Automatically upgrade agents on activation

If your environment includes Deep Security Agents installed on Linux computers, you can choose to automatically upgrade those agents to the latest software version that's available from Administration > Updates > Software > Local when the agent is activated or reactivated.

This feature is currently available only on Linux computers. Support for Windows and Unix is planned for a future release.

Ideally, if you Bake the agent into your AMI or WorkSpace bundle and then want to use a newer agent, you should update the bundle to include the new agent. However, if that's not possible, you can use the Automatically upgrade agents on activation setting so when the agent in the AMI or bundle activates itself, Deep Security Manager can automatically upgrade the agent to the latest version.

Any AWS instances that were added to Deep Security without using a cloud connector will be "rehomed" into a cloud connector after the upgrade. This means they will appear under the appropriate AWS account name on the Computers page, organized in a hierarchy that includes the AWS Region, VPC, and subnet.

This feature works with these operating systems:

  • Red Hat Enterprise Linux
  • Ubuntu
  • CentOS
  • Debian
  • Amazon Linux
  • Oracle Linux
  • SUSE Linux Enterprise Server
  • Cloud Linux

This feature is currently not supported on computers where Deep Security Virtual Appliance is installed.

Enable automatic agent upgrade

  1. Make sure the latest agent software and kernel support packages are available in Deep Security Manager. You can configure Deep Security Manager to automatically download software updates, or import them manually. For details, see Get Deep Security Agent software.
  2. Go to Administration > System Settings > Agents.
  3. Under Agent Upgrade, select Automatically upgrade agents on activation.
  4. Click Save.

Check that agents were upgraded successfully

The Version column on the Computers page displays the installed Deep Security Agent version for each computer.

In addition, when an automatic agent upgrade is triggered, System events are generated that you can use to track the status of the upgrade. You can check for these system events:

ID Event Description
264 Agent software Upgrade Requested An agent software upgrade has been triggered, either manually or by an automatic agent upgrade.
277 Auto Agent Software Upgrade Skipped

The agent was eligible for an automatic upgrade, but the upgrade did not occur.
The event details list the existing agent version and the attempted upgrade version, along with the reason the upgrade failed. The reasons can be:

  • The agent was not upgraded automatically because the upgrade requires an agent reboot. You can manually upgrade the agent and reboot the system. See Manually install the Deep Security Agent.
  • The agent was not upgraded automatically because a required Linux kernel support file was not found. Deep Security Manager usually downloads required Linux kernel support packages automatically, but you can also download and import packages to Deep Security Manager manually and then upgrade the agent. See Get Deep Security Agent software.
  • The agent was not upgraded automatically because the auto-upgrade feature does not support the currently installed OS. You may be able to upgrade the agent manually. See Manually install the Deep Security Agent.
706 Software Update: Agent Software Upgraded The upgrade was successful.
707 Software Update: Agent Software Upgrade Failed The upgrade was not successful. Refer to the event details for more information about why it was not successful.