Certainly updating one Primary and several Replicas, from version 8.1 to AM 8.4 is a good, supported path to take, which requires each service pack or minor version to be applied one at a time, primary first, replicas after (also one at a time), so depending on the number of replicas this could take a while.
A variation on this plan might be to only update the primary and 1 replica in this way, to speed things up but still retain some redundancy, then attach new hardware to the updated Primary, followed by promotion of the new hardware primary.
Another variation on the same theme for faster with less redundancy would be to only update the primary.
A different approach, which would depend on the number of agents, RADIUS clients, RADIUS profiles and User/Token policies you have configured would be to simply deploy a new hardware Primary at AM 8.4 plus patch then configure any external LDAP Identity Sources, then export users and tokens from AM 8.1 primary and import them into the new hardware 8.4 Primary, and recreate agents and RADIUS configuration. Attach new replicas as needed. This is a very good way to test 8.4, possibly much faster, drawback is reporting information from old AM 8.1 remains in AM 8.1 primary so might need to be archived.
