Upgrade Multiple B Series Appliances in an Atlas Cluster

Upgrading BeyondTrust Atlas clusters is more involved than upgrading failover pairs or individual B Series Appliances. The following section explains how to properly upgrade Atlas clusters.

For more information on how to set up and configure Atlas, please see the Atlas Configuration Guide.

With Failover Configured

These steps assume that there are two primary nodes operating in a failover configuration. These are referred to as Appliance A (the primary node in the failover pair) and Appliance B (the backup primary node). If failover is not configured and there is no backup primary node, skip to the section Without Failover Configured.

The failover process does cause downtime. Please plan accordingly.

Preparation

  1. On Appliance A, go to /appliance > Updates > Updates: Manual Installation.
    • click the Appliance Download Key link to generate a unique B Series Appliance key. From a non-restricted system, submit this key to BeyondTrust's update server at https://btupdate.com. Download any available updates to a removable storage device and then transfer those updates to a system from which you can manage your B Series Appliance.
    • Download the available updates, but do not install them.
    • Click the Distribute to Cluster button to push the package to all other nodes.

This does not install any new software but only prepares for it to be installed.

  1. For Appliance A, go to /login > Management > Cluster.
    • Identify half of the traffic nodes to be temporarily disable per geographical region.
    • On the identified nodes, uncheck Accepting New Client Connections. These are referred to as the offline traffic nodes.
  2. On each offline traffic node, go to /login > Status > Information.
  3. Looking at the Connected Clients table, wait for all active customer client and representative console connections to end. This waiting period prevents the interruption of existing sessions.

Upgrade the Backup

  1. On Appliance B, go to /appliance > Updates.
  2. Click the Install button to upgrade the software to the latest version, making sure to install updates in the appropriate sequence.

 

Base software updates are typically installed before licensing software updates. If the order is unclear, contact Support at www.beyondtrust.com/support before installing any updates. The B Series Appliance automatically reboots as part of the Base software update process.

Updating the software automatically causes Appliance B to mark all traffic nodes as not accepting new client connections in the cluster configuration.

Do not make changes to the configuration of Appliance A during this upgrade. Any such changes will be overwritten upon the first data-sync after the upgrade.

  1. Repeat the upgrade process above for each of the offline traffic nodes. Once done, Appliance A and half of the traffic nodes should be on the old version of BeyondTrust. Appliance B and the other half of the traffic nodes should be on the new version.

Put the New Primary into Production

This failover process does cause downtime. Please plan accordingly.

  1. For Appliance A, go to /login > Management > Failover.
  2. Check Become backup even if the peer site cannot be contacted.
  3. Click the Become Backup button.

This process causes the backup B Series Appliance to take the primary role in the failover pair.

  1. If necessary, swing DNS and/or NAT to Appliance B. If shared IP failover is configured, neither DNS or NAT settings need be changed; instead, the shared IP address auto-deactivates on Appliance A.
  2. Switch to Appliance B and for that appliance go to /login > Management > Failover.
  3. Click Become Primary.
  4. Uncheck the Enable Backup Operations checkbox.

Bring Upgraded Traffic Nodes Back Online

  1. For Appliance B, go to /login > Management > Cluster.
  2. For each traffic node which has been upgraded, check the Accepting New Client Connections checkbox.
  3. In the Cluster :: Status section, click Sync Now.

Upgrade the Rest of the Deployment

  1. On each traffic node which has not yet been upgraded, go to /appliance > Updates.
  2. Click Install to upgrade to the new version, making sure to install updates in the appropriate sequence. Wait for the updates to finish installing.
  3. Switch to Appliance B and for that appliance go to /login > Management > Cluster.
  4. For each traffic node upgraded in the previous step, check Accepting New Client Connections.

Upgrade Appliance A

  1. On Appliance A, go to /appliance > Updates.
  2. Click Install to upgrade to the new version, making sure to install updates in the appropriate sequence.

Restore the Cluster Configuration

  1. For Appliance A, go to /login > Management > Failover.
  2. Check Enable Backup Operations.
  3. Switch to Appliance B and for that appliance go to /login > Management > Cluster.
  4. In the Cluster :: Status section, click Sync Now.

Without Failover Configured

Preparation

  1. On Appliance A, go to /appliance > Updates > Updates: Manual Installation.
    • click the Appliance Download Key link to generate a unique B Series Appliance key. From a non-restricted system, submit this key to BeyondTrust's update server at https://btupdate.com. Download any available updates to a removable storage device and then transfer those updates to a system from which you can manage your B Series Appliance.
    • Download the available updates, but do not install them.
    • Click the Distribute to Cluster button to push the package to all other nodes.

Distribute to Cluster is only shown for B Series Appliances that are part of an Atlas Cluster.

This does not install any new software but only prepares for it to be installed.

  1. Go to /login > Management > Cluster.
    • Identify half of the traffic nodes to be temporarily disable per geographical region.
    • On the identified nodes, uncheck Accepting New Client Connections. These are referred to as the offline traffic nodes.
  2. On each offline traffic node, go to /login > Status > Information.
  3. Looking at the Connected Clients table, wait for all active customer client and representative console connections to end. This waiting period prevents the interruption of existing sessions.

Upgrade the offline nodes

  1. On each offline traffic node, go to /appliance > Updates.
  2. Click the Install button to upgrade the software to the latest version, making sure to install updates in the appropriate sequence.

 

Base software updates are typically installed before licensing software updates. If the order is unclear, contact www.beyondtrust.com/support before installing any updates. The B Series Appliance automatically reboots as part of the Base software update process.

Upgrade the primary node

  1. On the primary node, go to /appliance > Updates.
  2. Click the Install button to upgrade the software to the latest version, making sure to install updates in the appropriate sequence. Updating the software automatically causes the primary node to mark all traffic nodes as not accepting new client connections in the cluster configuration.

Bring Upgraded Traffic Nodes Back Online

  1. On the primary node, go to /login > Management > Cluster.
  2. For each traffic node which has been upgraded, check the Accepting New Client Connections checkbox.
  3. In the Status section, click Sync Now.

Upgrade the Rest of the Deployment

  1. On each traffic node which has not yet been upgraded, go to /appliance > Updates.
  2. Click Install to upgrade to the new version, making sure to install updates in the appropriate sequence. Wait for the updates to finish installing.

Restore the Cluster Configuration

  1. Switch to the primary node and go to /login > Management > Cluster.
  2. For each traffic node upgraded in the previous step, check Accepting New Client Connections.
  3. In the Status section, click Sync Now.