Upgrading Deployed Capabilities on AWS

Follow the Checklist: Upgrading Your AWS Cluster to ensure a successful upgrade.

As part of the process, you must upgrade your deployed capabilities using the CDF Management Portal.

1. Understanding the Upgrade Prerequisites
2. Accepting the Certificate
3. Downloading the Upgrade File
4. Upgrading Deployed Capabilities

Understanding the Upgrade Prerequisites

Before upgrading, ensure these requirements are met.

• Ability to access the management portal on port 5443.

• The AWS client is configured.

• The Kubernetes command line tool (kubectl) is installed on the bastion and connected to your cluster.

• Run kubectl get pods -A to ensure all pods are running.

• Download the installation packages.

Accepting the Certificate

1. Browse to the management portal at https://<virtual_FQDN>:5443, or at https://<master_node1_FQDN>:5443.
2. Click DEPLOYMENT, and select Deployments.
3. Click the Three Dots  (Browse) on the far right and choose Reconfigure.
4. Accept the certificate.

Downloading the Upgrade File

1. Download the metadata file of the upgrade version to your Windows host.

arcsight-suite-metadata-uv.x.tar.gz

For example: arcsight-suite-metadata-2.0.1.3.tar.gz

2. Download offline images (to your cluster node) of the upgrade version

{product}-uv.x.tgz

For example: transformationhub-3.0.1.3.tgz

3. Unpack Arcsight Platform Cloud Installer. E.g. we unpacked Installer in /tmp folder.

cd /tmp
unzip arcsight-platform-cloud-installer-<VERSION>.zip

4. Unpack aws-scripts.zip from Arcsight Platform Cloud Installer.

cd arcsight-platform-cloud-installer-<VERSION>
unzip aws-scripts.zip

Upgrading Deployed Capabilities

1. Log in to the master node where you downloaded the upgrade files.
2. Change to the following directory.

cd arcsight-platform-cloud-installer-<VERSION>/aws-scripts/scripts

3. Run the following commands to upload the images to the local Docker Registry. Use the -F <image file> option on the command line multiple times for each image to upload. Adjust the -c 8 option up to half of your CPU cores in order to increase the speed of the upload.
You will be prompted for a password for the docker container registry-admin user. The registry-admin password is initially set to the same password as the admin user for the CDF Management Portal during installation when Configuring and Running the OMT Installer; however, later changing the CDF Management Portal admin password does not change the registry-admin password as it is managed separately.

./upload_images_to_ECR -o {organization} -c 8 -F {unzipped-installer-dir}/images/fusion-x.x.x.x.tar -F {unzipped-installer-dir}/images/recon-x.x.x.x.tar

4. Add new metadata.
Make sure to copy the arcsight-suite-metadata-x.x.x.x.tar to the system where your web browser is running before performing the process below.
5. Browse to the management portal at https://<virtual_FQDN>:5443, or at https://<master_node1_FQDN>:5443.
   1. Click DEPLOYMENT>Metadata and click + Add.
   2. Select arcsight-suite-metadata-x.x.x.x.tar from your system. The new metadata is added to the system.
6. If Intelligence is deployed, you must label the worker nodes again. The interset label is now intelligence, the interset-datanode label is now intelligence-datanode, the interset-namenode label is now intelligence-namenode, and the interset-spark label is now intelligence-spark.
7. Start the upgrade process.
   1. Go to DEPLOYMENT > Deployments. Notice the number 1 in the red circle in the Update column.
   Minor version changes do not display like regular updates. (For example: 21.1.0.15 -> 21.1.0.16.)
   2. Click the red circle and select your recently added metadata to initiate the upgrade.
8. From the Update to page, click NEXT until you reach the Import suite images page.
When prompted to download or transfer images, you can simply click Next to skip the steps. You performed these steps earlier.
9. Ensure that the validation results of container images show a complete number of files.
When you arrive at the Import suite images page, the images should already be imported, as you performed these steps earlier.


10. If you’ve deployed Transformation Hub, you must configure your enrichment stream processor, which is a new capability in this release.

    1. On the Transformation Hub tab, specify the # of Enrichment Stream Processor Group instances to start value. The default value is 2.

    2. On the Transformation Hub tab, specify the Enrichment Stream Processor Group source Topic value. The default value is th-arcsight-avro.

       If ESM is deployed, you may want to use a value other than the default to use ESM event enrichment. For more information, see Local and Global ESM Event Enrichment.

    3. On the Fusion tab, specify the Enable Generator ID Manager value to True. The default value is True.

    4. On the same Fusion tab, set the Generator ID Range Start and Generator ID Range End values to provide a range of at least 100 between them.

       A range of 100 should be sufficient for common scenarios with a comfortable buffer, but you could also make the range larger if you have configured a large number of Enrichment Stream Processor instances or other components that utilize Generator IDs from this ArcMC instance.

    It is important to choose a range that does not overlap with the Generator ID Manager range configured in any other ArcMC instances in your organization, otherwise different events with duplicate Globally Unique Event IDs could be created.
11. Click NEXT until you reach the Upgrade Complete page.