Upgrade Deep Security Agent

Software upgrades can be initiated through Deep Security Manager or a third-party deployment system.

In this topic:

Before you begin an upgrade

Before you begin an agent upgrade:

  1. Check that you're upgrading from a supported version. You can upgrade to Deep Security 20 from:
    • Deep Security 11 LTS (GA version or LTS updates)
    • Deep Security 12 LTS (GA version or LTS updates)
    • Deep Security 12 Feature Releases
  2. Back up the agent computers that you plan to upgrade. Make a system restore point or VM snapshot of each agent.
  3. Upgrade all Deep Security Relays. See Upgrade Deep Security Relay.

    You must upgrade all relays before you begin upgrading agents, otherwise, upgrades may fail.

    When you upgrade the Deep Security Agent, Deep Security verifies your signature on Deep Security Agent to ensure that the software files have not changed since the time of signing. For more information, see Agent package integrity check.

Next, review the platform-specific notes below and complete any advised tasks.

You are now ready to upgrade your agent using any of the methods described in this topic.

Upgrade the agent starting from an alert

When a new agent software version is available, a message appears on Alerts.

  1. In the alert, click Show Details and then click View all out-of-date computers.
    Computers appears, displaying all computers where Software Update Status is Out-of-Date. What is considered 'out-of-date' is determined by version control rules you've set up. For details, see Configure agent version control.
  2. Continue with Upgrade the agent from the Computers page or Upgrade the agent manually.

Upgrade multiple agents at once

  1. In Deep Security Manager, go to Administration > Updates > Software.
  2. In the main pane, look under the Computers section to see whether any computers or virtual appliances are running agents for which upgrades are available. The check is only performed against software that has been imported into Deep Security, not against software available from the Download Center.
  3. Click Upgrade Agent / Appliance Software to upgrade all out-of-date computers. What is considered 'out-of-date' is determined by version control rules you've set up. For details, see Configure agent version control.

Upgrade the agent from the Computers page

  1. In Deep Security Manager, go to Computers, and then:
    • Right-click the computer(s) that you want to upgrade, and select Actions > Upgrade Agent Software.

      Or

    • Select the computer(s) that you want to upgrade, click the Actions button near the top and select Upgrade Agent Software.

      Or

    • Double-click a computer that you want to upgrade and on the Computer details dialog box, click the Upgrade Agent button.

    You must upgrade your relays before your agents to prevent failures. Learn more. To identify a relay, look for the relay icon ().

  2. In the dialog box that appears, select the Agent Version. We recommend that you select the default Use the latest version for platform (X.Y.Z.NNNN). Click Next.

Upgrade the agent on activation

If Deep Security Agent is installed on Linux or Windows, you can choose to automatically upgrade the agent to the newest software version that's compatible with Deep Security as a Service when the agent is activated or reactivated. For details, see Automatically upgrade agents on activation.

Upgrade the agent manually

Sometimes you may not be able to upgrade the agent software from the Deep Security Manager. Reasons may include:

  • There are connectivity restrictions between the manager and agent computers.
  • Your agent software is too old, and the manager doesn't support upgrading it anymore.
  • You prefer to deploy upgrades using a third-party system.

If any of the above scenarios describes your situation, you can upgrade the agent by running the installer manually. The method varies by operating system.

 

Upgrade best practices for agents

If you have critical workloads running on your agent servers, we recommend that you follow these best practices when upgrading:

  • Upgrade when the computers are less busy.
  • Test the upgrade procedure first in a staging environment before upgrading production servers.
  • When upgrading production servers, upgrade one server at a time for the first few servers. Allow a soak period in between each server upgrade.
  • After individually upgrading a number of production servers for a given OS version (and application role, on Solaris or AIX), upgrade the remaining servers in groups.
  • Also review the Best practices for upgrades.