Skip to content

Backup/restore upgrade procedure

This section covers:

Upgrade procedure

The diagram provides a high-level overview of the process for upgrading your PAM Server.

Backup/restore upgrade procedure flowchart

Upgrade procedure

Prerequisites

Before starting your upgrade make sure the following prerequisites are met:

Prerequisite Description
Hardware & Software Ensure the correct resources are available before deploying. The following outlines the hardware and software requirements.

Prerequisites
Licencing A valid license file will be required during the finalise setup step. If you don't have a license file contact Osirium.
Ports Ensure TCP ports 443 and 9002 are open as they are required for the client-side and PAM UI.

TCP 2380 (etcd, i.e. key-value store), 2390 (cluster setup API), 2391 (cluster delegation API), 5432 (postgres, i.e. database)

For a full list of ports used by the PAM Server click here .

Software packages downloaded Download the latest PAM Server software release package for deployment into your infrastructure.

To download the latest PAM Server software, click here.

NOTE: SHA256 checksum is available to verify the integrity of the download.

Master Encryption Key Ensure you have the Master Encryption Key (MEK) of the current PAM Server leader node.
Recent backup Ensure you have a recent backup of all your nodes (leader and followers).
No active user connections Ensure there are no active user connections.
Regenerate Account Credentials for all devices task is disabled Within the Admin Interface, disable all scheduled Regenerate Account Credentials for all devices tasks.

Software packages and downloads

To download the latest PAM Server software release package for deployment into your infrastructure, click here.

A SHA256 checksum is available to verify the download integrity.

Note

The transfer mode must be set to binary.

Deploying the PAM Server

Deployment into the different supported infrastructures may vary therefore, click on a link below to be navigated to the correct deployment steps.

Upgrading the PAM Server

Once the PAM Server has been successfully deployed into your infrastructure you will need to run through the setup and configuration.

  1. Open the console window of the new PAM Server.

  2. Within the Console window, press ENTER when prompted to start the setup and configuration.

    Enter setup

  3. Read and accept the EULA to continue.

    eula

  4. Within the Configure Networking screen, configure the following virtual appliance settings. Press TAB to navigate between the fields.

    • IP Address: Enter the IP Address which will be used to connect to the virtual appliance.
    • Netmask: Enter the network mask.
    • Gateway: Enter the network default gateway IP address.
    • Primary DNS: Enter the network primary DNS IP address.
    • (Secondary DNS): Enter the secondary DNS IP address if relevant, else leave blank.

    configure networking

  5. Once completed TAB down to the OK button and press ENTER.

  6. When you get to the PAM Server Restore screen, SFTP onto the virtual appliance using the IP Address, username and password shown on the screen.

    sftp details

  7. Copy the backup file of the PAM Server you want to restore onto this new PAM Server. Once successfully copied, the screen will update and the copied backup file will appear in the list.

    Backup restore file

  8. Select the backup file and press ENTER. When prompted TAB to the OK button and press ENTER.

    Backup restore confirmation

  9. Enter the Master Encryption Key (including dashes) of the PAM Server that the backup was taken from. Select OK and press ENTER.

    Backup restore MEK

  10. Within the Enter a hostname window, enter a name to identify the new PAM Server.

    hostname

  11. TAB down to the OK button and press ENTER.

  12. Enter the FQDN (all in lowercase) or IP Address which will be assigned to the node. The configuration entered here is used to communicate between nodes. FQDN or IP Address

    If the following error occurs then make sure that the hostname can be resolved and check if it has been included in the DNS A records - see Prerequisites.

    Hostname resolution error

  13. TAB down to the OK button and press ENTER.

  14. Set a password for the primary superadmin account. The username (superadmin) and the password will be used later to log into the PAM UI. superadmin password

  15. TAB down to the OK button and press TAB.

  16. Confirm the primary superadmin account password.

  17. TAB down to the OK button and press TAB. Wait while the system is configured.

    Console window

    Make a note of the https address which will be required to connect to the PAM Server from the PAM UI. This is only required if you have an existing PAM UI Server.

    For instructions to install and configure the PAM UI click here.

Upgrading the PAM UI

This step is only required if you have an existing PAM UI Server. The PAM UI must be on the same version as the PAM Server to benefit from all the enhancements.

Click here for the PAM UI installation and upgrade guide.

Finalise setup

Uploading an Osirium product licence

Once the configuration has completed and your virtual appliance has rebooted, you will need to log on using the PAM UI and upload a valid Osirium product licence to get started.

  1. Click here for instructions on how to log on to the PAM Server via the PAM UI.

  2. Once successfully logged on, open up the Admin Interface. You will be prompted to upload a valid Osirium licence before you can start using the PAM Server.

    Click Choose File and select the licence file.

    Licence upload

  3. Click Upload.

  4. Click Acknowledge within the Action notifications window. Your browser will be refreshed.

  5. Your PAM Server is now ready.

    PAM UI login

  6. To confirm the cluster status, on the Admin Interface navigate to the System configuration > Clustering tab. Information on this page will update if additional nodes (followers) are joined to the cluster.

    If there is only one node the Local role will be displayed as Standalone.

    Cluster tab standalone

    Once a second node has been created and joined to the cluster the Local role will be updated to Leader and the Node status will be displayed as Clustered.

    Cluster tab clustered

Post upgrade tasks

Before opening any device connections that use an Active Directory account, an audit needs to be manually triggered on all provisioned Active Directories. You can do this by right clicking the named Active Directory from the Manage Active Directory page, and select Trigger audit from the menu. This will allow additional fields on the Active Directory account page to be populated.

Once the backup has successfully installed, log onto the PAM Server using the PAM UI.

Before allowing users to connect back onto the PAM Server:

  • Ensure the devices are running successfully.

  • Ensure the devices are still accessible through the PAM UI.

  • Within the Admin Interface, re-enable scheduled Regenerate Account Credentials for all devices tasks.

  • Take a backup of the new PAM Server.