Upgrade Privilege Management Reporting

Assumptions

This guide assumes there is a working installation of Privilege Management Reporting v4.0 or later installed.

Since the release of Privilege Management Reporting v4.1, the EventManagement installer is now two installers:

  • PrivilegeManagementEventParser
  • PrivilegeManagementReportingDatabase

In some configurations, the Event Parser is not required.

Upgrade

The installers for the Privilege Management Database and the Event Parser must be used to manage the upgrade for on-premises databases.

Please use the following process to upgrade the Privilege Management database and event parser:

  1. Stop the BeyondTrust Privilege Management Event Parser service. You need to check that all events are finished processing.

Query the following tables first to check that they are empty:

  • dbo.Staging
  • dbo.Staging_ServiceStart
  • dbo.Staging_ServiceStop
  • dbo.Staging_UserLogon

Subsequently, query the following tables:

  • dbo.StagingTemp
  • dbo.StagingTemp_ServiceStart
  • dbo.StagingTemp_ServiceStop
  • dbo.StagingTemp_UserLogon

All remaining events are processed after the tables are empty.

  1. Stop the CopyFromStaging step from running by either disabling the SQL Agent Job or the Service Broker Queue depending on which mechanism is being used.

Verify CopyFromStaging is Running

Verify that the SQL Query reflects the correct parameters.

To check if the CopyFromStaging process is running, execute the following query:

 

SELECT BitValue, StringValue FROM Config WHERE ConfigId = 'CopyFromStagingLocked'

The installer pauses on the upgrade script if the process is running.

Right-click the SQL Server Agent Job to Disable it.

Disable SQL Agent Job

To disable a SQL Agent Job, Right-click the job and select Disable from the expanded menu.

 

Right-click the System Queue to Disable Queue.

Disable Service Broker Queue

To disable the Service Broker Queue, Right-click the queue and select Disable Queue from the expanded menu.

 

  1. Stop the SQL Server service.
  2. Uninstall the Privilege Management Reporting Pack.
  3. Restart the SQL Server service.
  4. Load SQL Server Reporting Configuration Manager and connect to the database. Navigate to the Reporting link and use the dropdown to delete the top level folder.
  5. Run the Privilege Management Database installer to upgrade the database. Ensure you point the installer to the existing Database server and Privilege Management database name when prompted.

If you installed Privilege Management Reporting from version 5.1 or later, the default name for the database is BeyondTrustReporting. If you installed a previous version, the default name is AvectoPrivilegeGuard. Alternatively, you may have chosen a different database name.

If you see an error message that states "Please stop CopyFromStaging from running before upgrading the database", then ensure no new events are processing by querying the above tables and try again.

  1. Run the Privilege Management Reporting pack to upgrade the reports. Ensure you point the installer to the existing Database server and Privilege Management database name when prompted.
  2. Upgrade the BeyondTrust Privilege Management Event Parser. Ensure you point the installer to the existing Database server and Privilege Management database name when prompted.

This upgrade path can be applied to both standalone Privilege Management configurations and to configurations deployed to multiple machines.

When you install Privilege Management Reporting, the Reporting Pack, the Database, and Event Parser installers should be the same version. However, you can use a different version of the Privilege Management client and the Privilege Management Console with Privilege Management Reporting. The Privilege Management client generates the data that populates the reporting database. If any new features are added to the reporting pack, the pack is only populated if the Privilege Management client is on a version that supports the data generation.

Manual Upgrade

To upgrade a Privilege Management database using SQL scripts:

  1. The SQL scripts are provided as part of the Privilege Management installers, located in the Privilege Management Reporting release folder, which can be found in the BeyondTrust portal. Alternatively, you can contact BeyondTrust Technical Support.

There is a README file provided in this directory to assist you.

  1. Run the following SQL query to return the version of the database.

  2. select * from DatabaseVersion
  3. Execute the upgrade script where the name is the next version number and carry on applying these until the desired version is reached.

  4. For example, if your current database version is 4.3.16 and you want to upgrade to version 5.0.0, run the following scripts in order:
    1. Script_4.5.0_Updates.sql
    2. Script_5.0.0_Updates.sql

    Please check the SQL log for any errors and contact BeyondTrust Technical Support if necessary.

  1. Run and execute the following SQL query against the reporting database to return the versions in the InstallShield table:
  2. SELECT * FROM [dbo].[InstallShield]
  3. Open the InstallShield query file. This is available in the SQL folder, and is a Privilege Management Reporting artifact.
  4. Copy the relevant INSERT lines from this query file that are not included in the database table.
    For example, if the upgrade is from 5.1.1 to 5.4, you need to copy these lines:
    INSERT [dbo].[InstallShield] ([ISSchema]) VALUES (N'5.3.0          ')
    INSERT [dbo].[InstallShield] ([ISSchema]) VALUES (N'5.4.0          ')
  5. Copy these into a query against the Reporting Database and execute it.
  6. View the InstallShield table by running the query below. These values are added.
  7. SELECT * FROM [dbo].[InstallShield]