Upgrading a 64-bit backup central manager

When upgrading your 64-bit Guardium environment, follow these steps to run the health check patch and upgrade a backup central manager using a backup, rebuild, and restore procedure.

1. Upgrade the system to V9 patch 600 or later.
2. Set the time to the local time zone and synchronize time across all Guardium systems using an NTP server.
3. Download and install the latest health check patch (p9997) and verify that the installation was successful. See Patch installation, distribution, and monitoring for instructions.
   Important: You will need to install the latest health check patch (p9997) on both the primary central manager and backup central manager candidate before designating a backup central manager.
4. Define a backup central manager.
   1. Navigate to the Central Management page on the primary central manager.
   2. Select a managed aggregator.
   3. Verify that the primary central manager and the backup central manager candidate have the same patches installed.
   4. Designate the aggregator as a backup central manager.
   5. Verify that the cm_sync_file.tgz file has been created by checking the Aggregation/Archive Log on the primary central manager.
5. Take a system backup of the backup central manager and verify that it was successful.
   1. Navigate to Manage > Data Management > System Backup.
   2. Configure the protocol based on your preferences and fill in all fields.
   3. Be sure to backup both configuration and data.
   Important: Create at least one valid backup before beginning the upgrade procedure.
6. Install p10000 on the central manager and monitor its installation.
   Important: After the patch installation completes, the upgrade process automatically begins and the system is rebooted. Do not reboot the system manually.
7. Allow the operating system installation to complete.
   • Installation time depends on the amount of data involved as well as system specifications and configuration
   • Once the operating system installation has completed, the system reboots into the latest Guardium V10 for the first time.
     Attention: After you successfully install the latest V10, the first boot into your system is followed by:

     • Network configuration, database data migration, database start up.
     • License upgrade, PSML upgrade, language setting.
     • Database restart, certificate and key migration, password migration, and file clean-up.
8. Confirm that the backup CM upgrade has completed successfully using the following steps
   1. Log in to the CLI.
   2. Issue the following CLI command: show upgrade-status
   3. Verify that the last line in the output reads: 5.0:INFO:Migration Complete
   4. Issue the following CLI command:show system patch install
   5. Verify that p10000 status is the following:Phase 5: Migration completed
9. Install the latest maintenance patches on the central manager and verify that they have installed successfully.
10. Verify that the primary central manager still sees the upgraded backup central manager.
    Important: The backup central manager (now running the latest Guardium V10) may show a red status light. This happens when the central manager sends a V9 signal to a V10 system and fails, and you can still promote the server as long as the backup central manager sync file is present on your backup central manager. Do not attempt a refresh.
11. Verify that the cm_sync_file.tgz file has completed at least two successful transfers from the primary central manager to the backup central manager by checking the Aggregation/Archive Log on the primary central manager. The transfers should occur at 30-minute intervals.
12. Make the backup central manager the primary central manager.
    You may encounter the following message after logging into the backup central manager:

    The central manager version is lower than the version of this managed unit. Functionality is limited until the version mismatch is corrected.

    1. Navigate to Setup > Central Management.
    2. Click Make Primary CM. If you do not see this option, verify that the cm_sync_file was transferred successfully.
    3. Answer Yes to the message: Are you sure you want to make this unit the primary CM?
    4. Click Close on the pop-up-message: The change will take a few minutes and would require a GUI restart. You will be logged off when the GUI restart is performed.
       The progress icon is displayed on the user interface page.
    Note: During the conversion process, the Guardium user interface is temporarily unavailable. After the process completes, the login screen returns to normal.
13. Transition the managed units to the new primary central manager. This might take some time to complete. Using an SSH client, connect to the new primary central manager to view the results log.
    1. Initialize the fileserver using the following command: fileserver [ip_address] [duration]
    2. From a web browser, connect to the new primary central manager.
    3. View the load_secondary_cm_sync_file.log file to see the progress. The file is located in the gim-snif-guard-logs directory.
    4. When you see the final line Import CM sync info done, the process has finished successfully.
    5. At this point, the user interface refreshes and you will see the login page.
    6. Wait until the top of the hour for the process to complete as the managed units begin transitioning to the new primary central manager.
14. Log into the Guardium user interface and accept license agreements to enable product features.
    1. Navigate to Setup > Tools and Views > License.
    2. Accept the base license agreement.
    3. Accept all applicable append license agreements.
    Note: Skipping this step prevents Guardium features from being enabled.
15. Navigate to the Central Management page and ensure that managed units are now managed by the new primary central manager. The old primary central manager should not appear in the list of managed units.