Upgrade Deep Security Manager VM for Azure Marketplace

To determine which version of Deep Security Manager you have, go to Support > About. The version number of the currently available version is listed on the description page for the Deep Security Manager in Azure Marketplace. Compare these two numbers to determine if you need to upgrade.

Each node must have the same version of Deep Security Manager VM for Azure Marketplace. If you are planning on adding a new node, the version of the new node must match the version used by the existing nodes. This might mean that you have to upgrade the version on the existing nodes to make sure they match the new node.

Will my virtual machines still be protected during the upgrade?

Your virtual machines will still continue to be protected throughout the entire upgrade process. There will be a brief outage for the Deep Security Manager nodes when they are upgraded but all existing Deep Security Agents will continue to function normally during this period. New agents cannot be activated until the Deep Security Manager services have been restored.

Before you begin

Before you upgrade to the latest version of Deep Security Manager VM for Azure Marketplace, ensure that you have the following information about your current version:

  • Resource group name
  • Database credentials: hostname, name, admin name, and admin password
  • License type: You can view this by going to Administration > Licenses in the Deep Security Manager console.

Upgrade to the latest version

  1. Log in to your Azure portal, go to the resource group that contains your Deep Security Manager, click the Deep Security virtual machine and click Stop.
  2. Go back to the resource group that contains your Deep Security Manager, click the value in Public IP address, click Dissociate, and then click Delete.

    3. This step ensure that the DNS name will stay the same after the upgrade and this is recommended to ensure that the agents keep functioning properly.

  3. Click the Marketplace blade in the Azure portal, click the Security + Identity blade, and then search for Deep Security Manager.

  4. Click the version of Deep Security you want to use from the search results and click Create.

    License types cannot be mixed so make sure you select the same license type that you are currently using.

  5. Follow the steps of the Create Deep Security Manager journey to create a Deep Security virtual machine.
    1. Specify the name of the Deep Security Manager VM and configure other general settings on the Basics blade and then click OK.
      • The credentials you specify in this blade are what you will use to log on to the Deep Security Manager virtual machine.
      • Depending on the type of authentication you select, you have to enter a strong password or an SSH public key.

      • Enter a name into Resource Group to create a new resource group or click Select existing to use an empty resource group that you are using for your current version.

        Azure does not allow VMs to be deployed into existing resource groups if it contains other resources. Either a new resource group must be created or the existing resource group must be empty.

      • Select an Azure region from the Location list. Make sure you select the same location when setting up multiple nodes.
    2. Select a virtual machine size, configure the Deep Security Manager URL and ports on the Deep Security Manager VM blade, and then click OK.
      • Enter the DNS name you dissociated in step 2 in Deep Security Manager URL and the port for logging into Deep Security Manager.
    3. Click Use Existing on the Database Settings blade and enter the credentials you recorded in the Before you begin section above and then click OK.

    4. Enter the name of the administrator account you currently use to sign in to Deep Security Manager on the Deep Security Credentials blade and enter and confirm the password for that account and click OK.

      You have to provide the current credentials for the Deep Security Manager here and log into the new Deep Security Manager with these original credentials. Any new credentials will be ignored.

    5. Click the arrows to review the settings for the new virtual network and the subnet for the Deep Security Manager VM on the Network Settings blade and click OK twice.
    6. Review the information on the Summary blade and click OK when Validation passed appears at the top of the summary to finish creating the virtual machine.
    7. Click Terms of use, privacy policy, and Azure Marketplace Terms on the Buy blade to review them and then click Create.

    It will take several minutes before your new virtual machine is running.

  6. When installation has completed, open a browser and go to the following address: https://[DNS_name]:8443
    • The DNS name is the name you specified on the Deep Security Manager blade. You can view the DNS name for your Deep Security virtual machine by clicking the value in Public IP address/DNS name label in the Settings blade.
  7. Verify that the upgrade was successful by checking the version number Support > About in Deep Security Manager and confirming that the older Deep Security Manager node is now offline (Administration > Manager Nodes).
  8. After confirming that the upgrade was successful, remove the resources that belonged to the older node by purging them. These resources include the following:
    • Virtual machine
    • Network interface
    • Network security group
    • Virtual network