Skip to content

Inline upgrade procedure

This section covers:

Upgrade procedure

The diagram provides a high-level overview of the process for upgrading your PAM Server.

Inline upgrade procedure flowchart

Upgrade procedure

Prerequisites

Before starting your upgrade make sure the following prerequisites are met:

Prerequisite Description
Hardware & Software Ensure the correct resources are available before upgrading. The following outlines the hardware and software requirements.

Prerequisites
Ports Ensure TCP ports 443 and 9002 are open as they are required for the client-side and PAM UI.

TCP 2380 (etcd, i.e. key-value store), 2390 (cluster setup API), 2391 (cluster delegation API), 5432 (postgres, i.e. database)

For a full list of ports used by the PAM Server click here .

Software packages downloaded Download the latest PAM Server software release package for deployment into your infrastructure.

To download the latest PAM Server software, click here.

NOTE: SHA256 checksum is available to verify the integrity of the download.

Recent backup Ensure you have a recent VM level backup of all your nodes (leader and followers). For more information regarding backups, click here.
No active user connections Ensure there are no active user connections.
Regenerate Account Credentials for all devices task is disabled Within the Admin Interface, disable all scheduled Regenerate Account Credentials for all devices tasks.
Osirium Support account is enabled Ensure the Osirium Support account has been enabled.

Enabling the Osirium Support account

If the PAM Server support account has NOT already been enabled and a password set then this MUST be done on all nodes as the account is required to run the upgrade.

  1. Log into the the PAM UI as a SuperAdmin.

  2. Open the Admin Interface browser window.

  3. On the left-hand menu, click System configuration. The System configuration page opens.

  4. Within the System configuration, click the System settings tab.

  5. On the table, locate Support account and click the Edit pencil icon. The Edit entry window opens.

  6. Within the Edit entry window, enter a password to be assigned to the support account and check the Enabled checkbox.

    Edit entry window

  7. Click Save. The support account password is set and user account is enabled.

  8. Close the Admin Interface and log out of the PAM UI.

Downloading the upgrade kit

The PAM Server is upgraded using the upgrade kit binary file.

To download the latest PAM Server upgrade kit:

  • Go to the PAM Server page of the Software Releases page.

  • Scroll down to the Upgrading existing appliances section and from the table download the latest upgrade binary file.

  • A SHA256 checksum is available to verify the download integrity.

  • Depending on the version you are upgrading from you may need an earlier version as well which can be downloaded from the same page.

Note

The transfer mode must be set to binary.

Upgrading the PAM Server

  1. Transfer the downloaded upgrade kit onto the PAM Server using the Osirium Support account username and password enabled and set earlier.

    If you are upgrading a cluster then start with the leader node.

  2. From your virtual environment, open the PAM Server console window.

    Console window

  3. Within the PAM Server Console window, press ALT + F2. The server login prompt appears.

    Note

    Alternatively, you could use an SSH connection to the PAM Server.

  4. At the login prompt, type osirium_support and press ENTER.

  5. In the Password prompt, type the password set for the Osirium Support account and press ENTER. The account will be verified and you will be logged onto the PAM Server.

    SSH login

  6. Extract the upgrade kit copied to the server using the following command:

    #! $ sudo bash [Osirium_kit_name] i.e. Osirium_PAM_Server_vA.B.C_upgrade.bin

  7. Enter the Osirium Support account password when prompted and press ENTER. The upgrade kit will be extracted.

  8. When the extraction completes, type the command specified on the screen and press ENTER. For example:

    sudo /data/kits/0.0.0-0/install.py

  9. When the below screen is displayed press ENTER to start the setup.

    Start setup

  10. The EULA screen will be displayed. Press ENTER once you have read and accepted.

    If you are upgrading a cluster goto step 11.
    If you are installing a standalone virtual appliance goto step 15.

  11. The following message appears:

    Press enter

    This node will now wait for all remaining nodes in the cluster to reach this stage before starting to upgrade the cluster.

    Repeat steps 1 - 10 for all remaining nodes in the cluster. Only continue with the below steps once all nodes in the cluster have reached this stage. Once reached goto step 12.

  12. Once all nodes in the cluster have reached the required stage the cluster co-ordinator will disable replication on all nodes and pause the upgrade process to allow you to take backups if required.

    Press enter

  13. When ready re-run the installer using the same arguments as in step 8 on all nodes.

    Once the installer has been re-run on all nodes the cluster co-ordinator will manage the process of performing the upgrade one node at a time and it will keep you updated with its progress as to the number of nodes remaining to be upgraded.

    Press enter

  14. Once all nodes have been upgraded the cluster co-ordinator will automatically restart each of the nodes one at a time. Once restarted each node will show the below screen.

    Press enter

    To continue please goto step 19.

  15. The system configures and the following screen appears:

    Continue without restore

  16. Press ENTER to Continue without restoring a backup. The system configures and the following screen appears:

    Continue without joining cluster

  17. Press ENTER to Continue without joining cluster.

  18. Wait while the upgrade completes and PAM Server is rebooted.

    Restarting

  19. Close your virtual environment session.

Upgrading the PAM UI

This step is only required if you have an existing PAM UI Server. The PAM UI must be on the same version as the PAM Server to benefit from all the enhancements..

Click here for the PAM UI installation and upgrade guide.

Post upgrade tasks

Before opening any device connections that use an Active Directory account, an audit needs to be manually triggered on all provisioned Active Directories. You can do this by right clicking the named Active Directory from the Manage Active Directory page, and select Trigger audit from the menu. This will allow additional fields on the Active Directory account page to be populated.

Once the backup has successfully installed, log onto the PAM Server using the PAM UI.

Before allowing users to connect back onto the PAM Server:

  • Ensure the devices are running successfully.

  • Ensure the devices are still accessible through the PAM UI.

  • Within the Admin Interface, re-enable scheduled Regenerate Account Credentials for all devices tasks.

  • Take a backup of the new PAM Server.