System update

Note

  • In addition to the current system version, Fudo PAM stores the previous revision, allowing for restoring the system to its previous state.
  • The system update process does not influence the system configuration or the session data stored on Fudo PAM.
  • The storage usage may temporarily increase during system update.

Updating system

The upgrade mechanism consists of two phases: Prepare phase and actual Execute phase.


Prepare phase is responsible for migrating data in monthly batches to the new database in the background during normal operational use of Fudo PAM.

It is advised to allow the mechanism to copy as much data as possible during this phase as the final upgrade will have to copy the remaining data, hence data copied in the prepare phase reduces overall time required to perform the final offline upgrade.


The upgrade mechanism makes resumable snapshots of migration progress. At each step of the migration, a snapshot is made and in case of failure, the mechanism is able to restart the process from the last valid state both with the same package and potentially with a new package released at a later time. This step is important especially for large installations where the Prepare phase can take significant time.

Note

Session retention is unavailable during the Prepare phase as it could attempt to remove data that has been already copied to the new database.

Note

Run check button is disabled as it has no use due to big database version changes.

Warning

  • The storage required for performing the upgrade is estimated before the process is executed. Fudo mechanism reports how much additional space is required if the currently available storage is too small to safely perform the upgrade.
  • If the storage usage on the system being updated exceeds 85%, contact Fudo Security technical support before proceeding with upgrading the system.
  • During the system update, all current users’ connections will be terminated. Use the Deny new connections option in the Sessions section of the system settings menu to limit the number of active connections before performing system upgrade.
  1. Select Settings > System.
  2. Select the Upgrade tab.
  3. Click Upload.
  4. Browse the file system to find and upload the update image file (.upg).
  5. Click Prepare upgrade.
../../_images/upgrade-after-upload.png

Note

Running Prepare upgrade can be put on hold by clicking the Stop button. When the current batch of data is copied (1 month) the Prepare phase will stop instead of starting to copy the next batch. Clicking the Start button resumes the process. Prepare phase can be canceled completely by clicking Cancel, which however does not remove resumable snapshots. If this is required, please contact Fudo Security support.

  1. Once Upgrade Preparation phase is completed, you can click Run Upgrade.
../../_images/prepare-upgrade-done.png

Warning

  • After running system update, Fudo PAM will restart automatically.
  • Rebooting a physical appliance requires the encryption key. Connect the USB flash drive containing the encryption key to the USB port before proceeding.
  • In case of virtual machine instances, system will prompt for passphrase upon boot up after running upgrade scripts. Entering incorrect passphrase will restart the machine in previous revision.
  • If an executed upgrade fails, the upgrade package will remain in the Upgrade tab so you don’t need to re-upload the package again.

Deleting upgrade snapshot

Deleting upgrade snapshot will free the storage space occupied by previous system version.

Warning

After deleting the upgrade snapshot it will not be possible to restore the system to previous version.

  1. Select Settings > System.
  2. Select the Upgrade tab.
  3. Click Remove upgrade snapshot.
../../_images/delete_snapshot.png
  1. Confirm deleting previous system version.

Related topics: