Automatically upgrade agents on activation
'Upgrade on activation' is a feature that can be used to automatically upgrade Deep Security Agents to a newer version of software based on a check of the agent version during the activation process. This feature is especially useful if you want to distribute the agent using the baking process (see Bake the agent into your AMI or WorkSpace bundle). When agents are baked it can be difficult for you to update your ‘golden’ images each time a new version of the Deep Security Agent is released. In this case, 'upgrade on activation' can be used so that each time the older agent from the baked image activates, Deep Security Manager instructs the agent to upgrade to the version you specify as part of the activation process keeping the running agents used in your environment up-to-date.
This feature complies with your agent version control settings.
This feature is currently available only on Linux and Windows computers. Support for Unix is planned for a future release.
Any AWS instances that were added to Deep Security without using a cloud connector will be "rehomed" into a cloud connector after the upgrade. This means they will appear under the appropriate AWS account name on the Computers page, organized in a hierarchy that includes the AWS Region, VPC, and subnet.
This feature works with these operating systems:
- Red Hat Enterprise Linux
- Amazon Linux
- Oracle Linux
- SUSE Linux Enterprise Server
- Cloud Linux
- Go to Administration > System Settings > Agents.
- Under Agent Upgrade, select any of the following: Automatically upgrade Linux agents on activation, Automatically upgrade Windows agents on activation, Automatically upgrade Unix agents on activation.
- Click Save.
The Version column on the Computers page displays the installed Deep Security Agent version for each computer.
In addition, when an automatic agent upgrade is triggered, System events are generated that you can use to track the status of the upgrade. You can check for these system events:
|264||Agent Software Upgrade Requested||An agent software upgrade has been triggered, either manually or by an automatic agent upgrade.|
|277||Upgrade on Activation Skipped||
The agent was eligible for an automatic upgrade, but the upgrade did not occur.
|706||Software Update: Agent Software Upgraded||The upgrade was successful.|
|707||Software Update: Agent Software Upgrade Failed||The upgrade was not successful. Refer to the event details for more information about why it was not successful.|