Upgrade the BeyondTrust Software
Please visit the Product Change Log to get the details of each release of BeyondTrust remote support software.
If your BeyondTrust software has not been updated in some time and is several revisions behind the latest version, you will probably need to install several intermediate versions before installing the latest software. Please see the third bullet below for details.
- Prior to upgrading, always create a backup of your settings and configuration from /login > Management > Software Management.
For more information, please see Management.
- As a best practice, export a copy of your SSL certificates and private key, and save them locally to ensure continuity in case of a failure on the upgrade.
For more information, please see steps 1-3 of Replicate the SSL Certificate on Failover and Atlas Appliances for more details.
- For major software releases, customers with current maintenance contracts are placed into a rollout schedule. Once your upgrade is ready, BeyondTrust alerts you via email to begin this upgrade procedure.
- If your appliance is many months or years out of date, it is unlikely to be able to upgrade directly to the latest version of BeyondTrust in a single installation. In this case, some upgrade packages may be grayed out in the updates list and require another package to be installed first. Select Install This Update on the available package to enable the dependent one.
- If uncertain which updates to install or in which order, contact BeyondTrust Technical Support at www.beyondtrust.com/support with a screenshot of your /appliance > Status > Basics page to determine the specific updates needed for your appliance.
- In cases where intermediate BeyondTrust updates must be installed before the latest version, BeyondTrust software clients are not expected to auto-update successfully unless they are allowed time to retrieve the intermediate updates. Therefore, BeyondTrust recommends that you wait at least 24 hours after installing each package prefixed by "BeyondTrust".
- Base updates do not require a waiting period, but they are typically prerequisite to "BeyondTrust" packages. As such, Base updates are normally installed immediately prior to "BeyondTrust" packages.
- If it is impossible to allow 24 hours for automatic client upgrades to complete, the alternative to automated updating is first to remove all existing client software, including representative consoles, Jump Clients, Jumpoints, Support Buttons, connection agents, etc. Install each "BeyondTrust" and Base upgrade in sequence until the latest version is reached. Then, manually reinstall all client software.
- Installation usually takes between 15 minutes to an hour. However, if you are storing a large amount of data on your appliance (e.g., session recordings), the installation could take significantly longer.
- BeyondTrust recommends performing upgrades during scheduled maintenance windows. Your BeyondTrust site will be temporarily unavailable during the upgrade. All logged in users and active sessions will be terminated.
- BeyondTrust also recommends testing the update in a controlled environment prior to deploying into production. Testing can best be performed when you have two appliances in a failover relationship and when you update asynchronously.
For more information, please see Verify and Test.
- If you experience any issues during the Base update, do not restart the Secure Remote Access Appliance. Please contact BeyondTrust Technical Support.
- If you have two appliances set up in a failover configuration, consider whether you want to update synchronously or asynchronously.
- With synchronous updating, the primary appliance is updated first and maintains its role as primary. This method does involve some downtime; it is recommended for simple deployments and scenarios that will not suffer from being offline during the update.
- With asynchronous updating, the backup appliance is updated first and then assumes the role of primary. This method has minimal downtime; it is recommended for larger deployments and scenarios that rely on maintaining solid uptime. Some complexity is involved, as the network may have to be modified in order to fail over to the backup appliance.
Only certain upgrades require client software to update. Base software updates and license add-ons do not require client software updates. Site version updates do require client updates, however. Most client updates occur automatically, but the expected update procedure for each type of client is reviewed below.
When upgrading to a newly built site software package, verify that all certificate stores are managed appropriately and are up-to-date prior to upgrading to a new BeyondTrust version. Failure to do so may cause a majority of your existing Jump Clients to appear offline.
When upgrading to a new software version, please allow some time for all Jump Clients to come back online before moving forward with any other upgrading processes.
- Once a Jump Client appears as online in the representative console or the /login > Status > Information page, it has updated successfully. An effective means of confirming that all Jump Clients have updated is to log into the representative console as an administrative user with permission to modify all Jump Clients in the system. Export the list of Jump Clients. In the resulting report, sort the Jump Clients by Status Details and confirm that all the dates listed are more recent than the date of the last Secure Remote Access Appliance upgrade.
- If too many release versions are installed back-to-back without first allowing Jump Clients to upgrade, Jump Clients may require manual redeployment.
- After an upgrade, Support Buttons update automatically upon being used for the first time subsequent to an upgrade.
- After an upgrade, deployed Jumpoints should automatically update.
- BeyondTrust Connection Agents update automatically after the site upgrades.
- BeyondTrust Integration Clients do not automatically update after the site upgrades. Integration Clients must be re-installed manually.
Integration Client installers are available from the Downloads page at www.beyondtrust.com/support.
- Upon upgrading, it is necessary to regenerate any installer packages previously created for Support Buttons, Jump Clients, and representative consoles. The clients themselves update as described above. However, the installer files for them invalidate once the appliance which generated them is upgraded.