Upgrade Multiple B Series Appliances in an Atlas Cluster

Upgrading BeyondTrust Atlas clusters is more involved than upgrading failover pairs or individual B Series Appliances. The following section explains how to properly upgrade Atlas clusters.

For more information on how to set up and configure Atlas, please see the Atlas Configuration Guide.

With Failover Configured

These steps assume that there are two primary nodes operating in a failover configuration. These are referred to as Appliance A (the primary node in the failover pair) and Appliance B (the backup primary node). If failover is not configured and there is no backup primary node, skip to the section Without Failover Configured.

The failover process does cause downtime. Please plan accordingly.

  1. On Appliance A, go to /appliance > Management > Software Management.
    1. Download the available updates, but do not install them.
    2. Click the Distribute to Cluster button to push the package to all other nodes.

This does not install any new software but only prepares for it to be installed.

  1. On Appliance A, go to /login > Management > Cluster.
    1. Identify half of the traffic nodes to be temporarily disable per geographical region.
    2. On the identified nodes, uncheck Accepting New Client Connections. These are referred to as the offline traffic nodes.
  2. On each offline traffic node, go to /login > Status > Information.
  3. Looking at the Connected Clients table, wait for all active customer client and representative console connections to end. This waiting period prevents the interruption of existing sessions.
  1. On Appliance B, go to /appliance > Updates.
  2. Click the Install button to upgrade the software to the latest version, making sure to install updates in the appropriate sequence.

 

Base software updates are typically installed before licensing software updates. If the order is unclear, contact www.beyondtrust.com/support before installing any updates. The B Series Appliance automatically reboots as part of the Base software update process.

Updating the software automatically causes Appliance B to mark all traffic nodes as not accepting new client connections in the cluster configuration.

Do not make changes to the configuration of Appliance A during this upgrade. Any such changes will be overwritten upon the first data-sync after the upgrade.

  1. Repeat the upgrade process above for each of the offline traffic nodes. Once done, Appliance A and half of the traffic nodes should be on the old version of BeyondTrust. Appliance B and the other half of the traffic nodes should be on the new version.

This failover process does cause downtime. Please plan accordingly.

  1. On Appliance A, go to /login > Management > Failover.
  2. Check Become backup even if the peer site cannot be contacted.
  3. Click the Become Backup button.

This process causes the backup B Series Appliance to take the primary role in the failover pair.

  1. If necessary, swing DNS and/or NAT to Appliance B. If shared IP failover is configured, neither DNS or NAT settings need be changed; instead, the shared IP address auto-deactivates on Appliance A.
  2. Switch to Appliance B and go to /login > Management > Failover.
  3. Click Become Primary.
  4. Uncheck the Enable Backup Operations checkbox.
  1. On Appliance B, go to /login > Management > Cluster.
  2. For each traffic node which has been upgraded, check the Accepting New Client Connections checkbox.
  3. In the Cluster :: Status section, click Sync Now.
  1. On each traffic node which has not yet been upgraded, go to /appliance > Updates.
  2. Click Install to upgrade to the new version, making sure to install updates in the appropriate sequence. Wait for the updates to finish installing.
  3. Switch to Appliance B and go to /login > Management > Cluster.
  4. For each traffic node upgraded in the previous step, check Accepting New Client Connections.
  1. On Appliance A, go to /appliance > Updates.
  2. Click Install to upgrade to the new version, making sure to install updates in the appropriate sequence.
  1. On Appliance A, go to /login > Management > Failover.
  2. Check Enable Backup Operations.
  3. Switch to Appliance B and go to /login > Management > Cluster.
  4. In the Cluster :: Status section, click Sync Now.

Without Failover Configured

  1. Go to /login > Management > Software Management.
    1. Download the available updates as described in Upgrade a Single BeyondTrust Appliance B Series Using Manual Updates, but do not install them.
    2. Click the Distribute to Cluster button to push the package to all other nodes.

Distribute to Cluster is only shown for B Series Appliances that are part of an Atlas Cluster.

This does not install any new software but only prepares for it to be installed.

  1. Go to /login > Management > Cluster.
    1. Identify half of the traffic nodes to be temporarily disable per geographical region.
    2. On the identified nodes, uncheck Accepting New Client Connections. These are referred to as the offline traffic nodes.
  2. On each offline traffic node, go to /login > Status > Information.
  3. Looking at the Connected Clients table, wait for all active customer client and representative console connections to end. This waiting period prevents the interruption of existing sessions.
  1. On each offline traffic node, go to /appliance > Updates.
  2. Click the Install button to upgrade the software to the latest version, making sure to install updates in the appropriate sequence.

 

Base software updates are typically installed before licensing software updates. If the order is unclear, contact www.beyondtrust.com/support before installing any updates. The B Series Appliance automatically reboots as part of the Base software update process.

  1. On the primary node, go to /appliance > Updates.
  2. Click the Install button to upgrade the software to the latest version, making sure to install updates in the appropriate sequence. Updating the software automatically causes the primary node to mark all traffic nodes as not accepting new client connections in the cluster configuration.
  1. On the primary node, go to /login > Management > Cluster.
  2. For each traffic node which has been upgraded, check the Accepting New Client Connections checkbox.
  3. In the Status section, click Sync Now.
  1. On each traffic node which has not yet been upgraded, go to /appliance > Updates.
  2. Click Install to upgrade to the new version, making sure to install updates in the appropriate sequence. Wait for the updates to finish installing.
  1. Switch to the primary node and go to /login > Management > Cluster.
  2. For each traffic node upgraded in the previous step, check Accepting New Client Connections.
  3. In the Status section, click Sync Now.