Mixed-version environments during an upgrade

During an upgrade, your Guardium environment will enter a mixed-version state with restricted functionality.

Since the upgrade process cannot be completed on all systems (central managers, aggregators, and collectors) and all S-TAPs simultaneously, your Guardium environment will enter a mixed-version state during upgrade. For example, after upgrading a central manager to the latest V10, managed units will continue operating at V9 GPU 600. Although mixed-version environments are supported, several limitations must be considered as part of any upgrade plan. For example, data collection, data assessment, and policies (with some restrictions) will continue to work while in a mixed state, but functions with new or enhanced capabilities will not work in a mixed environment.

Important: Upgrade your entire environment to the latest patch level of V10 as soon as possible. Be aware of the following while operating in a mixed-version environment during upgrade:
  • Complete Guardium functionality will not be available until the entire environment has been upgraded to the latest V10.
  • Do not make configuration changes while operating in a mixed-version environment.
  • Guardium V10 does not support mixed environments with managed units below V9 GPU 600.
Distributing configurations and settings
Configuration distribution is not supported between a V10 central manager and V9 patch 600 or later managed units. This restriction includes the following:
  • Policies cannot be distributed from a V10 central manager to V9 patch 600 managed units. Policies already installed on the managed units prior to the upgrade remain unchanged.
  • Patch backup settings cannot be distributed from a V10 central manager to V9 patch 600 or later managed units. Patch backup settings defined before the upgrade remain unchanged.
  • UI layout customization and distribution is not supported on a V10 central manager with V9 (patch 600 or later) managed units.
Managed units
You cannot register additional V9 patch 600 or later managed units after upgrading the central manager to V10. Units registered before the upgrade remain registered after the upgrade.
Quick search
Quick search for enterprise works in a mixed environment that consists of a V10 central manager and V9 patch 530 or later managed units. The user interface must be restarted in order to reinitialize quick search for enterprise. Managed units prior to GPU 500 are unable to take advantage of enterprise search, although local quick search is still available.
If a central manager is upgraded from V9 to the latest V10 and the managed units remain on V9, quick search is disabled on the V9 managed units until the managed units are upgraded to V10.
Reports
Some reports will result in SQL errors or may not display data correctly when viewed on V9 patch 600 or later managed units, including the following:
  • Aggregation/Archive Log
  • Connections Quarantined
  • Installed Patches
  • Inactive Inspection Engines
  • S-TAP Verification
  • Connection Profiling List
  • Replay Statistics
  • Replay Summary
With the exception of Enterprise Buffer Usage Monitor data, data from V9 patch 600 or later managed units is not accessible in the following reports on a V10 central manager:
  • Enterprise S-TAP Verification
  • Enterprise Load Balancing Events
Parent topic: Planning an upgrade