Upgrade Endpoint Privilege Management Reporting

Assumptions

This guide assumes there is a working installation of Privilege Management Reporting v21.2 or later installed.

If your version is earlier than v21.2, we recommend the following:

  1. Run the v21.2 database installer to update the install to a supported version. Keep in mind that the 21.2 installer has a dependency on the Microsoft SQL Server Native Client.
  2. Run the latest database installer to upgrade to the latest version.

For more information on requirements for the latest database installer, see Prerequisites.

Upgrade

The installers for the Endpoint Privilege Management Database and the Event Parser must be used to manage the upgrade for on-premises databases.

Use the following process to upgrade the Endpoint Privilege Management database and event parser:

  1. Stop the BeyondTrust Endpoint Privilege Management Event Parser service. You need to check that all events are finished processing.

    Query the following tables first to check that they are empty:

    • dbo.Staging
    • dbo.Staging_ServiceStart
    • dbo.Staging_ServiceStop
    • dbo.Staging_UserLogon

    Subsequently, query the following tables:

    • dbo.StagingTemp
    • dbo.StagingTemp_ServiceStart
    • dbo.StagingTemp_ServiceStop
    • dbo.StagingTemp_UserLogon

    All remaining events are processed after the tables are empty.

  2. Stop the CopyFromStaging step from running by either disabling the SQL Agent Job or the Service Broker Queue depending on which mechanism is being used.

Verify CopyFromStaging is Running

Verify that the SQL Query reflects the correct parameters.

To check if the CopyFromStaging process is running, execute the following query:

 

SELECT BitValue, StringValue FROM Config WHERE ConfigId = 'CopyFromStagingLocked'

The installer pauses on the upgrade script if the process is running.

Right-click the SQL Server Agent Job to Disable it.

Disable SQL Agent Job

To disable a SQL Agent Job, Right-click the job and select Disable from the expanded menu.

 

Right-click the System Queue to Disable Queue.

Disable Service Broker Queue

To disable the Service Broker Queue, Right-click the queue and select Disable Queue from the expanded menu.

 

  1. Stop the SQL Server service.
  2. Uninstall the Endpoint Privilege Management Reporting Pack.
  3. Restart the SQL Server service.
  4. Load SQL Server Reporting Configuration Manager and connect to the database. Navigate to the Reporting link and use the dropdown to delete the top level folder.
  5. Run the Endpoint Privilege Management Database installer to upgrade the database. Ensure you point the installer to the existing Database server and Endpoint Privilege Management database name when prompted.

If you installed Endpoint Privilege Management Reporting from version 5.1 or later, the default name for the database is BeyondTrustReporting. If you installed a previous version, the default name is AvectoPrivilegeGuard. Alternatively, you may have chosen a different database name.

If you see an error message that states "Please stop CopyFromStaging from running before upgrading the database", then ensure no new events are processing by querying the above tables and try again.

  1. Run the Endpoint Privilege Management Reporting pack to upgrade the reports. Ensure you point the installer to the existing Database server and Endpoint Privilege Management database name when prompted.
  2. Upgrade the BeyondTrust Endpoint Privilege Management Event Parser. Ensure you point the installer to the existing Database server and Endpoint Privilege Management database name when prompted.

This upgrade path can be applied to both standalone Endpoint Privilege Management configurations and to configurations deployed to multiple machines.

When you install Endpoint Privilege Management Reporting, the Reporting Pack, the Database, and Event Parser installers should be the same version. However, you can use a different version of the Endpoint Privilege Management client and the EPM with Endpoint Privilege Management Reporting. The Endpoint Privilege Management client generates the data that populates the reporting database. If any new features are added to the reporting pack, the pack is only populated if the Endpoint Privilege Management client is on a version that supports the data generation.

Manual Upgrade

To upgrade an Endpoint Privilege Management database using SQL scripts:

  1. The SQL scripts are provided as part of the Endpoint Privilege Management installers, located in the Endpoint Privilege Management Reporting release folder, which can be found in the BeyondTrust portal. Alternatively, you can contact BeyondTrust Technical Support.

There is a README file provided in this directory to assist you.

  1. Run the following SQL query to return the version of the database.
    select * from DatabaseVersion
  2. Execute the upgrade script where the name is the next version number and carry on applying these until the desired version is reached.
For example, if your current database version is 4.3.16 and you want to upgrade to version 5.0.0, run the following scripts in order:
  1. Script_4.5.0_Updates.sql
  2. Script_5.0.0_Updates.sql

    Check the SQL log for any errors and contact BeyondTrust Technical Support if necessary.

  1. Run and execute the following SQL query against the reporting database to return the versions in the InstallShield table:
    SELECT * FROM [dbo].[InstallShield]
  2. Open the InstallShield query file. This is available in the SQL folder, and is an Endpoint Privilege Management Reporting artifact.
  3. Copy the relevant INSERT lines from this query file that are not included in the database table.
For example, if the upgrade is from 5.1.1 to 5.4, you need to copy these lines:
INSERT [dbo].[InstallShield] ([ISSchema]) VALUES (N'5.3.0          ')
INSERT [dbo].[InstallShield] ([ISSchema]) VALUES (N'5.4.0          ')
  1. Copy these into a query against the Reporting Database and execute it.
  2. View the InstallShield table by running the query below. These values are added.
    SELECT * FROM [dbo].[InstallShield]