Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1203
Views
0
Helpful
2
Replies

upgrade cluster manage MSA 370

afcoanjum
Level 1
Level 1

‎09-19-2013 12:24 AM

I need to upgrade Cluster manage MSA 370 what are the important steps should i measure i had done already to standalone boxes do i have perform in same way by disconnecting Cluster link or should i break cluster then perform upgrade.

Labels:
0 Helpful
2 Replies 2

Robert Sherwin
Cisco Employee
Cisco Employee

‎09-19-2013 12:06 PM

If this is a SMA appliance - it should be a standalone.  We do not have an M370 appliance though --->

http://www.cisco.com/en/US/products/ps10155/prod_models_comparison.html

None-the-less, you would upgrade the SMA the same fashion as a standalone ESA (C or X series) appliance.

If you are referring to upgrading a cluster of C370s... the process for upgrading clustered appliances can be located here:

http://tools.cisco.com/squish/f1b13

All machines in a cluster of Cisco Email Security Appliances must be at the exact same version and build of the AsyncOS. The cluster must be disconnected during the upgrades, once all machines have been upgraded, the cluster can be "reconnected" via the clusterconfig command.  Disconnecting does not affect mail flow, though changes made while disconnected will not propagate to the other systems until after the reconnect is complete.


The upgrade may be performed via the CLI or the GUI, but the reconnect clusterconfig commands are only available via the CLI.  This example shows how to upgrade the machines in a cluster via the CLI.

  • Issue the upgrade command to upgrade AsyncOS to a newer version.  You will be prompted to disconnect the cluster at this point.  If you respond 'N' the upgrade will be canceled.

    Example:
    (Machine host1.example.com)> upgrade

    You must disconnect all machines in the cluster in order to upgrade them. Do you wish to disconnect all machines in
    the cluster now? [Y]> Y
  • Follow all upgrade prompts including the reboot.
  • Once all machines in the cluster are upgraded and rebooted, log onto a machine in the cluster using the CLI.  Issue the clusterconfig command and answer "yes" to reconnect. No commit is necessary.

    Example:
    (Machine host1.example.com) [Disconnected]> clusterconfig

    This machine (host1.example.com) is currently disconnected from the cluster.
    Do you want to reconnect to the cluster? [Y]> Y
  • You may now use the reconnect subcommand to reconnect each machine. No commit is necessary.

    Example:
    []> reconnect

    Choose the machine to reattach to the cluster.  Separate multiple machines with commas or specify a range with a dash.
    1. host2.example.com (group Main)
    2. host3.example.com (group Main)
    3. host4.example.com (group Main)
    [1]> 1-3

For details on upgrading in general – we do offer an online video that covers the process quickly:

https://supportforums.cisco.com/videos/1933

General Best Practices:

A.  Stand-alone Ironport appliance(s).

  1. As a good practice, always save and/or mail yourself the configuration file prior to upgrading the AsyncOS.  Make sure the mask password box is not enabled.
  2. Keep in mind that the upgrade process can run while the system is processing mail traffic, but if you have multiple appliances, you should suspend the listener on the machine you're upgrading to free up resources.
  3. The upgrade process can take between 15-20 minutes, depending upon network/mail traffic and will require a system reboot.  When the upgrade process is complete, the system will prompt you to enter a number between 1-30 seconds and then reboot the appliance.  If you do suspend listeners, make sure that you resume the listener after the system is back online and verify that mail is flowing.  (i.e.  tail mail_logs  )

B.  Clustered Ironport appliances

  1. For clustered machines, it is best to do an "administrative disconnect" on all the appliances before upgrading as opposed to "remove machine".  An "administrative disconnect" allows you to re-join the machines into the cluster more easily after all the machines have been upgraded.
  2. Before proceeding with upgrading the appliances, verify with Customer Support that all the appliances have the same upgrade path to the AsyncOS that you want to upgrade to.
  3. As a good practice, always save and/or mail yourself the configuration file prior to upgrading the AsyncOS.  Make sure the mask password box is not enabled.
  4. Keep in mind that the upgrade process can run while the system is processing mail traffic, but if you have multiple appliances, you should suspend the listener on the machine you're upgrading to free up resources.
  5. The upgrade process can take between 15-20 minutes, depending upon network/mail traffic and will require a system reboot.  When the upgrade process is complete, the system will prompt you to enter a number between 1-30 seconds and then reboot the appliance.  If you do suspend listeners, make sure that you resume the listener after the system is back online and verify that mail is flowing.  (i.e.  tail mail_logs  )

Hope that helps!

-Robert

Cheers,
Robert Sherwin
0 Helpful

afcoanjum
Level 1
Level 1
In response to Robert Sherwin

‎09-21-2013 11:00 PM

Thank you very much so nice of you

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents