- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Upgrading from 8.1 SP1 to 8.3
Hi All,
We have a total of 3 appliances. Primary, Secondary and DR.
1) What should be the upgrade path, all the way from 8.1 to 8.3 on primary and then others OR step by step upgrade of primary and replicas to intermediate upgrades?
2) If there will be any downtime at any point in the upgrade? When the primary is upgrading, can the other two appliances authenticate the users?
3) While upgrading the Primary, at what stage will it be important to promote the replica to the primary?
- Tags:
- Agent
- Agents
- Auth Agent
- Authentication Agent
- Community Thread
- Discussion
- Forum Thread
- RSA SecurID
- RSA SecurID Access
- SecurID
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Aswin,
See my answers below:
We have a total of 3 appliances. Primary, Secondary and DR.
is your DR independent or attached as replica?
1) What should be the upgrade path, all the way from 8.1 to 8.3 on primary and then others OR step by step upgrade of primary and replicas to intermediate upgrades?
8.1--> 8.1Sp1--> 8.2-->8.2 SP1-->8.3--> 8.3 P05.
start upgrade on primary first and once finish apply 8.1SP1 on primary go to replica and patch it to same then comeback to primary apply 8.2 and go to replica to apply 8.2 follow this strictly until you apply latest patch.
2) If there will be any downtime at any point in the upgrade? When the primary is upgrading, can the other two appliances authenticate the users?
Since you have HA setup there is no downtime for authentication.
3) While upgrading the Primary, at what stage will it be important to promote the replica to the primary?
Do you have any specific requirement to promote your replica as primary, other wise upgrade process will not required any promotion. Replication will break up automatically and attach also auto after all primary and replicas in same version / patch level.
hope this helps
thanks
M.Tech Products Pte ltd [Rajesh Gogineni]
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Aswin,
Rajesh is correct as the replica(s) will handle user authentications if the agents and clients that are implemented know of the replica instances. A promotion is not recommended during upgrades and is only used in a situation that a primary has gone offline and it cannot be recovered.
Please find the instructions below to upgrade to the latest RSA Authentication Manager patch release which provides product enhancements and addresses security concerns.
NOTE: All the authentication manager instances in the 8.1 deployment must be running at least 8.1 Service Pack 1 software before applying the 8.2 software update. A log file called update-8.2.0.0.0-build1386271-yyyymmddhhss.log (e.g. update-8.2.0.0.0-build1386271-20160712104807.log) is created when applying the authentication manager 8.2 software update to an authentication manager instance and is located in the /opt/rsa/am/server/logs folder.
Overview of Steps ā 8.1 > 8.1 SP1 > 8.2 > 8.2 SP1 > 8.3 > 8.3 Patch 5
NOTE: The primary must be upgraded first followed by the replica instance(s) as we do not support the replica being at a higher patch level. The replica instance should handle user authentications while the primary is being upgraded and vice versa.
1. | Use the Operations Console of authentication manager 8.1 primary instance to ensure you have a recent a backup of production data. In the Operations Console > Maintenance > Backup and Restore > Back Up Now |
2. | Check Replication Status on the primary instance. |
3. | Apply the authentication manager 8.1 SP1 software update (rsa-am-update-8.1.1.0.0) on the primary instance.
In the Operations Console > Maintenance > Update & Rollback |
4. | Apply the authentication manager 8.1 SP1 software update (rsa-am-update-8.1.1.0.0) on the replica instance.
In the Operations Console > Maintenance > Update & Rollback |
5. | Use the Operations Console of authentication manager 8.1 SP1 primary instance to ensure you have a recent a backup of production data. In the Operations Console > Maintenance > Backup and Restore > Back Up Now |
6. | Apply the authentication manager 8.2 software update (am-update-8.2.0.0.0.iso) on the primary instance.
In the Operations Console > Maintenance > Update & Rollback |
7. | Apply the authentication manager 8.2 software update (am-update-8.2.0.0.0.iso) on the replica instance.
In the Operations Console > Maintenance > Update & Rollback |
8. | Use the Operations Console of authentication manager 8.2 primary instance to ensure you have a recent a backup of production data. |
9. | After applying the RSA Authentication Manager 8.2 software update to the authentication manager instances in the deployment an administrator will need to update the internal certificate to use SHA256 certificates. This process of updating the internal certificates is provided in the RSA Authentication Manager 8.2 Administrator's Guide, starting from page 153 (Chapter 7: Administering RSA Authentication Manager). 1. Log on to the appliance with the User ID rsaadmin and the current operating system password: ā¢ On a hardware appliance, log on to the appliance using an SSH client. ā¢ On a virtual appliance, log on to the appliance using an SSH client, the VMware vSphere client, the Hyper-V Virtual Machine Manager Console, or the Hyper-V Manager. 2. Change directories to /opt/rsa/am/utils.
3. Run the command. To restart all of your RSA Authentication Manager services later, you must remove restart from the following commands: ./rsautil store -a enable_min_protocol_tlsv1_2 true restart 4. (Optional) If you decided to manually restart all of your RSA Authentication Manager services, do the following: a. Change directories to /opt/rsa/am/server. b. Type: ./rsaserv restart all
|
10. | Apply the authentication manager 8.2 SP1 software update (am-update-8.2.1.0.0.iso) on the primary instance.
In the Operations Console > Maintenance > Update & Rollback |
11. | Apply the authentication manager 8.2 SP1 software update (am-update-8.2.1.0.0.iso) on the replica instance.
In the Operations Console > Maintenance > Update & Rollback |
12. | Use the Operations Console of authentication manager 8.2 SP1 primary instance to ensure you have a recent a backup of production data. |
13. | Apply the authentication manager 8.3 software update (am-update-8.3.0.0.0) on the primary instance.
In the Operations Console > Maintenance > Update & Rollback
|
14. | Apply the authentication manager 8.3 software update (am-update-8.3.0.0.0) on the replica instance.
In the Operations Console > Maintenance > Update & Rollback |
15. | Check Replication Status on the primary instance. |
16. | Use the Operations Console of authentication manager 8.3 primary instance to ensure you have a recent a backup of production data. |
17. | Apply the authentication manager 8.3 Patch 5 software update (am-update-8.3.0.5.0) on the primary instance.
In the Operations Console > Maintenance > Update & Rollback |
18. | Apply the authentication manager 8.3 Patch 5 software update (am-update-8.3.0.5.0) on the replica instance.
In the Operations Console > Maintenance > Update & Rollback |
19. | Check Replication Status on the primary instance. |
20. | Use the Operations Console of authentication manager 8.3 Patch 5 primary instance to ensure you have a recent a backup of production data. |
RSA Authentication Manager full installers
RSA Authentication Manager 8.1 SP1 (rsa-am-update-8.1.1.0.0) - https://community.rsa.com/docs/DOC-43327
RSA Authentication Manager 8.2 (am-update-8.2.0.0.0.iso) - https://community.rsa.com/docs/DOC-65190
RSA Authentication Manager 8.2 SP1 (am-update-8.2.1.0.0.iso) - https://community.rsa.com/docs/DOC-75995
RSA Authentication Manager 8.3 (am-update-8.3.0.0.0) - https://community.rsa.com/docs/DOC-85532
RSA Authentication Manager 8.3 Patch 5 (am-update-8.3.0.5.0) - https://community.rsa.com/docs/DOC-99889
Ivan
