Still reading docs :-)
I would start with DB purge + DB optimalize records below 1M before upgrade between major releases.
Update: Based on McAfee Corporate KB - Network Security Platform 9.1.x Known Issues KB88813 I will pospone migration as we have some sensors with critical issues.
I normally purge the whole DB if the upgrade is going to require any data migration scripts to be run.
I try to regularly tune and backup the DB and will do both before an upgrade.
Have you experienced any of the critical issues or are you just going by the release notes?
We moved over in our lab, there is a known database tuning issue in 8.3 where the App_viz table doesn't always get tuned correctly. They have a hotfix for 8.3 but no fix in 9.1 and the issue is present in 9.1. There are 3 other tables I just can't remember their names.
Wow, talk about a missing the ball...sorry Peter.
To answer your question from August - If the App_Viz tables fail to tune/prune then they will grow in size unchecked and will cause your tuning to take longer and never complete without error. I have seen the tuning/pruning at my current employers go from 4-5 hours to 20 hours because these tables are growing. We have had to manually remove the data from these tables using mysql statements because even manual tuning/pruning fails. McAfee is still working very closely with us to remedy the issue.
Thanks and Sorry again for the late response.
My understanding is that the main reason for 9.1 to be released was the need for McAfee to have a supported IPS solution for AWS. I would need to double check the release notes but I don't believe there are many new features on the NSM or sensors (I remember something about compressed http response traffic I think), and I was told maybe some of the NTBA dashboards/data accessibility were back, but a quick look at the lab install didn't show anything 'new'.
Based on my experience, unless you really, really, really MUST have one of the new features - or maybe a HF - only available on the 9.1 base release, I would not upgrade any production installation to that release. I would say it's always better to wait for MR1 to be out, as the main/obvious bugs/issues expected on any major release will have been addressed at that point.
Current known issues:
So back to your question Peter, and as I said above: I would suggest any prod kit to be kept in the current release unless an upgrade is mandatory because of a critical issue where the fix is only available on 9.1 or if you need NSP sensors in AWS.
Just my two cents.
HTH and have a good weekend
Like yourself I'm not on McAfee's early adopter list, 'll try to get it in to my test environment soon, but don't plan a production deployment until at least after MR1 has been out for long enough to be considered stable.
I thought the 8.4 release was for AWS but it looks like it's incorporated into 9.1 so maybe that's a dead end too.
I'm still waiting on an update on the future of 8.3, I haven't seen any EOL notices, so don't know when we'll have to move to 9.1. Have you heard anything on this yet?
As for new features and releases this is what I was given;
See the release notes and product documentation for further details on new features listed below:
• Controller High Availability (HA)
• Manager Disaster Recovery (MDR) in an AWS environment
• Migration from SHA1 to SHA256 signing algorithm
• IDS Load Balancer
• Support for the 4-port RJ-45 10 Gbps/1 Gbps/100 Mbps interface module
• HTTP Response Decompression
• Datapath statistics for interface port
• Memory usage monitor
• Product integration enhancements
See the release notes and product documentation for further details on enhancements listed below:
• On premises Manager managing Virtual IPS Sensors on AWS
• Central Manager UI redesign to migrate away from Java
• Grouping alerts in the Attack Log page
• Configuration option changes for custom attack signatures
• Option to remediate an endpoint which are manually quarantined
• Layer 7 data capture enhancements
• Increase in memory size for handling signature sets
• Multiple attachments extraction in SMTP
• Jumbo frame parsing
• VM (agent) Status Dashboard for AWS
• Shared secret key enhancement
• Licensing and Telemetry
Keep us all in the loop if you hear anything.
Thanks for sharing the notes.
About 8.4, I don't have any information I'm afraid.
About the EOL and release logic, McAfee changed their release cycle a while ago, so we are looking at 'main release' and 'feature release' builds.
8.1, 9.1 are main releases and they should be supported for at least 2 years more or less.
In between, they release the 'feature release' builds (8.2, 8.3, etc), that contain the new features for the main release, but have a shorter support cycle - maybe 18 months top. Also, it is important to note that the HFs will always be included in the main release build (i.e. 9.1), but you may have to upgrade your feature release from 8.2 to 8.3 let's say to get HFs if you are in the feature release cycle.
From the NSM point of view, this is not so important - I think - as upgrading the manager is generally easier than upgrading the sensors (thinking about change management/risks/and people required to be involved for a sensor upgrade - network team, app team, etc - to do post upgrade checks in the network).
PD25515 and KB78795 have more details on this - even though I've been told this may change soon as they adopt the Agile method.
Will let you know if I hear anything else.