CTPView Installation and Maintenance Policy
From the release of CTPView 9.0R1, Juniper Networks has adopted a new policy for installation and maintenance of the CTPView server. CTPView is now being distributed as an "Application only" product, in the form of an RPM package. You can now install and maintain the OS (CentOS 7.5) according to the guidelines described in Installing CTPView 9.1R1. With the CTPView 7.3Rx and earlier releases, the OS (CentOS 5.11) and CTPView application were combined and distributed as a single installation ISO, and all updates (OS and CTPView application) were only available from Juniper Networks. This causes a delay in getting CTPView maintenance releases for important security updates (including Linux OS applications and CTPView application).
With this new model, you can update individual CentOS applications independently from the CTPView application if any security vulnerabilities are reported for the Linux OS applications. This provides more flexibility you need to ensure the security of your Linux-based platforms.
CTPView is made up of:
Type 1—Stock CentOS 7.5 RPMs
Type 2—Stock CentOS RPMs from other CentOS versions
Type 3—Modified CentOS RPMs
Type 4—CTPView application file
Where, "Stock" RPMs are the packages that are associated with a particular release of CentOS and readily available on the Internet. "Modified" RPMs are stock versions of RPMs that are modified by Juniper Networks for the needs of the CTPView platform. The CentOS 7.5 installation ISO only contains the components of type 1. The monolithic CTPView RPM contains the remaining components of types 2, 3, and 4, which can be unpacked and installed.
When Juniper Networks delivers a CTPView maintenance release RPM, it contains the updated component versions of types 2, 3, and 4. It also contains dependencies to make sure that type 1 components are also up to date and warn the user if any of them need to be updated.
Juniper Networks maintains a list of RPMs for CTPView that we suggest to be upgraded for security and functional reasons. The following methods are used for determining which CTPView RPMs need updates:
Regular Retina scans
Notifications from Juniper's SIRT team
Reports from customers
When an RPM update is required, Juniper Networks validates the new version of the component to make sure that it functions properly before adding it to the RPM list. This list will be shared to you via a KB. Although CTPView maintenance updates mandate (and possibly provide) up-to-date RPMs before installation, this RPM list helps you to update your CTPView software between releases. If there is an RPM added to the RPM list, you can take immediate action. Juniper Networks delivers the components of type 3 via maintenance releases only. For type 1 and 2 components, the RPMs should be freely available on the web, and Juniper Networks provides sample links. If you discover that an RPM needs a security update and it is not in the RPM list, you can notify us so that we can test it and add it to the list.
A bulk RPM update using "yum update" is strictly forbidden. CTPView 9.x, although mainly based on CentOS 7.5, is also made up of RPMs from other distributions. Performing an update to the latest version of CentOS 7 may cause CTPView to be non-functional, and a reinstallation may be required.
If you update RPMs that are not on the KB RPM list, CTPView may not function properly.