Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
ASWINSASIDHARAN
Occasional Contributor
Occasional Contributor

Upgrading from 8.1 SP1 to 8.3

Hi All,

We have a total of 3 appliances. Primary, Secondary and DR.

1) What should be the upgrade path, all the way from 8.1 to 8.3 on primary and then others OR step by step upgrade of primary and replicas to intermediate upgrades?

2) If there will be any downtime at any point in the upgrade? When the primary is upgrading, can the other two appliances authenticate the users?

3) While upgrading the Primary, at what stage will it be important to promote the replica to the primary?

Labels (1)
2 Replies
SGTech
Respected Contributor
Respected Contributor

Hi Aswin,

 

See my answers below:

We have a total of 3 appliances. Primary, Secondary and DR.

is your DR independent or attached as replica?

1) What should be the upgrade path, all the way from 8.1 to 8.3 on primary and then others OR step by step upgrade of primary and replicas to intermediate upgrades?

8.1--> 8.1Sp1--> 8.2-->8.2 SP1-->8.3--> 8.3 P05.

start upgrade on primary first and once finish apply 8.1SP1 on primary go to replica and patch it to same then comeback to primary apply 8.2 and go to replica to apply 8.2 follow this strictly until you apply latest patch.

2) If there will be any downtime at any point in the upgrade? When the primary is upgrading, can the other two appliances authenticate the users?

Since you have HA setup there is no downtime for authentication.

3) While upgrading the Primary, at what stage will it be important to promote the replica to the primary?

Do you have any specific requirement to promote your replica as primary, other wise upgrade process will not required any promotion.  Replication will break up automatically and attach also auto after all primary and replicas in same version / patch level.

 

hope this helps

 

thanks

M.Tech Products Pte ltd [Rajesh Gogineni]

IvanBatovic
Occasional Contributor Occasional Contributor
Occasional Contributor

Hi Aswin, 

 

Rajesh is correct as the replica(s) will handle user authentications if the agents and clients that are implemented know of the replica instances. A promotion is not recommended during upgrades and is only used in a situation that a primary has gone offline and it cannot be recovered. 


Please find the instructions below to upgrade to the latest RSA Authentication Manager patch release which provides product enhancements and addresses security concerns. 
 

NOTE: All the authentication manager instances in the 8.1 deployment must be running at least 8.1 Service Pack 1 software before applying the 8.2 software update. A log file called update-8.2.0.0.0-build1386271-yyyymmddhhss.log (e.g. update-8.2.0.0.0-build1386271-20160712104807.log) is created when applying the authentication manager 8.2 software update to an authentication manager instance and is located in the /opt/rsa/am/server/logs folder.

Overview of Steps – 8.1 > 8.1 SP1 > 8.2 > 8.2 SP1 > 8.3 > 8.3 Patch 5

NOTE:
The primary must be upgraded first followed by the replica instance(s) as we do not support the replica being at a higher patch level. The replica instance should handle user authentications while the primary is being upgraded and vice versa.   

 

1.

Use the Operations Console of authentication manager 8.1 primary instance to ensure you have a recent a backup of production data.

In the Operations Console > Maintenance > Backup and Restore > Back Up Now

2.

Check Replication Status on the primary instance.

In the Operations Console, click Deployment Configuration > Instances > Status Report.

3.

Apply the authentication manager 8.1 SP1 software update (rsa-am-update-8.1.1.0.0) on the primary instance.

 

In the Operations Console > Maintenance > Update & Rollback

4.

Apply the authentication manager 8.1 SP1 software update (rsa-am-update-8.1.1.0.0) on the replica instance.

 

In the Operations Console > Maintenance > Update & Rollback

NOTE:
Repeat step 4 on all other replica instances

5.

Use the Operations Console of authentication manager 8.1 SP1 primary instance to ensure you have a recent a backup of production data.

In the Operations Console > Maintenance > Backup and Restore > Back Up Now

6.

Apply the authentication manager 8.2 software update (am-update-8.2.0.0.0.iso) on the primary instance.

 

In the Operations Console > Maintenance > Update & Rollback

7.

Apply the authentication manager 8.2 software update (am-update-8.2.0.0.0.iso) on the replica instance.

 

In the Operations Console > Maintenance > Update & Rollback

NOTE:
Repeat step 7 on all other replica instances

       8.

Use the Operations Console of authentication manager 8.2 primary instance to ensure you have a recent a backup of production data.

In the Operations Console > Maintenance > Backup and Restore > Back Up Now

       9.

After applying the RSA Authentication Manager 8.2 software update to the authentication manager instances in the deployment an administrator will need to update the internal certificate to use SHA256 certificates. This process of updating the internal certificates is provided in the RSA Authentication Manager 8.2 Administrator's Guide, starting from page 153 (Chapter 7: Administering RSA Authentication Manager).

You can enable the strict TLS 1.2 mode in version 8.2. To do so, perform the following procedure on the primary instance and each replica instance. Updating the primary instance automatically updates the web tier, but restarting the web tier is required for the changes to take effect.

Procedure

1. Log on to the appliance with the User ID rsaadmin and the current operating system password:

On a hardware appliance, log on to the appliance using an SSH client.

On a virtual appliance, log on to the appliance using an SSH client, the VMware vSphere client, the Hyper-V Virtual Machine Manager Console, or the Hyper-V Manager.

2. Change directories to /opt/rsa/am/utils.

 

3. Run the command. To restart all of your RSA Authentication Manager services later, you must remove restart from the following commands:

To enable strict TLS 1.2 mode, type:

./rsautil store -a enable_min_protocol_tlsv1_2 true restart

4. (Optional) If you decided to manually restart all of your RSA Authentication Manager services, do the following:

a. Change directories to /opt/rsa/am/server.

b. Type: ./rsaserv restart all


5. Repeat the steps for each Authentication Manager instance in your deployment.

10.

Apply the authentication manager 8.2 SP1 software update (am-update-8.2.1.0.0.iso) on the primary instance.

 

In the Operations Console > Maintenance > Update & Rollback

11.

Apply the authentication manager 8.2 SP1 software update (am-update-8.2.1.0.0.iso) on the replica instance.

 

In the Operations Console > Maintenance > Update & Rollback

NOTE:
Repeat step 11 on all other replica instances

       12.

Use the Operations Console of authentication manager 8.2 SP1 primary instance to ensure you have a recent a backup of production data.

In the Operations Console > Maintenance > Backup and Restore > Back Up Now

13.

Apply the authentication manager 8.3 software update (am-update-8.3.0.0.0) on the primary instance.

 

In the Operations Console > Maintenance > Update & Rollback

 

14.

Apply the authentication manager 8.3 software update (am-update-8.3.0.0.0) on the replica instance.

 

In the Operations Console > Maintenance > Update & Rollback

NOTE:
Repeat step 14 on all other replica instances

15.

Check Replication Status on the primary instance.

In the Operations Console, click Deployment Configuration > Instances > Status Report.

16.

Use the Operations Console of authentication manager 8.3 primary instance to ensure you have a recent a backup of production data.

In the Operations Console > Maintenance > Backup and Restore > Back Up Now

17.

Apply the authentication manager 8.3 Patch 5 software update (am-update-8.3.0.5.0) on the primary instance.

 

In the Operations Console > Maintenance > Update & Rollback

18.

Apply the authentication manager 8.3 Patch 5 software update (am-update-8.3.0.5.0) on the replica instance.

 

In the Operations Console > Maintenance > Update & Rollback

NOTE:
Repeat step 18 on all other replica instances

19.

Check Replication Status on the primary instance.

In the Operations Console, click Deployment Configuration > Instances > Status Report.

20.

Use the Operations Console of authentication manager 8.3 Patch 5 primary instance to ensure you have a recent a backup of production data.

In the Operations Console > Maintenance > Backup and Restore > Back Up Now

 

RSA Authentication Manager full installers

RSA Authentication Manager 8.1 SP1 (rsa-am-update-8.1.1.0.0) - https://community.rsa.com/docs/DOC-43327
RSA Authentication Manager 8.2 (am-update-8.2.0.0.0.iso) -
https://community.rsa.com/docs/DOC-65190
RSA Authentication Manager 8.2 SP1 (am-update-8.2.1.0.0.iso) - https://community.rsa.com/docs/DOC-75995
RSA Authentication Manager 8.3 (am-update-8.3.0.0.0) - https://community.rsa.com/docs/DOC-85532
RSA Authentication Manager 8.3 Patch 5 (am-update-8.3.0.5.0) - https://community.rsa.com/docs/DOC-99889

Ivan