Network  

Reply
DavidWaugh2
Beginner
Beginner
In response to MarinosRoussos1
‎2018-08-06 03:23 AM

Jump to solution

Thanks Marinos for the reply. One of the things we are mulling over is just refreshing the hardware and then running 10.6 for as long as possible. 

0 Likes
Reply
© 2020 RSA Security LLC or its affiliates.
All rights reserved.