Directly contact our Support Team

Upgrading the Security Server in GravityZone (On-Premises)

Security Server is scan server, delivered as a Linux Ubuntu self-configuring hardened virtual appliance, embedded into a virtual machine image.

This article addresses the Security Server Multi-Platform and GravityZone on-premises version, and it aims to explain how to upgrade its operating system to Ubuntu 16.04.

The procedure implies that you manually replace the old Security Server, which relies on Ubuntu 12.04, with the latest version available, which runs on Ubuntu 16.04.

Prerequisites

  • You need the kit of the new Security Server at hand.
    1. Log in to GravityZone Control Center.
    2. Go to the Configuration > Update page and make sure the Security Server is updated and published.
    3. Download the installation package from the Network > Packages page.
  • To find if the Security Server needs to be upgraded, open an SSH connection to it and type:
    cat /etc/*release

OS Upgrade

There are two approaches on how to perform the upgrade. Choose the one that best fits you.

Approach A

This approach involves zero downtime and no maintenance window is required.

  1. Log in to GravityZone Control Center.
  2. Go to the Network page and switch to Virtual Machines view.
  3. Select the host with the old Security Server installed and run an Install Security Server task.
  4. When deployment is complete, go to the Policies page.
  5. Add the new Security Server to the policies that contain the old Security Server.
    To do so, for each policy:
    1. Open the policy.
    2. Go to the Antimalware > Security Servers section.
    3. Under Security Server Assignment, select the new Security Server in the drop-down menu and click + Add.
    4. Remove the old Security Server from the list.
    5. Click Save.
  6. Delete the old Security Server from the host. You can do this either from Control Center, or from your virtualization management console.
  7. Repeat the steps above for the remaining Security Servers to be upgraded.

Approach B

This approach involves a downtime. A maintenance window is required to re-establish protection. In this case, the procedure depends on whether you use DHCP or not.

If you use DHCP IP allocation:

  1. Log in to your virtualization management platform. (e.g. VMware vSphere)
  2. On the host with the old Security Server:
    1. Copy the MAC address and hostname of the Security Server.
    2. Shut down the existing Security Server.
  3. Deploy a new Security Server, using one of these alternative methods:
    1. Log in to GravityZone and run an Install Security Server task from the Network page.
    2. Manually import the Security Server image on the host.
  4. Wait until deployment is complete.
  5. Change the MAC address and hostname with the saved ones.
    You can do this either from your virtualization management platform or by opening an SSH connection to the Security Server.
  6. Restart the Security Server. Once it has restarted, it should get the IP address of the old one and endpoints should be protected again.
  7. Repeat the steps above for the remaining Security Servers to be upgraded.

If you use static IP allocation:

  1. Log in to your virtualization management platform. (e.g. VMware vSphere).
  2. Shut down the existing Security Server.
  3. Deploy a new Security Server, using one of these alternative methods:
    1. Log in to GravityZone Control Center and run an Install Security Server task from the Network page.
    2. Manually import the Security Server image on the host.
  4. Configure the new Security Server with the hostname and IP of the old Security Server.
  5. Restart the Security Server. Once it is configured and online, the endpoints should be protected again.
  6. Repeat the steps above for the remaining Security Servers to be upgraded.
Can't find a solution for your problem? Open an email ticket and we will answer the question or concern in the shortest time possible.

Rate this article:

Submit