2 Replies Latest reply on Jan 23, 2012 3:47 AM by dmease729

    Query on rebuild of 3100 appliance - what happens if 2100 appliances have a greater version?




      I am just working on some DR documentation for a vulnerability management solution, and am just wondering if I need to (or it is advised that I do) include a section that mentions that while a 3100 rebuild is in progress, network connectivity between this appliance and 2100 appliances managed by it should be removed.  I ask as we are currently running 7.0.5 on the 3100 appliance, and 3 x 2100 appliances managed by it.  If I restore the 3100 appliance, at present the latest restore version is 6.8 - obviously after this I can upgrade it, but what would happen if I restored 6.8 to the 3100 appliance, and the 2100 appliances running 7.0.5 had visibility of the 3100?  I *assume* that it would not be a problem as the database would not have been restored on the 3100 at this point, but would it be a general recommendation to keep the 3100 appliance 'hidden' from the 2100 appliances until it was fully restored?

      Further to this, after the database is restored on the 3100, I am taking it that normal service will be resumed and the 2100 appliances will start to function as required (the EngineID of the scan engine component may have to be altered as per KB58401, however?)


      I hope my queries above are clear - if any clarification is required, please let me know. 



        • 1. Re: Query on rebuild of 3100 appliance - what happens if 2100 appliances have a greater version?

          It looks like you have this very well though out. Assuming that the MVM 3100 appliance is also a scan engine then yes you will need to follow that KB to put the EngineID back. The 2100 will attempt to connect to the FCServer on the MVM 3100 and succeed, but they will not be able to connect to the DB and a database mismatch message will be received in the logs until the DB restore is done. Having the 2100's attached to a 6.8 FCSever will not be an issue.


          I haven't seen your DR doc but in general the restore process should be in this order.


          1. Image MVM 3100.
          2. Upgrade 6.8 to 7.0.
          3. Restore DB which will have the same patch level in it as your MVM 2100.
          4. Confirm all engines are connected and working.
          5. Run FSUpdate to pull down latest patches. You might already be on the latest patch level but if your not this will pull down the latest patches and update the registry.
          6. You will be running on a trial licence for the next 60 days so apply for a new license right away.


          Jeff Haynes

          • 2. Re: Query on rebuild of 3100 appliance - what happens if 2100 appliances have a greater version?

            Hi Jeff,


            Thanks for your feedback on this!  So just to confirm - on a rebuild of the 3100, the above works fine, because the engine IDs of the remote scan engine appliances are held in the DB (which is restored).  Obviouslty the scan engine IDs of the 2100 appliances wont have changed, so everything should just continue to work as required.  I have duly noted your comment regarding the 3100 as a scan engine also :-)


            It is great to receive feedback like this, as there can always be niggles in the back of your mind when going through these processes for the first time!


            PS: For anybody else reading this, after rereading the KB article, it is important to note that the registry change is on the scan engine (in this case, the 2100) not the manager/database appliance (in this case, the 3100).  I had misunderstood that the first time round, and got myself a little confused!


            Message was edited by: dmease729 on 23/01/12 03:47:43 CST