Over-the-top Upgrade Guide for Snare Server v7



Similar documents
Side-by-side Migration Guide for Snare Server v7

Installation Guide to the Snare Server Installation Guide to the Snare Server

Hyper-V Installation Guide for Snare Server

User Guide to the Snare Agent Management Console in Snare Server v7.0

Snare Agent Management Console User Guide to the Snare Agent Management Console in Snare Server v6

Windows ADM Templates and Group Policy

System Security Guide for Snare Server v7.0

Using Snare Agents for File Integrity Monitoring (FIM)

Active Directory 2008 Operations

Linux - CentOS 6 Install Guide

How to Restore a Windows System to Bare Metal

Universal Management Service 2015

Snare for Firefox Snare Agent for the Firefox Browser

2014 Electrical Server Installation Guide

Payment Card Industry Data Security Standard Payment Card Industry Data Security Standard (PCI / DSS)

Migrating MSDE to Microsoft SQL 2008 R2 Express

Using Red Hat Enterprise Linux with Georgia Tech's RHN Satellite Server Installing Red Hat Enterprise Linux

Retrospect 7.7 User s Guide Addendum

SB 1386 / AB 1298 California State Senate Bill 1386 / Assembly Bill 1298

MGC WebCommander Web Server Manager

Database Administration Guide

How To Install A Safesync On A Server

Blackbaud, Inc. This publication, or any part thereof, may not be reproduced or transmitted in any form or by any means, electronic, or

How to Install Microsoft Windows Server 2008 R2 in VMware ESXi

Dual-boot Windows 10 alongside Windows 8

How To Backup A Database In Navision

Installation Manual UC for Business Unified Messaging for Exchange 2010

TheFinancialEdge. Conversion Guide

An Oracle White Paper April How to Install the Oracle Solaris 10 Operating System on x86 Systems

Quick Start Guide. Version R91. English

SQL 2014 Configuration Guide

Intel Data Migration Software

The Snare Agents Commercial or Open Source? - White Paper -

Installation Assistance Windows/Microsoft Updates Updating from Spectra or Upgrading from Spectra 6.x...

Intel Data Migration Software

Backup Manager Configuration and Deployment Guide. Version 9.1

PCI DSS Best Practices with Snare Enterprise Agents PCI DSS Best Practices with Snare Enterprise Agents

SMS Database System Quick Start. [Version 1.0.3]

Microsoft Dynamics GP. Electronic Signatures

StarWind iscsi SAN Software: Using StarWind with VMware ESX Server

AlienVault. Unified Security Management x Offline Update and Software Restoration Procedures

Upgrading Client Security and Policy Manager in 4 easy steps

Perceptive Intelligent Capture. Product Migration Guide. with Supervised Learning. Version 5.5 SP3

ACTi NVR Config Converter User s Manual. Version /06/07

BarTender Version Upgrades. Best practices for updating your BarTender installation WHITE PAPER

NetBackup Backup, Archive, and Restore Getting Started Guide

Vess A2000 Series. NVR Storage Appliance. Windows Recovery Instructions. Version PROMISE Technology, Inc. All Rights Reserved.

Snare System Version Release Notes

Firmware Update Instructions for Crucial Client SSDs

LOCKSS on LINUX. CentOS6 Installation Manual 08/22/2013

Database Administration Guide

Testing your Linux Virtual Box

Quick Start Guide 0514US

XenClient Enterprise Upgrade Guide

Drobo How-To Guide. Topics. Back Up to Drobo File Sharing Storage Using StorageCraft ShadowProtect

How To Install Database Oasis On A Computer Or Computer (For Free)

Installing Ubuntu LTS with full disk encryption

Migration Guide Software, Database and Version Migration

Metalogix SharePoint Backup. Advanced Installation Guide. Publication Date: August 24, 2015

Administration guide. Host software WinCCU Installation. Complete gas volume and energy data management

Hyper-V Server 2008 Setup and Configuration Tool Guide

Upgrade Guide. CA Application Delivery Analysis 10.1

Quick Start Guide - Migrating to Tally.ERP 9

NBMR. Bare Machine Recovery for EMC NetWorker. User Guide. For Linux. June Version Cristie Data Products GmbH Nordring 53-55

CA arcserve Unified Data Protection Agent for Linux

PARALLELS SERVER 4 BARE METAL README

UltraBac Documentation. UBDR Gold. Administrator Guide UBDR Gold v8.0

Digi Connect Wan 3G Application Guide Update the firmware, backup and restore the configuration of a Digi Connect Wan 3G using a USB flash drive.

Install SQL Server 2014 Express Edition

How to Restore a Linux Server Using Bare Metal Restore

AT-UWC Wireless LAN Controller. Installation Guide. Software Version

HP Thin Client Imaging Tool

HP Personal Workstations Step-By- Step Instructions for Upgrading Windows Vista or Windows XP Systems to Windows 7

Upgrade Guide BES12. Version 12.1

QAD Enterprise Applications. Training Guide Demand Management 6.1 Technical Training

Smart Control Center. User Guide. 350 East Plumeria Drive San Jose, CA USA. November v1.0

SOS Suite Installation Guide

How to Back Up and Restore an ACT! Database Answer ID 19211

Upgrading a computer to Windows 10 with PetLinx

Updates Click to check for a newer version of the CD Press next and confirm the disc burner selection before pressing finish.

Moving the TRITON Reporting Databases

Using iscsi with BackupAssist. User Guide

Using Internet or Windows Explorer to Upload Your Site

Moving the Web Security Log Database

ilaw Installation Procedure

ECT362 Installing Linux Virtual Machine in KL322

VPOP3 Your post office Getting Started Guide

ShadowProtect Granular Recovery for Exchange Migration Scenarios

Abstract. Microsoft Corporation Published: August 2009

VMWare Workstation 11 Installation MICROSOFT WINDOWS SERVER 2008 R2 STANDARD ENTERPRISE ED.

System Image Backup and Recovery

ATX Document Manager. User Guide

ZConverter. Windows Backup v 3.5

EIOBoard Intranet Installer Guide

LOCKSS on LINUX. Installation Manual and the OpenBSD Transition 02/17/2011

Operating System Installation Guide

MYOB EXO EMPLOYER SERVICES Australian Edition

Snare Server v6 VMware Logging Guide Using the Snare Server to collect VMware ESXi Logs

Fiery Clone Tool For Embedded Servers User Guide

Transcription:

Over-the-top Upgrade Guide for Snare Server v7 Intersect Alliance International Pty Ltd. All rights reserved worldwide. Intersect Alliance Pty Ltd shall not be liable for errors contained herein or for direct, or indirect damages in connection with the use of this material. No part of this work may be reproduced or transmitted in any form or by any means except as expressly permitted by Intersect Alliance International Pty Ltd. This does not include those documents and software developed under the terms of the open source General Public Licence, which covers the Snare agents and some other software. The Intersect Alliance logo and Snare logo are registered trademarks of Intersect Alliance International Pty Ltd. Other trademarks and trade names are marks' and names of their owners as may or may not be indicated. All trademarks are the property of their respective owners and are used here in an editorial context without intent of infringement. Specifications and content are subject to change without notice. Page 1 of 9

Table of Contents 1. Upgrade Overview................................................... 3 2. Upgrade Requirements............................................... 4 3. Preparing the Existing Server.......................................... 5 4. Upgrading to version 7................................................ 6 5. Upgrade Notes...................................................... 8 Page 2 of 9

1. Upgrade Overview This guide details the steps required to perform an over-the-top upgrade of the Snare Server v6 product to Snare Server v7, on the same piece of hardware. It is designed to maintain all of the existing server information, and the Snare Event Archive data currently stored on the existing server. Other resources that may be useful to read include: Snare Server Installation Guide Snare Server Migration Guide Snare Server User Guide Snare Server Release Notes Please note, this guide does not cover a side-by-side migration of a source Snare Server onto a destination Snare Server. Please see the Snare Server Migration Guide for details about this process. It also does not cover upgrading from any version of the Snare Server other than version 6. Any organisation that has had customisations made to their Snare Server by the InterSect Alliance team, which involve FTokens/pre-processed tokens, or custom modules/development work will need to speak to their Snare Support Representative to organise a custom upgrade to maintain this functionality. IMPORTANT The over-the-top upgrade process described in this document is not without risks, and should only be undertaken when the side-by-side migration process is not possible within your environment. While the InterSect Alliance International team have made every effort to ensure this upgrade is as safe as possible, the upgrade involves moving between two different core operating systems. There is a low chance that your hardware may not be supported by the newer operating system. If you are unable to perform a side-by-side migration, we highly recommend that you attempt to install Snare Server v7 on identical hardware to your current server to ensure it is compatible before proceeding with this upgrade. We also highly recommend that you take a full backup of your Snare Event Data to prevent accidental data loss. It should be noted that Snare Server v7 only supports 64-bit architecture, and as such it is not possible to upgrade a 32-bit server to Snare Server v7. Intersect Alliance International Pty Ltd Page 3 of 9

2. Upgrade Requirements 2.1. What you need The existing Snare Server v6 server must be updated to the latest available version. The ISO image for the latest version of the Snare Server v7 product, burned onto a CD if required. 2.2. Hardware Requirements Snare Server v7 only supports a 64-bit architecture. If your server is only 32-bit, it will not support version 7, and an Upgrade should not be attempted. Snare Server v7 is based off Ubuntu Server 14.04 LTS 64-bit. If there are known compatibilities with this release of Ubuntu with your hardware, then the Upgrade should not be attempted. 2.3. Software Updates In order to take advantage of the server upgrade process the existing Snare Server v6 will need to be running the latest released version to ensure the required tools are available. The minimum version required is Snare Server v6.4.0. You will also need to download the ISO image for the latest version of the Snare Server v7 product, and burn it onto a CD if required by your installation procedure. Note: These updates and the ISO image can be downloaded from your Snare Secure Area (if applicable). Please speak to your Snare Support Representative if you are unsure how to access this page. 2.4. Snare Server License Due to the changes to the licensing system within Snare Server v7, a new license will need to be generated and installed after the upgrade process is completed. This will involve retrieving the new Host IDs generated at the completion of the upgrade process, passing them to your Snare Support Representative, receiving a new license file, and then applying it to your server. This process may take time, and needs to be factored into the upgrade process. Intersect Alliance International Pty Ltd Page 4 of 9

3. Preparing the Existing Server 3.1. Introduction If you are not familiar with the operation of the Snare Server, please refer to the User Guide for Snare Server for more information. At this point, you should have carefully read the warnings in the ' Upgrade Overview' at the beginning of this document. If you were able, then you should have tested the Snare Server v7 installation on identical or similar hardware to your current server. It is also recommended that you have performed a full backup. All the standard system folders will be removed as part of the upgrade process. If you have any custom scripts or other files on the server, we highly recommend that you take a backup of these before proceeding with the upgrade. Important: It is critical that the server is updated to the latest release of v6 and the prepare objective is run before attempting the upgrade. 3.2. Preparation Steps 3.2.1. Upgrade to latest v6 The current Snare Server v6 needs the latest available update, to ensure that the pre-upgrade checks cover everything that is required for the upgrade to v7 to be supported. The minimum version required is v6.4.0. 3.2.2. Run the Preparation Objective As part of the v6.4.0 and later Snare Server Updates, a new objective is added into the System section. This objective is called " Prepare Server for Upgrade", and it runs a series of checks and tasks on your Snare Server to check that it is able to be upgraded. There are no manual steps to take, it will run the checks automatically when it is opened. Read the output carefully to ensure no important messages are missed. Important: This objective checks for known issues and potential customisations which may cause a problem during the upgrade. It cannot however find every possible issue, and it is possible that there may be other reasons why the upgrade may fail. If you have made any customisations to your Snare Server, it is not recommended that you attempt an upgrade, this script may not find them. Intersect Alliance International Pty Ltd Page 5 of 9

4. Upgrading to version 7 4.1. Introduction Once you have completed the preparation steps and have taken your backups, you can proceed to the upgrade process. You will need the Snare Server v7 ISO mentioned in the Upgrade Requirements section in order to upgrade the server. 4.2. Upgrade Process 4.3. Boot the v7 ISO The first step is to reboot the existing v6 server and boot the v7 ISO. Depending on your environment, this may happen automatically when the ISO is mounted/inserted during the boot process. If not, most systems provide a boot media option from which it can be selected from, and the fall back option is to change the boot priority in the server BIOS. When the boot menu comes up, select the 'Upgrade existing Snare Server' option from the available prompts. 4.3.1. Follow the Installation Process The Upgrade process uses a very similar procedure to the Install process, and the Snare Server Installation Guide should be referenced for more information about these steps. These steps are a very limited subset of the standard Ubuntu installation steps, and should be fairly self-explanatory for anyone who has experience installing the Snare Server and/or Ubuntu Server. After the initial language and keyboard selections, you should be presented with a confirmation screen for the Snare Server Upgrade. This marks the point of no return, and there is a slim chance of data loss if your system is incompatible for the upgrade. Important The Upgrade process uses a black colour scheme within the prompts that perform the system installation, in contrast to the purple used by the normal installation process. If you are not presented with a black colour scheme during this process, cancel the process, reboot, and try again. 4.3.2. System Passwords Although the Upgrade process will maintain all of the configuration and login details for the user interface, the system accounts (root, snare, snarexfer) are not copied across. The Upgrade process will ask for a new password for each of those accounts. The passwords previously used for each account can be re-entered, although for security reasons, we recommend choosing new passwords. Intersect Alliance International Pty Ltd Page 6 of 9

4.3.3. System Reboot and Further Configuration After the passwords are entered, the system will reboot and continue the system installation and configuration process. This process installs the extra packages used by the Snare Server that are not included as part of the default Ubuntu installation. It also performs any package updates since the last Ubuntu ISO release, to ensure the latest security patches and bug fixes have been applied. This process may take some time on some systems. Note: Unlike the installation process, the colour scheme for this process will be a purple, and look the same as the standard installation process. 4.3.4. Final Reboot When the Installation and Configuration has finished, the Snare Server will prompt for one final reboot. This allows the server to apply some of the more complex updates that were installed (such as kernel updates), and also ensures that the server can successfully boot in its final configuration. Click Enter to reboot, and when the reboot has completed you will have a working Snare Server v7 containing all of your existing event data and configuration. Intersect Alliance International Pty Ltd Page 7 of 9

5. Upgrade Notes 5.1. Upgrade Compatibility The upgrade process expects the existing Snare Server installation to be in the default layout with no customisations. This includes custom objectives, modified scripts, and even new collection modules. These changes will be completely ignored and lost during the upgrade process. The Prepare for Snare Server Upgrade objective checks two main areas for any signs of changes: Partitions It is expected that everything within /data and /var/lib/sqlite is stored on the primary partition, on the primary drive. This is because the upgrade process mounts the first partition, and expects specific files to be there. It does not go looking for other partitions or drives. Some customers will have moved /data/snarearchive on a different drive to the primary drive for storage reasons. If this is the case, then you will not be able to proceed with the upgrade. Symlinks It is common to use Symlinks to move around data, such as /data/snarearchive, to a different partition. These cannot be followed by the upgrade process, and as such if these exist, the upgrade may fail and data may be lost. 5.2. Backing up the Snare Server The Snare Server v6 is a heavily modified version of Ubuntu Server 10.04 LTS. Any existing backup tool that supports Ubuntu 10.04 LTS should also work on the Snare Server. A full system or bare metal backup is recommended to make restoration as easy as possible. However, if this is not possible, then backing up the following directories will save all important data on a default Snare Server install: /data/ /var/ /etc/ /home/ /root/ 5.3. Event Collection Downtime During the process of the upgrade, Event Collection will be disrupted. This will occur from the point when the Snare Server is rebooted for the first time to boot from the ISO disk, until the server finishes booting after the final reboot in the process. This downtime can take 15 to 30 minutes or more depending on hardware performance, and delays when completing the installation configuration steps. This will need to be factored into your environment and upgrade plans, as it may affect your company policies and monitoring requirements. It is recommended that all Snare Agents are set to send events via TCP to allow the Agent to queue the events for transmission after the Server comes back online, rather than sending them blindly during the downtime as is the case with UDP. Although Snare Server v7 will require a new license to be generated and installed before the user interface can be used, collection will continue while the server is unlicensed to ensure no events are lost during the license request process. 5.4. New License for v7 The Snare Server v7 uses a different licensing system to Snare Server v6, which means that existing licenses for v6 servers will not work for v7 servers. For a new installation, or a side-by-side migration, this is no different from the existing process of requesting a new license after installation. For the over-the-top upgrade, this means that once the upgrade has been completed, a new license request must be sent to generate a new license to activate the v7 server. Intersect Alliance International Pty Ltd Page 8 of 9

It is not possible to generate the license request for v7 within v6, and as such it must be completed after the upgrade process is completed and not before. Intersect Alliance International Pty Ltd Page 9 of 9

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information