Upgrade the Deep Security Manager AMI
Before upgrading, verify that:
- Deep Security stores its data in an external database (embedded databases cannot be upgraded).
- You have a recent backup of the database (see Backing Up and Restoring Amazon RDS DB Instances). In the event of a catastrophic failure during the upgrade, there may be no way to recover without a backup.
- Deep Security Manager instances are behind an Elastic Load Balancer (ELB) or are using elastic IPs.
There are two options for upgrading your Deep Security Manager AMI:
If you are using Deep Security Manager AMI version 11.0 or later and see A new version of Deep Security is available in a banner at the top of the Deep Security Manager console, click Upgrade Deep Security in the banner to begin the upgrade process. A confirmation message appears, providing information about the upgrade. Click Upgrade to confirm that you want to continue.
The upgrade time depends on the number of Deep Security nodes you are running. It will take approximately 5 minutes per node. If there is a problem with the upgrade, an error message will appear. If the upgrade is successful, you will be redirected to the login page and the upgrade banner will no longer appear.
- Stop all Deep Security Manager instances: right-click the instance on the AWS console and select Instance State > Stop.
- Deploy a new instance of Deep Security Manager using the latest version from the AWS Marketplace.
- When the instance is running, go to https://ip:8080, enter the Instance ID, and click Sign In.
- On the License Agreement tab, read and accept the terms of the license agreement and click Next.
- On the Database tab, enter the configuration parameters of your existing Deep Security database and click Next.
- On the Previous Version Check tab, click Upgrade and click Next.
On the Address and Ports tab, enter the hostname or IP address of the computer where Deep Security Manager is being installed and click Next.
The Manager Address must be either a resolvable hostname, a fully qualified domain name, or an IP address. If DNS is not available in your environment or if some computers are unable to use DNS, a fixed IP address should be used instead of a hostname. You can also change the default port numbers.
On the Credentials tab, click Next.
The existing credentials will stay the same.
On the Review Settings tab, review the installation settings to ensure that they are correct and then click Install.
The Deep Security Status page will show that the Deep Security Manager is being installed.
- If you are using an ELB, add the new Deep Security Manager instance to the ELB list. Also add any relays to the list.
- Log in to Deep Security Manager and delete the computer records for any old Deep Security Manager installations by clicking the Computers tab, selecting the record, and clicking Delete on the toolbar.
- Delete old manager nodes by going to the Administration tab in Deep Security Manager, selecting Manager Nodes in the left-hand navigation menu, opening the Properties dialog for each old manager node (Status: "Offline (Upgrade Required)"), and clicking Decommission.
- Double click on the newly added Deep Security Manager Computer Object and ensure it is Activated and has the correct policy assigned.
- Delete your old Deep Security Manager instances by right-clicking on the instance from the AWS console and choosing Instance State > Terminate.
Please contact firstname.lastname@example.org if you have any questions or encounter any issues.