Synchronous Upgrade of Two B Series Appliances in a Failover Relationship

With synchronous updating, the primary B Series Appliance is updated first and maintains its role as primary. This method does involve some downtime; it is recommended for simple deployments and scenarios that will not suffer from being offline during the update.

BeyondTrust recommends performing upgrades during scheduled maintenance windows. Your BeyondTrust site will be temporarily unavailable during the upgrade. All logged in users and active sessions will be terminated.You will need to schedule two separate maintenance windows in which to complete the upgrade. Installation usually takes between 15 minutes to an hour. However, if you are storing a large amount of data on your B Series Appliance (e.g., session recordings), the installation could take significantly longer.Plan an interim period between the two maintenance windows adequate enough to confirm the new software version in your production environment but brief enough to minimize the exposure of temporarily not having a failover configuration. BeyondTrust also recommends testing the update in a controlled environment prior to deploying into production. If you experience any issues during the Base update, do not restart the B Series Appliance. Please contact BeyondTrust Technical Support.

In these instructions, Appliance A is the primary B Series Appliance (i.e., the B Series Appliance to which the primary hostname resolves), while Appliance B is the backup B Series Appliance.

Backup and Sync

Prior to upgrading, make a backup of your current BeyondTrust software settings. On Appliance A, go to /login > Management > Software.

Image of the Backup Settings section in /login

Click the Download Backup button, and save the backup file to a secure location.

 

Failover Backup Site Instance Status

Go to /login > Management > Failover, click Sync Now, and wait for synchronization to complete.

Once synchronization has finished, click Break Failover Relationships.

 

Update Appliance A

Update Appliance A using either the automatic or the manual update method.

Automatic

In most cases, BeyondTrust customers can download and install updates with no assistance from BeyondTrust Technical Support. To see if an upgrade is available, go to /appliance > Updates.

Updates

Click on Check for updates.

If a software update is available, it will appear under Available Updates. Once you click Install This Update, the B Series Appliance will download and automatically install the new version of the BeyondTrust software.

"BeyondTrust" software updates often depend on one or more "Base Software" updates. Install the available Base Software updates to enable the dependent BeyondTrust updates. Then download a backup and immediately install the BeyondTrust software updates before doing anything else, such as failing over or installing updates on another B Series Appliance.

If automatic updates fail when expected to work, please see the Support Portal for more information.

Manual

If you are unable to use automatic updates (e.g., if your B Series Appliance exists on a restricted network), you may perform manual updates.

Go to /appliance > Updates.

Updates

Updates :: Manual Installation

Updates :: Appliance Download Key

Click the Appliance Download Key link to generate a unique B Series Appliance key. From a non-restricted system, submit this key to BeyondTrust's update server at https://btupdate.com. Download any available updates to a removable storage device and then transfer those updates to a system from which you can manage your B Series Appliance.

From the Updates page, browse to the file from the Manual Installation section and then click the Update Software button to complete the installation. The B Series Appliance will install the new version of the BeyondTrust software.

Be prepared to install software updates directly after download. Once an update has been downloaded, it no longer appears in your list of available updates. Should you need to re-download an update, contact BeyondTrust Technical Support.

 

Verify and Test

After completing the upgrade process, verify that the update completed successfully and that your software is working as expected. Your installed access consoles will need to be upgraded after the site upgrades. Typically, this occurs automatically the next time the user run the access console.To check the software build that a console is running, log into the console and then click Help > About. Also be sure that you can make a connection to a remote computer via a session.

Access consoles previously deployed on locked-down computers using MSI may need to be re-deployed once the upgrade is complete. If the extractable access console or extractable Jump Client feature has been enabled for your site by BeyondTrust Technical Support, then you can download an MSI installer to update access consoles and/or Jump Clients prior to upgrading the B Series Appliance. To do this, check for the new update either manually or automatically. Note that the updated clients will not come online until their B Series Appliance is updated. It is not necessary to uninstall the original client prior to deploying the new one, as the new one should automatically replace the original installation. It is a best practice, however, to keep a copy of the old MSI to remove the outdated installations after the B Series Appliance is updated should this removal prove necessary. The new MSI is unable to do so.

Update Appliance B

Update Appliance B using either the automatic or the manual update method as defined above. Then verify and test that the update completed successfully.

Reestablish Failover Relationship

From Appliance A, go to /login > Management > Failover.

To configure a valid connection, both B Series Appliances must have identical Inter-Appliance keys. See the /login > Management > Security page to verify the key for each B Series Appliance.

Reestablish the failover relationship with the backup B Series Appliance, using Appliance B as the backup and keeping Appliance A as the primary.

Establishing the relationship between the two B Series Appliances occurs on the Failover page of the B Series Appliance intended to be the primary B Series Appliance. The addresses that are entered here will establish the relationship and allow either B Series Appliance to connect to each other at any time. The New Backup Site Connection Details tell the primary B Series Appliance how to connect to the B Series Appliance that will become the backup B Series Appliance. The Reverse Connection Details to this Primary Site are given to the backup B Series Appliance and tell it how to connect back to this primary B Series Appliance. You must use a valid hostname or IP address and TLS port number for these fields. When all of these fields are set, click the Establish Relationship button to attempt to establish the relationship.

Whenever possible, BeyondTrust recommends using the unique IP address of each B Series Appliance when configuring these settings.

Once the relationship has been established, extraneous tabs are removed from the backup site. It takes about 60 seconds for the first data synchronization to initiate, but you may also click the Sync Now button to force synchronization and pull the most current information from the primary B Series Appliance into the memory of the backup B Series Appliance. Synchronization itself may take anywhere from a few seconds to a few hours, depending on the amount of data that needs to be synchronized. The Failover page lists the last date and time of data synchronization when synchronization is completed.