RSA Authentication Manager UpdatesRSA Authentication Manager Updates

RSA issues product updates periodically for RSA Authentication Manager in the form of patches and service packs. RSA recommends applying product updates as they become available to ensure that the deployment is secure and efficient. For each product update, RSA provides release notes that contain important information about applying the update. To avoid problems, you should read all of the information in the release notes before you apply the update.

You download product updates from RSA Link. Updates are provided in the form of an ISO image. RSA recommends that you do not burn the ISO image to a physical DVD or CD. Instead, save the ISO image in a directory that is accessible to the deployment.

You use the Operations Console to apply product updates on each primary and replica instance.

Note: Apply updates to embedded third-party products only as part of RSA-delivered updates. For example, RSA provides the required updates to the virtual appliance and hardware appliance operating system.

Do the following:

• Specify a Product Update Location
• Scan for Product Updates
• Apply Product Updates
• Update the Web-Tier

If necessary, you can Roll Back a Product Update.

Specify a Product Update LocationSpecify a Product Update Location

To allow RSA Authentication Manager to locate product updates, you must specify the location where updates are stored. Updates can be applied through your local browser, or you can store updates in an NFS share, Windows shared folder, a DVD/CD, or an ISO image on your client machine.

You only need to specify the update location once. You can change the location that was previously specified.

Note: If you are using a Windows share, RSA Authentication Manager 8.4 and later requires the SMBv2 or SMBv3 protocol. SMBv1 is no longer supported.

Before you begin

• Download the updates available on RSA Link to a location that is accessible to the primary or replica instance.

• If you intend to scan for updates on an RSA-supplied DVD or CD, do the following:

  • On a hardware appliance, use the DVD/CD drive or mount an ISO image.

  • On a virtual appliance, you must configure the virtual appliance to mount a DVD/CD or an ISO image. For information, see Hyper-V DVD/CD or ISO Image Mounting Guidelines or VMware DVD/CD or ISO Image Mounting Guidelines.

Procedure

1. In the Operations Console, click Maintenance > Update & Rollback.

2. On the Update & Rollback page, the default update source is your local browser. To change that setting, click Configure Update Source.

3. On the Configure Update Sources page, specify a location for updates.

   • If you want to upload an update from your local machine, select Use your web browser to upload an update. You do not need to scan for updates.

   • If you want to scan for updates on an NFS share, select Use NFS share as the update source. Enter the full path, including the IP address or hostname where updates are stored. For example, 192.168.1.2:/updates

   • If you want to scan for updates on a Windows shared folder, select Use Windows Share as the update source.

     • In the Windows Share Path field, enter the full path including the IP address or hostname where updates are stored. For example, \\192.168.1.2\updates

     • (Optional) In the Windows Username field, enter a username.

     • (Optional) In the Windows Password field, enter a password only if it is required by your Windows share configuration.

   • To scan for updates on an RSA-supplied DVD or CD, select UseDVD/CD as the update source.

4. To test the NFS or Windows share directory settings, click Test Connection. A message indicates whether the configured shared directory is available to the primary or replica instance.

5. Click Save.

Scan for Product UpdatesScan for Product Updates

If you have configured an NFS share, a Windows shared directory, or a DVD/CD as an update location, then you can scan for product updates. If you want to apply an update through your local web browser, then you do not need to scan for updates.

Before you apply an update to an instance, you can review a list of available updates and a list of the updates that were applied. After you apply an update, Authentication Manager removes the update from the Available Updates section and moves it to the Update History section.

After you scan for updates, the new list displays for 24 hours. Logging out of the Operations Console does not remove the list from the system cache. If you restart the Operations Console, download additional updates, or change the product update locations, you must perform another scan to see the most current list.

Note: If you are using a Windows share, RSA Authentication Manager 8.4 and later requires the SMBv2 or SMBv3 protocol. SMBv1 is no longer supported.

Procedure

1. In the Operations Console, click Maintenance > Update & Rollback.

2. Click Scan for Updates. The system displays the progress of the scan on the Basic Status View tab. Detailed information displays on the Advanced Status View tab.

3. Click Done to return to the Update & Rollback page.

   The Available Updates section displays the following information for each update:

   • Version. The version of the update. To see the current Authentication Manager version, see the top of the Update and Rollback page.

   • Reversible. Indicates whether you can roll back (undo) the update.

   • Automatic Appliance Reboot. Indicates whether Authentication Manager automatically restarts the appliance to apply the update. If the appliance restarts, you must perform another scan to see a current list of updates.

   • Automatic Operations Console Reboot. Indicates whether Authentication Manager automatically restarts the Operations Console to apply the update. If the Operations Console restarts, you must perform another scan to see a current list of updates.

   • Action. States whether the update is available to apply. Lists the minimum system requirement for the update.

4. In the Applied Updates section, click Download Detailed History Log for a complete update history.

   The Applied Updates section displays the updates applied to the instance. This section includes the update version numbers, the time and date that each update was applied, and who applied the update.

Apply Product UpdatesApply Product Updates

You must apply updates to the primary instance before you apply updates to the replica instances.

Before you begin

• Download the updates available on RSA Link to a location that is accessible to the primary or replica instance.

• Specify a Product Update Location

• If you have configured an NFS share, a Windows shared directory, or a DVD/CD as an update location, Scan for Product Updates.

Procedure

1. In the Operations Console, click Maintenance > Update & Rollback.

2. RSA recommends applying the most recent update.

   If you want to apply an update through your local web browser, do the following:

   1. Click Upload & Apply. Because browser uploads require additional processing, the Upload & Apply window may open slowly.

   2. Click Choose File to navigate to the location of the update. You cannot type the update location in the Update Path field.

   3. Click Upload.

   4. Verify the update details, and click Apply.

   If you have configured an NFS share, a Windows shared directory, or a DVD/CD as an update location, do the following:

   1. Click Scan for Updates. Available Updates displays all of the updates that can be applied.

   2. Next to the update that you want to apply, click Apply Update.

   3. Click Confirm to apply the update.

3. If prompted, enter the password for the operating system user rsaadmin, and click Apply.

4. (Optional) The basic status messages are displayed while the update is being applied. You can click the Advanced Status View tab to display detailed log messages.

5. If the update requires the system to restart the Operations Console or the appliance after the update is applied, the Operations Console or appliance automatically restarts. When the restart is complete, click Done.

6. The update is listed in the Applied Updates section. To save the high-level update history, click Download Detailed History Log.

After you finish

• If the deployment includes a web tier, you might need to Update the Web-Tier.

• You can download a detailed log file containing the information that was displayed on the Advanced Status View tab. The file is named update-version-timestamp.log, where version is the update version number and timestamp is the time that the update completed. For instructions, see Download Troubleshooting Files.

Update the Web-Tier Update the Web-Tier

You must update the web tier when you make any changes such as updating your version of Authentication Manager and customizing the web-tier pages. Authentication Manager displays an update button in the Operations Console for each web tier that is not up-to-date. If you have multiple web tiers to update, update one web tier at a time. Each update may take up to 20 minutes to complete.

Procedure

1. In the Operations Console, click Deployment Configuration > Web-Tier Deployments > Manage Existing.

2. On the Web Tiers page, in the Status column, click Update for the web tier thatyou want to update.

   When the update is complete,which may take up to 20 minutes, the Status column for the updated web tier displays Online.

Roll Back a Product UpdateRoll Back a Product Update

After you have applied an update, you might need to roll back (remove) the update. For example, RSA Customer Support might suggest that you remove an update. If the last update that was applied is reversible, you can roll it back.

You must roll back updates to your replica instances before you roll back the primary instance.

Note: Certain component updates and configuration changes related to the operating system, RADIUS, AppServer, Java, or the internal database cannot be automatically reversed by rolling back a patch.

Procedure

1. In the Operations Console, click Maintenance > Update & Rollback.

   Under Applied Updates, a list of updates displays with the following information:

   • Version. The version of the update. To see the current version of the RSA Authentication Manager instance, refer to the top of the Update & Rollback page.

   • Updated on. When the update was applied. If a log file is available, you can click Download log to save and read information about the update process.

   • Updated by. The user who applied the update.

   • Action. Displays the Roll Back button or the message “Cannot be rolled back.”

2. To roll back the last update that was applied, click Roll Back. Only a reversible update can be rolled back.

   Do one of the following:

   • If the rollback requires the system to restart the Operations Console, you are redirected to the Operations Console Restart page to confirm that you still want to roll back the update.

   • If the rollback does not require the system to restart the Operations Console, you are redirected to the Progress Monitor. Use the Progress Monitor to track the rollback status. When the appliance completes the rollback process, the Progress Monitor displays a completed message. View the rollback log for details. If the appliance cannot roll back the update, the Progress Monitor displays an error message.

After you finish

• If the deployment includes a web tier, you might need to Update the Web-Tier.

• You can download a detailed log file named rollback-version-timestamp.log, where version is the update version number and timestamp is the time that the update was rolled back. For instructions, see Download Troubleshooting Files.