Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Preparation Checklist for JSA Upgrades

To successfully upgrade an JSA system, verify your upgrade path, especially when you upgrade from older versions that require intermediate steps. You must also review the software, hardware, and high availability (HA) requirements.

ISO files are used for major operating system version upgrades and SFS files are used for any upgrades that do not include a major operating system version upgrade.

If you upgrade to JSA 7.5.0 Fix Pack 1 or later a database migration occurs. The time to complete the database migration can take many hours and is dependent on the database size, hard drive/storage performance, network performance, and hardware performance.

Use the following checklist to make sure that you are prepared for an upgrade.

  • Review the JSA Release Notes (https://www.juniper.net/documentation/product/en_US/juniper-secure-analytics/).

  • Run a health check and fix any failures. See "Running health checks" in the Juniper Secure Analytics Troubleshooting Guide.

  • Notify users of scheduled maintenance.

  • Verify that running scans and reports are complete.

  • Request that users close all JSA sessions and screen sessions.

  • Review the release notes for the version you are upgrading to and download the SFS file. To access the release notes and SFS file download link, go to https://support.juniper.net/support/downloads/.

  • Verify the checksum of the SFS file.

  • Get a CSV file that contains a list of IP addresses for each appliance in your deployment if you don't already have this information, by typing the following command:

    /opt/qradar/support/deployment_info.sh

  • Unmount all external storage which is not /store/ariel or /store.

  • Back up all third-party data, such as:

    • scripts

    • personal utilities

    • important files or exports

    • JAR files or interim fixes that were provided by JSA support

    • static route files for network interfaces

  • If you have HA appliances in your deployment, verify that your primary appliances are in the Active state, and your secondary appliances are in the Standby state.

  • Ensure that you have direct access to the command line on all appliances. If you are using IMM, iDRAC, Raritan, KVM, or other technology for command line access, ensure that they are configured and functional.

  • You can also back up your custom content by typing the following command:

    /opt/qradar/bin/contentManagement.pl --action export --content-type all

    Depending on the environment size, it could take hours, days, or in some cases weeks for the export to complete in large environments. For more information, see Best Practices when using Content Management Tool to export the data.

  • Confirm that all appliances in your deployment are at the same software version by typing the following commands:

    /opt/qradar/support/all_servers.sh -C -k /opt/qradar/bin/myver > myver_output.txt

    cat myver_output.txt

  • Confirm that all previous updates are unmounted by typing the following commands:

    /opt/qradar/support/all_servers.sh -k "umount /media/cdrom"

    /opt/qradar/support/all_servers.sh -k "umount /media/updates"

  • If you have HA appliances in your deployment:

    • Verify that the /store file system is mounted on the primary appliance and not mounted on the secondary appliance.

    • Verify that the /transient file system is mounted on both the primary and secondary appliances.

  • Review system notifications for errors and warnings for the following messages before you attempt to update. Resolve these error and warning system notifications before you attempt to update:

    • Performance or event pipeline degradation notifications

    • Memory notifications

    • TX sentry messages or process stopped notifications

    • HA active or HA standby failure system notifications

    • Disk failure system notifications

    • Disk Sentry noticed one or more storage partitions are unavailable notifications

    • Time synchronization system notifications

    • Unable to execute a backup request notifications

    • Data replication experiencing difficulty notifications

    • RAID controller misconfiguration notifications

  • Manually deploy changes in the user interface to verify that it completes successfully.

  • Verify that the latest configuration backup completed successfully and download the file to a safe location.

  • Ensure that all apps on your system are updated. Out-of-date apps might not work after you upgrade JSA.

  • Resolve any issues with applications in an error state or not displaying properly.

  • App Nodes are no longer supported as of JSA 7.3.2. If you have an App Node in your deployment, follow the steps in "Migrating from an App Node" in the Juniper Secure Analytics Administration Guide before you start the upgrade.