Upgrade the Deep Security Manager AMI

Before upgrading, verify that:

  • Deep Security stores its data in an external database (embedded databases cannot be upgraded).
  • You have a recent backup of the database (see Backing Up and Restoring Amazon RDS DB Instances). In the event of a catastrophic failure during the upgrade, there may be no way to recover without a backup.
  • Deep Security Manager instances are behind an Elastic Load Balancer (ELB) or are using elastic IPs.
  1. Stop all Deep Security Manager instances: right-click the instance on the AWS console and select Instance State > Stop.
  2. Deploy a new instance of Deep Security Manager using the latest version from the AWS Marketplace.
  3. When the instance is running, go to https://ip:8080, enter the Instance ID, and click Sign In.
  4. On the License Agreement tab, read and accept the terms of the license agreement and click Next.
  5. On the Database tab, enter the configuration parameters of your existing Deep Security database and click Next.
  6. On the Previous Version Check tab, click Upgrade and click Next.
  7. On the Address and Ports tab, enter the hostname or IP address of the computer where Deep Security Manager is being installed and click Next.

    The Manager Address must be either a resolvable hostname, a fully qualified domain name, or an IP address. If DNS is not available in your environment or if some computers are unable to use DNS, a fixed IP address should be used instead of a hostname. You can also change the default port numbers.

  8. On the Credentials tab, click Next.

    The existing credentials will stay the same.

  9. On the Review Settings tab, review the installation settings to ensure that they are correct and then click Install.

    The Deep Security Status page will show that the Deep Security Manager is being installed.

  10. If you are using an ELB, add the new Deep Security Manager instance to the ELB list. Also add any relays to the list.
  11. Log in to Deep Security Manager and delete the computer records for any old Deep Security Manager installations by clicking the Computers tab, selecting the record, and clicking Delete on the toolbar.
  12. Delete old manager nodes by going to the Administration tab in Deep Security Manager, selecting Manager Nodes in the left-hand navigation menu, opening the Properties dialog for each old manager node (Status: "Offline (Upgrade Required)"), and clicking Decommission.
  13. Double click on the newly added Deep Security Manager Computer Object and ensure it is Activated and has the correct policy assigned.
  14. Delete your old Deep Security Manager instances by right-clicking on the instance from the AWS console and choosing Instance State > Terminate.

Please contact aws.marketplace@trendmicro.com if you have any questions or encounter any issues.