Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Upgrading JSA Appliances

 

You must upgrade all of the JSA products in your deployment to the same version. During the upgrade, the version of Red Hat Enterprise Linux is upgraded to V7.3.

Note

You must have JSA 2014.8.r2 path and later installed before you can upgrade to JSA 7.3.1. Click Help >About to view the JSA version.

Upgrade your JSA Console first, and then upgrade each managed host. In high-availablity (HA) deployments, upgrade the HA primary host first, and then upgrade the HA secondary host.

Note

Upgrading the JSA Console to 7.3.1 should take approximately 3 hours. Upgrading managed hosts should take approximately 1 ½ hours. If you experience extended upgrade times, contact support to review the progress of the upgrade.

  1. If you are not on JSA 2014.8.r2 or later, perform the following steps to update to the minimum JSA software version patch required for the JSA 7.3.1 upgrade. Otherwise, skip to step 2. Note

    Ensure that the console is upgraded before upgrading any attached managed hosts or HA secondary appliances.

    1. Download the <JSA_patchupdate>.sfs file from Juniper Customer Support (https://www.juniper.net/support/downloads).

    2. Use SSH to log in to your system as the root user.

    3. Copy the patch file to the /tmp directory or to another location that has sufficient disk space.

      Note

      Do not copy the file to an existing JSA system directory, such as /store or /root.

    4. To create the /media/updates directory, type the following command:

      mkdir -p /media/updates

    5. Change to the directory where you copied the patch file.

    6. Unzip the patch file using the bunzip utility:

      bunzip2 <patchfilename>.bz2

    7. To mount the patch file to the /media/updates directory, type the following command:

      mount -o loop -t squashfs <jsa_patchupdate>.sfs /media/updates/

    8. To run the patch installer, type the following command:

      /media/updates/installer

      Tip

      The first time that you run the patch installer script, there might be a delay before the first patch installer menu is displayed.

    9. Provide answers to the pre-patch questions based on your JSA deployment.

    10. Using the patch installer, upgrade all systems in your deployment.

      The patch installer menu lists the following options.

      • Console

      • All

      If you select All, the patch is applied to the JSA Console first, and then to all managed hosts. If you select Console, the patch is applied only to the JSA Console. After the patch is applied to the JSA Console, the menu lists the remaining managed hosts, and the All option.

      If your SSH session is disconnected while the patching is in progress, the patching continues. When you reopen your SSH session and rerun the installer, the installation resumes.

    11. After the patch is complete, unmount the software update by using the following command:

      umount /media/updates

    12. Now that you have updated to the minimum patch required for 2014.8, use the following sequence to upgrade to JSA 7.3.1.

  2. To upgrade, download the <JSA>.iso file from Juniper Customer Support (https://www.juniper.net/support/downloads).
    1. Use SSH to log in to your system as the root user.

    2. Copy the ISO file to the /tmp directory or to another location that has sufficient disk space.

      Note

      Don't copy the file to an existing JSA system directory, such as /store or /root.

    3. To create the /media/cdrom directory, type the following command:

      mkdir -p /media/cdrom

    4. Change to the directory where you copied the ISO file.

    5. To mount the ISO file to the /media/cdrom directory, type the following command:

      mount -o loop <JSA>.iso /media/cdrom/

    6. Pretest the installation by typing the following command:

      /media/cdrom/setup -t

    7. Review the pretest output and, if your deployment fails any pretests, take any of the suggested actions.

    8. To run the installer, type the following command:

      /media/cdrom/setup

      Note

      The SSH connection pauses for 20 minutes because the system restarts. Monitor the console screen to confirm when the SSH becomes available after the system restart.

    9. If your deployment includes offboard storage, see the Juniper Secure Analytics Configuring Offboard Storage Guide for steps to reconnect and remount offboard storage types.

  1. Perform an automatic update to ensure that your configuration files contain the latest network security information. For more information, see the Juniper Secure Analytics Administration Guide.

  2. Delete the patch file to free up space on the partition.

  3. Clear your web browser cache. After you upgrade JSA, the Vulnerabilities tab might not be displayed. To use JSA Vulnerability Manager after you upgrade, you must upload and allocate a valid license key. For more information, see the Juniper Secure Analytics Administration Guide for your product.