Upgrade old 64-bit primary central manager

When working with a backup central manager, follow these procedures to upgrade your old 64-bit primary central manager using an upgrade patch.

Before you begin

Once your backup central manager has become your new primary central manager, you can migrate your old primary central manager to the latest Guardium V10. Before upgrading your old primary central manager, review and complete the following tasks:

Procedure

  1. Reconfigure the old primary central manager by issuing the following CLI command: delete unit type manager.
    Before continuing, verify that the old primary central manager is now a standalone aggregator.
  2. Take a system backup from the old primary central manager.
    Include both data and configuration in the backup.
  3. Upgrade the old primary central manager using the p10000 upgrade patch and monitor the patch installation.
    Read Patch installation, distribution, and monitoring for more information.
    Attention: After the patch installation completes, the upgrade process automatically begins and the system is rebooted. Do not reboot the system manually.
    The time required for upgrade depends on the amount of data involved as well as system specifications and configuration. When the upgrade is complete and the system reboots, the first boot of the upgraded system is followed by:
    • Network configuration, database data migration, database start up.
    • License upgrade, PSML upgrade, language setting.
    • Database restart, certificate and key migration, password migration, and file clean-up.
    During this process, you will be unable to log in to upgraded managed units until the database migration completes.
  4. Verify that the upgrade process has completed successfully on the old primary central manager.
    1. Log in to the Guardium CLI of the system being upgraded.
      If the CLI enters recovery mode, the upgrade is still in process.
    2. Issue the following CLI command: show upgrade-status.
      This command can also be issued from the CLI in recovery mode.
    3. Verify that the last line of output reads: 5.0:INFO:Migration Complete.
    4. If you are in CLI recovery mode, exit the CLI and log back in to enter the CLI mode.
    5. Issue the following CLI command: show system patch install.
      Attention: show system patch install will not return results until the upgrade completes after the first reboot.
    6. Verify that the upgrade patch installation status read: Phase 5: Migration completed.
  5. If the latest V10 GPU (if newer than the latest V10 ISO) and maintenance patches were installed on the old backup central manager prior to converting it to a primary central manager, install the same GPU and maintenance patches on the old primary central manager.
  6. Set the shared secret on the old primary central manager by navigating to Setup > Tools and Views > System.
  7. Register the old primary central manager (the system you have just upgraded) to the new primary central manager.
  8. Define a new backup central manager.
    1. Navigate to Manage > Central Management > Central Management on the new primary central manager.
    2. Select the old primary central manager.
    3. Designate the old primary central manager as the new backup central manager.
    4. Wait for at least one backup synchronization to complete.
      The first backup synchronization should take place within one hour.
    5. Verify that the cm_sync_file.tgz file has been created by checking the Aggregation/Arcive log on the new primary central manager.
  9. Optionally revert to the original managed environment configuration by redefining the new backup central manager as the primary central manager.
    1. Answer Yes to the message: Are you sure you want to make this unit the primary CM?
    2. Click Close on the Information pop-up message. The progress icon is displayed on the user interface page.
      Attention: The user interface will be temporarily unavailable during the conversion process. When the process completes, the login screen will return to normal.
  10. Transition the managed units to the new primary central manager.
    This process may take some time to complete. Using an SSH client, connect to the new primary central manager to view the results log.
    1. Initialize the fileserver using the following command: fileserver [ip_address] [duration]
    2. From a web browser, connect to the new primary central manager.
    3. View the load_secondary_cm_sync_file.log file to see the progress. The file is located in the gim-snif-guard-logs directory.
    4. When you see the final line Import CM sync info done, the process has finished successfully.
    5. At this point, the user interface refreshes and you will see the login page.
    6. Wait five minutes for the process to complete as the managed units begin transitioning to the new primary central manager.
  11. Navigate to Manage > Central Management > Central Management and verify that all managed units are green and are now managed by the original primary central manager.
    The original backup central should not appear in the list of managed units unless it has been reconfigured as a backup central manager.

What to do next

Now that you have upgraded your central manager and backup central manager, Upgrade 64-bit managed units.