Check the upgrade steps for FIPS, it shows how to minimise data loss in comparison to the normal upgrade path.
Thank you for your response. I'm not sure which document you are suggesting that I refer to for the FIPS upgrade steps, I located the following info in "Release Notes McAfee Enterprise Security Manager 9.6.0" / sm_960_rn_en-us-rev-a.pdf
1 Upgrade the ELM or ELMERC.
2 Upgrade Nitro IPS, Event Receiver, ACE, DEM, and ADM.
3 Upgrade the ESM, ESMREC, or ENMELM. You can begin when all device upgrades start.
Failure to upgrade the devices before upgrading the ESM when in FIPS mode can affect ELM log collection.
I am looking for a process which actually connects the receivers, ELM units and correlation engine to the redundant ESM for the duration of the upgrade of the primary, followed by reconnecting them back to the primary to upgrade the redundant. The FIPS related information that I have found to date does not cover such a scenario.
In that case, you can promote redundant ESM to be primary. Once done, remove redundant ESM setting in ESM, then carry on upgrade. But this will actually take longer, where you have to do sync and potentially full sync...
Just got a response back from McAfee support... apparently the official line is that the redundant ESM cannot be used in the way you suggest, which I stress does not mean that it will not work. Probably the biggest hurdles are if the master -- replicant sync somehow does not work, as well as increasing the upgrade time as you pointed out.
I'm not concerned about increasing the upgrade time as the loss of ESM availability is of greater importance... the promotion of redundant and upgrade of the "usual" primary could be done a full day prior to the bulk of the upgrade (receivers, ELM etc.), at which time the usual primary would in fact become defined as the redundant.
The next day you'd then confirm sync of the redundant (aka usual primary) is completed prior to the real upgrade (receivers, ELM, etc), at which time it would be re-promoted to it's normal role as primary and the upgrade process would go in a relatively normal fashion.
Anyone reading this who believes that the ESM upgrade process should be able to effectively make use of the expensive redundant ESM that your organization has purchased (or is considering purchasing) should be much easier, properly documented and fully supported please go vote for this as an enhancement here:
Thanks & Regards, SJ.