Asynchronous Upgrade of Two BeyondTrust Appliances in a Failover Relationship
With asynchronous updating, the backup appliance is updated first and then assumes the role of primary. This method has minimal downtime; it is recommended for larger deployments and scenarios that rely on maintaining solid uptime. Some complexity is involved, as the network may have to be modified in order to fail over to the backup appliance.
BeyondTrust recommends performing upgrades during scheduled maintenance windows. Your BeyondTrust site will be temporarily unavailable during the upgrade. All logged in users and active sessions will be terminated. You will need to schedule two separate maintenance windows in which to complete the upgrade. Installation usually takes between 15 minutes to an hour. However, if you are storing a large amount of data on your appliance (e.g., session recordings), the installation could take significantly longer. Plan an interim period between the two maintenance windows adequate enough to confirm the new software version in your production environment but brief enough to minimize the exposure of temporarily not having a failover configuration. BeyondTrust also recommends testing the update in a controlled environment prior to deploying into production. If you experience any issues during the Base update, do not restart the BeyondTrust Appliance. Please contact BeyondTrust Technical Support.
In these instructions, Appliance A is the primary appliance (i.e., the appliance to which the primary hostname resolves), while Appliance B is the backup appliance.
Backup and Sync
Prior to upgrading, make a backup of your current BeyondTrust software settings. On Appliance A, go to /login > Management > Software Management.
Click the Download Backup button, and save the backup file to a secure location.
Go to /login > Management > Failover, click Sync Now, and wait for synchronization to complete.
Once synchronization has finished, click Break Failover Relationships.
Update Appliance B
Update Appliance B using either the automatic or the manual update method.
In most cases, BeyondTrust customers can download and install updates with no assistance from BeyondTrust Technical Support. To see if an upgrade is available, go to /appliance > Updates.
Click on Check for updates.
If a software update is available, it will appear under Available Updates. Once you click Install This Update, the appliance will download and automatically install the new version of the BeyondTrust software.
"BeyondTrust" software updates often depend on one or more "Base Software" updates. Install the available Base Software updates to enable the dependent BeyondTrust updates. Then download a backup and immediately install the BeyondTrust software updates before doing anything else, such as failing over or installing updates on another appliance.
If automatic updates fail when expected to work, please see the Support Portal for more information.
If you are unable to use automatic updates (e.g., if your appliance exists on a restricted network), you may perform manual updates.
Go to /appliance > Updates.
Click the Appliance Download Key link to generate a unique appliance key. From a non-restricted system, submit this key to BeyondTrust's update server at https://update.bomgar.com. Download any available updates to a removable storage device and then transfer those updates to a system from which you can manage your appliance.
From the Updates page, browse to the file from the Manual Installation section and then click the Update Software button to complete the installation. The appliance will install the new version of the BeyondTrust software.
Be prepared to install software updates directly after download. Once an update has been downloaded, it no longer appears in your list of available updates. Should you need to re-download an update, contact BeyondTrust Technical Support.
After completing the upgrade process, verify that the update completed successfully and that your software is working as expected.
On a minimum of two local machines that can access Appliance B, edit the hosts file so that your site hostname resolves to the IP address of Appliance B. On one computer, run the access console. Your installed access consoles will need to be upgraded after the site upgrades. Typically, this occurs automatically the next time the user run the access console. To check the software build that a console is running, log into the console and then click Help > About. Also be sure that you can make a connection to a remote computer via a session.
Access consoles previously deployed on locked-down computers using MSI may need to be re-deployed once the upgrade is complete. If the extractable access console or extractable Jump Client feature has been enabled for your site by BeyondTrust Technical Support, then you can download an MSI installer to update access consoles and/or Jump Clients prior to upgrading the appliance. To do this, check for the new update either manually or automatically. Note that the updated clients will not come online until their appliance is updated. It is not necessary to uninstall the original client prior to deploying the new one, as the new one should automatically replace the original installation. It is a best practice, however, to keep a copy of the old MSI to remove the outdated installations after the appliance is updated should this removal prove necessary. The new MSI is unable to do so.
Make Appliance B the Primary Appliance
Set Appliance B to the primary role following the steps previously determined in your failover plan: shared IP switch, DNS swing, or NAT swing.
If you are using the BeyondTrust Integration Client and have configured it based on IP address rather than hostname, be sure to verify that it can extract data from Appliance B after redefining Appliance B as the primary appliance.
Data from sessions completed on either appliance while failover is not enabled will automatically sync once the failover relationship has been re-established.
Shared IP Switch
On Appliance A, go to /appliance > Networking > IP Configuration.
Click on the shared IP address to edit it, and uncheck the Enabled box. Then click Save Changes.
Immediately, go to /appliance > Networking > IP Configuration on Appliance B. It is helpful to have this page already open in a separate browser tab.
Click on the shared IP address to edit it, and check the Enabled box. Then click Save Changes.
As soon as the switch is made, you can resume normal activity. All requests to your site will be served by Appliance B.
Access the DNS controller and locate the DNS entry for your BeyondTrust site. Edit the entry to point to the IP address for Appliance B. Once the DNS entry has propagated, you can resume normal activity. All requests to your site will be served by Appliance B.
Access the NAT controller and locate the NAT entry for your BeyondTrust site. Edit the entry to point to the IP address for Appliance B. As soon as the change is made, you can resume normal activity. All requests to your site will be served by Appliance B.
Update Appliance A
Each customer environment is different, and while BeyondTrust does test each feature, we cannot test each and every scenario a customer may encounter. Please confirm that the BeyondTrust software is working in your environment before updating Appliance A.
Update Appliance A using either the automatic or the manual update method as defined above. Then verify and test that the update completed successfully.
Reestablish Failover Relationship
From Appliance B, go to /login > Management > Failover.
To configure a valid connection, both appliances must have identical Inter-Appliance keys. See the /login > Management > Security page to verify the key for each appliance.
Reestablish the failover relationship with the backup appliance, using Appliance A as the backup and Appliance B as the primary.
Establishing the relationship between the two appliances occurs on the Failover page of the appliance intended to be the primary appliance. The addresses that are entered here will establish the relationship and allow either appliance to connect to each other at any time. The New Backup Site Connection Details tell the primary appliance how to connect to the appliance that will become the backup appliance. The Reverse Connection Details to this Primary Site fields are given to the backup appliance and tell it how to connect back to this primary appliance. You must use a valid hostname or IP address and TLS port number for these fields. When all of these fields are set, click the Establish Relationship button to attempt to establish the relationship.
Whenever possible, BeyondTrust recommends using the unique IP address of each appliance when configuring these settings.
Once the relationship has been established, extraneous tabs are removed from the backup site. It takes about 60 seconds for the first data synchronization to initiate, but you may also click the Sync Now button to force synchronization and pull the most current information from the primary appliance into the memory of the backup appliance. Synchronization itself may take anywhere from a few seconds to a few hours, depending on the amount of data that needs to be synchronized. The Failover page lists the last date and time of data synchronization when synchronization is completed.