Skip to content

Backup/restore upgrade procedure

This section looks at how to upgrade using a back & restore method. If you have a clustered environment click here.

Prerequisites

Before starting your backup and restore upgrade make sure the following prerequisites are met:

Prerequisite Description
Upgrade path Review the Standalone upgrade path to ensure you are applying the correct upgrade method based on the version you are upgrading from and to.
Hardware & Software Ensure the correct resources are available before deploying. The following outlines the hardware and software requirements.

Prerequisites
Templates When upgrading to v7.5.1 and above, an upgrade will be required to the latest template bundle to ensure templates continue to work. This should be done before the upgrade.

The steps required to perform the template bundle upgrade will depend upon the template. For details on the templates affected, and how to upgrade them click here.
Licencing A valid license file will be required during the system configuration step. If you don't have a license file contact Osirium.
Ports Ensure TCP ports 443 and 9002 are open as they are required for the client-side and PAM UI.

TCP 2379 (etcd, i.e. key-value store), 2380 (etcd, i.e. key-value store), 2390 (cluster setup API), 2391 (cluster delegation API), 5432 (postgres, i.e. database)

For a full list of ports used by the PAM Server click here.

Software downloads Download the latest PAM Server software, click here.
Recent backup We recommend that you have a recent Osirium backup as well as VM Level backup or Snapshot of the PAM Server being upgraded.
No active user connections Ensure there are no active user connections.
Regenerate Account Credentials for all devices tasks Within the Admin Interface, disable all scheduled Regenerate Account Credentials for all devices tasks within profiles.
Master Encryption Key Ensure you have the Master Encryption Key (MEK) of the current PAM Server or the leader node MEK if restoring a cluster node.

Upgrade procedure

The diagram provides a high-level overview of the process for upgrading your PAM Server using the backup/restore method. This process will apply for both a standalone PAM Server as well as restoring a node in a cluster using an Osirium backup of that node.

Backup/restore upgrade procedure flowchart

Upgrade procedure

Warning

Before starting your upgrade make sure that all Prerequisites have been met.

Deploying the PAM Server

Firstly you will need to deploy a new PAM Server using the latest software version.

Deployment into the different supported infrastructures may vary, therefore click on a link below to be navigated to the correct deployment steps.

Upgrading the PAM Server

Once the PAM Server has been successfully deployed you will need to run through the setup and configuration.

  1. Within the Console window, press ENTER when prompted to start the setup and configuration.

    Enter setup

    Note

    The screen may look different depending upon the environment you are deploying to.

  2. Read and accept the EULA to continue.

  3. Within the Configure Networking screen, configure the following virtual appliance settings. Press TAB to navigate between the fields.

    • IP Address: Enter the IP Address which will be used to connect to the virtual appliance.
    • Netmask: Enter the network mask.
    • Gateway: Enter the network default gateway IP address.
    • Primary DNS: Enter the network primary DNS IP address.
    • (Secondary DNS): Enter the secondary DNS IP address if relevant, else leave blank.
    • (Tertiary DNS): Enter the tertiary DNS IP address if relevant, else leave blank.
    • (DNS Suffixes): Enter the DNS Suffixes if relevant, else leave blank.

    Note

    If you are adding a follower node to a cluster and you have Active Directory configured with just a hostname, enter the search suffixes to allow users to login in to the follower. Alternatively if you do not enter the search suffixes here you can configure them later in the Admin Interface of the follower. See DNS search suffix.

    configure networking

  4. Once completed TAB down to the OK button and press ENTER.

  5. On the PAM Server Restore screen, SFTP onto the virtual appliance using IP Address, username and password shown on the screen.

  6. Copy the Osirium backup file of the PAM Server you want to restore onto this new PAM Server. Once successfully copied, the screen will update and the copied backup file will appear in the list.

    Backup restore file

  7. Select the Osirium backup file and press ENTER.

  8. When prompted, TAB to the OK button and press ENTER to continue.

  9. Enter the Master Encryption Key (including dashes) of the PAM Server that the Osirium backup was taken from.

  10. Once entered TAB to the OK button and press ENTER.

  11. Within the Enter a hostname window, enter a name to identify the new PAM Server.

  12. TAB down to the OK button and press ENTER.

  13. Enter the FQDN (all in lowercase) or IP Address which will be assigned to the PAM Server. The configuration entered here is used to communicate between nodes if you are setting up a cluster.

    FQDN or IP Address

    If the following error occurs then make sure that the hostname can be resolved and check if it has been included in the DNS A records - see Prerequisites.

    Hostname resolution error

    If the following errors occur then make sure that the entered hostname / address are correct and press ENTER to re-enter.

    FQDN resolution error

    IP resolution error

  14. TAB down to the OK button and press ENTER.

  15. Set a password for the Primary SuperAdmin account. The username (SuperAdmin) and the password will be used later to log into Osirium PAM.

  16. TAB down to the OK button and press TAB.

  17. Confirm the primary SuperAdmin account password.

  18. TAB down to the OK button and press TAB. Wait while the system is configured.

    From release v7.2 the PAM Server and PAM UI have been integrated to provide a single unified installation.

    Make a note of the https address if you want to connect to the server via the unified PAM UI.

    If you wish to install and configure a separate PAM UI Server click here for instructions.

Post upgrade tasks

Once the Osirium backup has successfully installed, logon to Osirium PAM and check the following before allowing users to reconnect:

Post upgrade task Description
Trigger AD audit Before opening any device connections that use an Active Directory account, an audit needs to be manually triggered on all provisioned Active Directories.

You can do this by right clicking the Active Directory on the Manage Active Directory page, and select Trigger audit from the menu. This will allow additional fields on the Active Directory account page to be populated.
Check device states Check device status to ensure they are running successfully.
Check user connections Check users can connect to devices.
Re-enable scheduled tasks Re-enable scheduled Regenerate Account Credentials for all devices tasks.
VM level backup Take an Osirium backup and a VM level backup. See Backup & Recovery for further details.
Upgrade other components Use the PAM Component Compatibility Matrix to check if other PAM components need updating inline with the version you are upgrading to and upgrade as appropriate.