local updates

Unanswered Question
May 11th, 2007
User Badges:

Guys, being a partner and working in a region where internet far slow and very uneffcient , we are facing upgrades breaking up in the middle due to comm. problems , how can we download updates offline and then do it via local server , what should we do ...

appreciate your answers ...

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jaigill Mon, 05/14/2007 - 18:36
User Badges:
  • Cisco Employee,

AsyncOS has a feature that may allow you to pre-fetch AsyncOS from the Internet and then upgrade your appliances over the LAN. The feature is officially supported beginning with AsyncOS release 4.5, and in later releases. Earlier releases such as 3.8.3 and 4.0 include the CLI version of the feature, but without official support from IronPort. The feature is fully documented in the IronPort AsyncOS 4.5 Basic User Guide, System Administration, Upgrading AsyncOS.

Local Upgrades are useful if your WAN link is low speed, or if it is highly congested. Either of these problems can manifest itself in upgrade errors. Sometimes upgrades fail with upgrade messages that appear to have nothing to do with bandwidth issues, but the problem resolves itself when Local Upgrades are performed, or if upgraded after hours.

Local Upgrades are also useful if you must upgrade AsyncOS at secure sites which prevent HTTP access to IronPort upgrade servers, even through a web proxy.

Local Upgrades can also be a time-saver. If the IronPort has only low-speed HTTP access to the Internet, being able to upgrade it locally can reduce the amount of time the IronPort channel partner or other technician must wait for the upgrade to complete. Using this technique a complete AsyncOS upgrade may take less than one minute, even on a C10.

It is assumed that in most cases the engineer reading this document will prepare a web server on his/her own laptop computer, and use that to “transport” AsyncOS nearer to the customers’ appliances.

Getting the image

The first step to upgrading your system is retrieving the image from IronPort. If you are on a dial, wireless, VPN, PPPoE or other network connection where your Maximum Transmission Unit (MTU) size is restricted, you may need to use Procedure B below. If Procedure A displays the correct list of images, you do not need to follow Procedure B.

Procedure A

Visit the http://downloads.ironport.com/form.html upgrade site. Enter one or more serial numbers (MAC address hyphen serial-code), separated by commas, into the form. Hit the List upgrades button. You should see a list of images similar to the following:

AsyncOS 4.5.0 build 639 upgrade, 2005-08-01 AsyncOS 4.5.0 build 564 upgrade, 2005-06-23 AsyncOS 4.0.8 upgrade, 2005-08-04 Build 029 AsyncOS 4.0.7 upgrade, 2005-04-14 Build 011 AsyncOS 4.0.6 upgrade, 2005-03-10 Build 012 AsyncOS 4.0.2 upgrade, 2004-11-07 Build 001 AsyncOS 3.8.4 upgrade, 2004-11-02 Build 003

Click the version required, and save to your local disk drive.

Procedure B

If a blank screen is displayed after hitting List upgrades, craft a URL similar to the following:

http://downloads.ironport.com/asyncos/upgrade/?serial=serial_number

Replace the serial number (after the equals sign) with the actual serial number of the appliance you will be upgrading. Save as above.

Multiple Appliance Upgrades

When prompted to save the file, remember that this file is unique to the appliance or appliances that you specified at download time. If you downloaded your machine-specific images separately, you will have to rename them and keep track of which one belongs to which appliance. For the appliance to retrieve them from your web server, you will have to rename it back to asyncos-4-5-0.ipup, for example. Note that “phoebe” is trimmed – and if you are using AsyncOS 4.5 and later you can use any filename with the ipup extension. You will have to rename the files one at a time, and upgrade the IronPorts one at a time. Alternatively, create a unique subdirectory on your web server for each appliance, and save the appropriate image there.

If you listed multiple comma separated serial numbers in the download form, headers in your image will allow it to be installed to those specific appliances. You can also use a URL in this form:

http://downloads.ironport.com/asyncos/upgrade/?serial=serial_number1&ser...

Placing The Image On a Microsoft Web Server

In this example we will use Microsoft Internet Information Server 6.0 or later. The ipup file should be copied to c:\inetpub\wwwroot\asyncos or other similar directory.

Enable directory browsing for this directory. (In IIS Manager, right-click the directory you created, choose properties, tick Directory browsing.)

Enable ipup MIME types. From the HTTP Headers tab, choose MIME Map File Types, add a new type for the extension .ipup, and enter this string as the type: application/octect-stream. You may prefer to make this change on your Default Web Site, so the AsyncOS images can be served from any directories you create in the future. If you are upgrading multiple appliances, you could use this feature to create one directory per appliance, and use a custom URL below for each appliance.

You do not have to restart you web server.

Placing The Image On An Apache Web Server

In this example we will use Apache Web Server 2.0.54 on Windows XP SP2. The ipup file should be copied to C:\Apache\Apache2\htdocs\asyncos or other similar directory.

By default, Apache supports directory browsing for directories without a default page. This is set by the

Options Indexes FollowSymLinks

directive under the section of the httpd.conf file.

To specify a MIME-type for ipup files, edit the \conf\mime-type file and add ipup to the line:

application/octet-stream bin dms lha lzh exe class so dll dmg

As with the IIS configuration above, you can configure separate directories for different appliances.

You do not have to restart your web server.

Configuring the IronPort – CLI

Enter the upgradeconfig command, and follow this sequence of steps. Your input is marked in blue.

ironport.cable.nu> upgradeconfig

Upgrade source: http://downloads.ironport.com/asyncos/upgrade/

Upgrade interface: AUTO

Choose the operation you want to perform:

- SETUP - Edit upgrade configuration.

[]> setup

Please select the upgrade source you want to use for AsyncOS updates:

1. IronPort upgrade server

2. Local upgrade server

[1]> 2

Please select the location of the upgrade files using the format

(http://optionalname:[email protected]:port/directory/). The default HTTP

port is 80; you do not need to specify the port unless you wish to use a

non-standard port. The optional username/password will be presented using HTTP

BASIC_AUTH.

[http://192.168.0.1/]> http://192.168.0.101/asyncos

If you use a hostname instead of an IP address it must be a fully qualified domain name.

When initiating a connection to the upgrade server for AsyncOS upgrades, the

originating IP interface is chosen automatically. If you want to choose a

specific interface, please specify it now.

1. Auto

2. Management (192.168.42.42/24: seaforth.cable.nu)

3. PrivateNet (192.168.0.3/24: ironport.cable.nu)

[1]>

Would you like to use a HTTP proxy server to retrieve AsyncOS updates? [N]>

The system will now use http://192.168.0.101/asyncos for all AsyncOS updates.

To change this configuration in the future, please use the 'upgradeconfig'

command.

Upgrade source: http://192.168.0.101/asyncos

Upgrade interface: AUTO

Choose the operation you want to perform:

- SETUP - Edit upgrade configuration.

[]>

ironport.cable.nu> commit

Please enter some comments describing your changes:

[]>

Changes committed: Tue Aug 16 16:22:13 2005 EST

ironport.cable.nu> upgrade

Upgrades available:

1. AsyncOS 4.0.8 upgrade, 2005-08-04 Build 029

[1]>

Performing an upgrade will require a reboot of the system after the upgrade is

applied. Do you wish to proceed with the upgrade? [Y]>

IronPort Messaging Gateway Appliance(tm) Upgrade

The upgrade will start in 10 seconds.

This upgrade will require a reboot of the system after it finishes.

You may log in again after this is done.

Finding partitions... done.

...

Configuring the IronPort – GUI

Beginning with AsyncOS 4.5, local upgrade configuration and execution is supported via the GUI. This is documented in the Basic User Guide, System Administration, Upgrading AsyncOS.


Troubleshooting

IIS log files are shown in C:\WinNT\system32\LogFiles\W3SVC1. Your current log should have entries like this:

07:25:16 192.168.0.44 GET /asyncos/asyncos-4-0-8.ipup 200

07:25:16 192.168.0.44 GET /asyncos/asyncos-4-0-8.ipup.txt 200

Entries like this may indicate that directory browsing was not supported:

00:22:41 192.168.0.3 GET /iisstart.asp 200

Apache log files are shown in C:\Apache\Apache2\logs. Your log should have entries like this:

10.10.2.200 - - [23/Sep/2005:09:38:21 +0200] "GET /asyncos_test/asyncos-4-0-8.ipup HTTP/1.1" 200 75912252

Entries such as these from access.log and error.log may indicate that directory browsing is not permitted:

/logs/access.log

10.10.2.200 - - [23/Sep/2005:12:38:19 +0200] "GET /asyncos/ HTTP/1.1" 403 296

/logs/error.log

[Fri Sep 23 12:34:37 2005] [error] [client 10.10.2.200] Directory index forbidden by rule: C:/Apache/Apache2/htdocs/asyncos/

[Fri Sep 23 12:34:37 2005] [error] [client 10.10.2.200] File does not exist: C:/Apache/Apache2/htdocs/favicon.ico

[Fri Sep 23 12:34:40 2005] [error] [client 10.10.2.200] Directory index forbidden by rule: C:/Apache/Apache2/htdocs/asyncos/

[Fri Sep 23 12:34:41 2005] [error] [client 10.10.2.200] File does not exist: C:/Apache/Apache2/htdocs/favicon.ico

An error such as this in the GUI may indicate that the hostname was unresolveable, and should be replaced with a resolveable FQDN:

Error — Failure downloading upgrade list. (Error performing upgrade: I/O error opening URL 'http://cptdc1/ironport/?serial=001143CE1218-34HCN61&version=4.5.0-735')

Actions

This Discussion