In proxy HA you can leave the nodes as is (which will interrupt things) or you can perform the following, which will have minimal interruption.
The idea is that we take old nodes out of service for upgrading, while transitioning new nodes in to service.
1. Identify a redundant director node or scanning node that we will upgrade. Take a backup before beginning as usual.
a. Remove the "port redirects" under Configuration > Proxies. By removing the port redirects, this node will stop receiving traffic from the director.
b. Upgrade the node
c. Once upgraded, add the port redirects back in (that we removed in step 1a.) so node will start receiving traffic again
d. Leave as standalone, or add into upgraded cluster
2. Now that the redundant director node and scanning nodes are upgraded, we can upgrade the current director node
a. Adjust the priority to be zero or lower than the redundant director. This will transition traffic from the director node to the redundant director node
b. Continue with 1a, 1b, 1c, 1d
In between each of these steps I would advise verifying that traffic is passing normally, this way you can easily revert to the last step. Step 2a is where things could go wrong if you don't have a redundant director.
Let me know if this helps. I recently did this with a customer in the middle of the day and it we only lost one ping throughout the process.
This is absolutely right as well as I did in my lab.
when I started updating one node, some users were complaining, that they were not able to surf-but I think this was a clientsite problem. I guess if the TCP connection to a proxy node, which I've just started to upgrade, was still open, the user had such problems..
Glad it helped!
Thank you for your help on this. This is exactly the information I was looking for.