3 of 3 people found this helpful
To find out the upgrade path, start by checking the release notes of the version you want to be at, i.e.: NSM 184.108.40.206
If you search for upgrade matrix, you will see that you can upgrade to the latest build from several previous 8.x releases. Say you choose 220.127.116.11, when you check the release notes for NSM 18.104.22.168 and search for upgrade matrix, you will see that the NSM min requirement is 7.1.x software. So you now have your upgrade path:
22.214.171.124 --> 126.96.36.199 --> 188.8.131.52
Thinks to take into account when upgrading the NSM or MDR pair:
- Take a full backup of the 184.108.40.206 build
- Manually run purge.bat on the manager(s) to make sure there are less than 1M alerts on the db
- Run upgrades
- Optional - I've known of people that will take a full backup after each upgrade - you can only restore the db backup on the same NSM build you are taking it from, so in case of something going bad you could reinstall NSM and restore backup from the last step of the upgrade instead of having to start all over from 220.127.116.11
By the way, can I only stop the Manager service but not stop the sensor during the Manager software version upgrade process?
If the answer is yes, does it mean that this approach can reach to the lowest service interruption to the network traffic?
Also, do I need to stop the database service during upgrade?
And if Manger uses 8.1 after upgrade from 7.5 , can the sensor which the version remains 7.X still working ?
3 of 4 people found this helpful
I believe you will need to upgrade the sensors with the manager. I'm not sure 8.3 can manage 7.5 sensors...maybe NSM 8.1 can which would allow you to get the manager to 8.1, upgrade the sensors to 8.1, then upgrade NSM to 8.3.
Best option, as always, is to read through the release notes (check the links on my previous post). The docs will confirm which sensors you can manage on each release, and also the installation instructions.
Purge the dB before starting though...trust me ...
NSM service, as per docs, should be stopped during the upgrade.
MySQL service must be running, otherwise the installer will fail when trying to connect to the database with the db user credentials you have to provide.
1 of 1 people found this helpful
d_aloy is correct in this case.
What you would need to do is upgrade both in a staged approach;
1) NSM 7.5 > 8.1
2) Sensors 7.5 > 8.1
3) NSM 8.1 > 8.3
4) Sensor 8.1 > 8.3
There are some changes from 7.5 to 8.3 that may require you to recreate policies and ignore rules. As well as changes to how the NSM displays alerts. The old method was to have the NSM pull alert details from the MySQL database, which in the case of older "historical" alerts (14+ days depending on what you have setup for solr) are still pulled from MySQL. But "real-time" alerts are now stored in the Solr database for faster display in the attack log.
Former Plat Support NSP
Sorry I didn't even respond to the second question.
1) By the way, can I only stop the Manager service but not stop the sensor during the Manager software version upgrade process?
--Answer: NSM Service and UI Service on 7.5 should be stopped during upgrade of NSM. Sensor will continue to process traffic but not send alerts, until the NSM is restored to operational status the alerts will be cached. (100,000 and then it will start to push the older alerts out of cache)
2) If the answer is yes, does it mean that this approach can reach to the lowest service interruption to the network traffic?
--Answer: When upgrading the manager the network traffic will be uninterrupted, when the sensor reboots after upgrade, depending on how you have it configured and whether or not you have FOKs if it doesn't have internal fail open, then traffic will be interrupted on reboot. If you have it configured for internal fail open, or with a kit...there will be the slightest of delays in network traffic (seconds)
3) Also, do I need to stop the database service during upgrade?
--Answer: No, just the NSM UI Service and the NSM Service
NSM UI: McAfee Network Security Manager User Interface
NSM Service: McAfee Network Security Manager
4) And if Manger uses 8.1 after upgrade from 7.5 , can the sensor which the version remains 7.X still working ?
--Answer: A Manager at 8.1 can manage sensors at 7.5, however you will not get support on any issues regarding to the sensor until you upgrade to a supported version.
I hope this answers all of your questions.