Before upgrading the appliance
Before you upgrade the Deep Security Virtual Appliance, complete the tasks below.
Review system requirements and supported NSX versions
- Review this table to see which NSX licenses and versions are supported.
- Review these system requirements. Upgrade NSX, Deep Security Manager, and other required software and hardware, as needed.
Verify the vCenter and NSX account permissions
Make sure the existing vCenter and NSX accounts that you specified in Deep Security Manager during the previous appliance deployment have the correct permissions. For a list of the required permissions, see Add a VMware vCenter.
Re-register NSX-T
You may need to re-register NSX-T.
To check whether NSX-T needs to be re-registered:
- Go to NSX-T Manager and click System > Service Deployments > CATALOG.
- Make sure both Endpoint Protection Policy and Intrusion Detection and Prevention Systems are present, as shown in the image below. If not, it means a re-registration is required.
To re-register NSX-T:
- Uninstall Deep Security from your NSX environment. See Uninstall Deep Security from your NSX environment for details.
- Re-register NSX in the manager. See Add a VMware vCenter.
Import the new appliance ZIP into the manager
You must import the new appliance ZIP into the manager.
As an alternative to importing the appliance ZIP, you can place the OVF file at a URL location to make it faster for NSX to download. For details, see Configure the appliance OVF location.
- Go to:
-
Download the Deep Security Virtual Appliance package. Check the version requirements in system requirements.
You can import multiple versions of the appliance. The manager will choose the newest package.
- On Deep Security Manager, go to Administration > Updates > Software > Local.
-
Click Import and upload the package to Deep Security Manager.
On import, Deep Security Manager also automatically downloads and imports an agent that is compatible with the operating system of the virtual appliance VM. This agent has the same protection modules as Deep Security Agent for 64-bit Red Hat Enterprise Linux.
-
If you want to specify a different embedded agent, go to Administration > System Settings > Updates and look for Virtual Appliance Deployment. By default, the Virtual Appliance Deployment option is set to Latest Available (Recommended). This indicates to the manager to upgrade the virtual appliance to use the newest imported, embedded agent. Change this setting, as required.
Next steps
You have completed the pre-upgrade steps and must now continue with the upgrade. You must go to one of the following sections depending on your scenario:
- If you re-registered NSX-T, the appliance was removed. This means you'll need to deploy a fresh appliance (not upgrade it). For next steps, go to Deploy the appliance (NSX-T 3.x).
- If you didn't re-register NSX-T, you are now ready to upgrade the appliance. Go to Upgrade the appliance.