Patch installation, distribution, and monitoring

Before you begin an upgrade, it is helpful to familiarize yourself with how to upload and install patches, monitor patch installations, and verify that installations are successful.

Install a patch using scp

When upgrading your Guardium environment, there are several ways to upload and install patches on central managers and managed units.

Important: Patches downloaded in ZIP format must be unzipped outside the Guardium system before uploading and installing. Observe the following restrictions for any patch with database structure changes:
  • Perform or schedule the patch installation during quiet time on the Guardium system to avoid conflicts with long-running processes such as heavy reports, audit processes, backups, and imports.
  • The exact time required for patch installation depends on database utilization, data distribution, and other considerations.
  • Install patches in a top-down manner, first patching a central manager before patching aggregators and finally collectors.

To upload and install a patch using scp, issue the following CLI command: store system patch install scp

When the upload completes, you are automatically prompted to continue with the patch installation.

Install a patch using fileserver

To upload and install a patch using the Guardium fileserver:

  1. Initialize the fileserver using the following CLI command: fileserver [ip_address] where [ip_address] is the system being used to connect to the Guardium system.
  2. From a web browser, connect to the Guardium system.
    1. Click Upload Patch.
    2. Browse to select the patch file and then click Upload.
  3. Issue the following CLI command to install the patch: store system patch install system.

Distribute a patch

To distribute a patch from a central manager to managed units, one of the following must have taken place:

  • The patch is installed on the central manager
  • The patch has been made available on the central manager by running the following CLI command: store system patch available
Distribute the patch to managed units using the Central Management page on the central manager.
  1. Navigate to Manage > Central Management > Central Management.
  2. From the Central Management page, select managed units to receive the patch and click the Patch Distribution button.
  3. From the Patch Distribution page, select the patches to distribute.
    • Click Install Patch Now to install the patch immediately.
    • Click Schedule Patch to schedule patch installation for the future.

Monitor and verify patch installation

You can monitor and verify the installation of patches in the following ways:

  • Issue the following CLI command: show system patch install.
  • Use the Central Management page on the CM: Manage > Central Management > Central Management > Patch Installation Status.
Important: V9 patches will not available after the Guardium system is upgraded to V10.