Hmmm, 27 views and no single reply... interesting
Quote from morning call with Platinum Support:
Me: "We are upgrading to 9.5.0 today"
Support: "Good, We have 40 customers that already upgraded to this version and no single issue"
Me: "I remember you told me the same thing about 9.4.x few months ago and it was total disaster..."
We upgraded production to 9.5.0 today, was running test environment (VM) for more than week. I am quite optimistic, after all issues with 9.4.x releases, it can't be that bad.
There are tons of cool new features in 9.5.0 that's for sure.
If we encounter any issues with 9.5.x, I will not hold them for myself, so expect updates here soon
I'll be starting this upcoming week.... I have combo boxes, Single and Dual ESM's, Single and Dual ELM's, HA Receivers across the board..... Will keep you posted.
I heard the same about stats from McAfee.... There is one issue regarding HA noted on the known issues KB but not critical. I'm hoping we don't have to guess on HA status and due stability improvements.
After 2 days since upgrade, I wouldn't have high hopes for HA receiver issues to disappear. There are some weird glitches, nothing has crashed yet, but it looks that in the event of failure the probability of data loss is still high.
"Preferred pimary device" option for HA receivers makes very little sense for me so far, it doesn't look like panacea for issues we had with 9.4.x.
"Content Packs" functionality (ESM must have internet connection and valid subscription account) looks more promising, although currently available packs are crappy, still no idea how and where to request improvements for Content Packs, not to mention possibility to improve them and export/publish/share with SIEM community. Step in the right direction definitely, but more work required.
Overall, I still think it's worthy upgrade, can't measure stability after such short period of time, but the list of new features/tweaks is very long and 9.5.0 looks a lot more promising than 9.4.x (aka "beta").
Forgot to mention, we actually have McAfee engineer onsite for the whole week and some issues still remain unsolved , which surprises me a little (I know it shouldn't, but I was really optimistic with 9.5.0).
Like you said, we got the exact same answers from McAfee before upgrading and unfortunately we faced numbers of issue with 9.4, so we cannot afford to have the same experience with this upgrade.
(Waiting more then 4 months to have a workaround that has to be scripted by the customer(us) and 2 more months to have the new release is not really acceptable, from a customer pov.)
Let us know if you see anything in the logs such as error and/or other suspicious events.
Thank you already for those who posted an answer to this discussion
Let's see what's going on with your upgrade to 9.5 (Good luck !)
We upgraded today and it went smooth without any issues.
9.4.x we had issues with the upgrade hanging and had to open a SR to get it resolved.
So far so good, busy going through the new features.
We are being forced to upgrade to 9.5.0 MR1 due to memory allocation bug, already applied in my lab.
Another surprise is a mess with duplicate user accounts (we use AD authentication), on top of that redundant ESM is refusing to accept any user (including admins) to log in.
Number of open SR tickets with support didn't go down since 9.5.0 upgrade.
Don't get me wrong, I strongly believe this is worthy upgrade comparing to 9.4.x "beta", 9.5.0 feels more like "release candidate".
We have now done three combo boxes one was done with 9.5.0 and 9.5.0 MR1 ( network was hosed after upgrade reboot fixed it ) and the other two were upgrades from 9.4.2 to 9.5.0 MR1 which went of with no issues yet. Tomorrow we will start rolling out to the single ESM, ACE, single ELM and one HA receiver pair setup. Stay tuned for more....
Just came off an upgrade from 9.4.2 to 9.5 last night with no issues. Older Nitroview hardware consisting of an ESM, ELM combo box, DBM and ADM. Took about three hours and all is up and running without issues that I can see.