System update

Due to the significant changes in the databases of the Fudo PAM 5.3 version, it is required to perform a list of preparation actions:

  • As from the Fudo PAM 5.3 version protocols Citrix, ICA and Oracle are no longer supported, it is required to remove the sessions (except those already exported), associated with these protocols before launching the system upgrade to the version 5.3. The rest of the associated objects (accounts, listeners, servers) will be deleted by the upgrading script automatically.
  • It is required to have the Use root store certificates option enabled in every HTTP server configuration. Refer to the Creating an HTTP server topic for more information.
  • Hitachi ID Privileged Access Manager and Lieberman Enterprise Random Password must be removed from the External password repositories configuration.
  • Users with names containing ‘#’ or ‘%’ chars must be removed or renamed.
  • If there are multiple servers with the same address and port pair but different protocols, then only one of them can be left and the other must be removed.
  • Remote app configuration must be removed from all the servers and accounts. Refer to the Creating an RDP server topic for more information.
  • In Password changers configuration the server properties: protocol, secproto, ssl_to_server, ssl_v2, ssl_v3, subnet are no longer supported and must be removed.
  • Port number 8888 is now reserved. Listeners using this port must be modified to use another port.
  • Port numbers greater or equal 60000 are now reserved. Listeners using these ports must be modified to use other ports.

Note

  • The system update process does not influence the system configuration or the session data stored on Fudo PAM.
  • The storage usage may temporarily increase during system update.

Updating system

Warning

  • If the upgrade package requires preparation, it is recommended to wait for the preparation process to finish. This will minimize the system’s downtime when performing the actual upgrade.
  • Before updating the system it is advised to run a preliminary check to ensure that the current system configuration can be successfully upgraded to the new version.
  • If the storage usage on the system being updated exceeds 85%, contact Fudo PAM technical support before proceeding with upgrading the system.
  • During the system update, all current users’ connections will be terminated. Use the Deny new connections option in the User authentication and sessions section of the system settings menu to limit the number of active connections before performing system upgrade.
  • After running system update, Fudo PAM will restart automatically. Connect the USB flash drive containing the encryption key to the USB port before proceeding or have the passphrase ready in case of virtual machine instance. Note that entering incorrect passphrase will restart the machine in previous revision.
  • In case of cluster configuration, upgrade slave node first and after successful upgrade, move onto upgrading the master node.
  • For clients who are upgrading from 4.x Fudo PAM versions, a new masterkey will be generated during the upgrade. Users are encouraged to export and backup the newly generated key. Refer to the Configuration encryption topic to find out more about the system masterkey.
  1. Select Settings > System.
  2. Select the Upgrade tab.
  3. Click Upload.
  4. Browse the file system to find and upload the update image file (.upg).
  5. Click Run check to verify if the current configuration and data model objects are compatible with the new system revision.
../../_images/5-1-upgrade-system.png

Note

  • Click Download log to view the upgrade procedure log along with the information on upgrade time.
  1. If the upgrade requires initial preparation, click Prepare upgrade.
../../_images/5-1-prepare-upgrade-active.png

Note

  • Upgrade preparation minimizes the system’s downtime when running the actual update.
  • Click Stop to cancel upgrade preparation. Note that the current preparation stage must complete, thus cancelling might take a while.
  • Click Start to resume upgrade preparation.
  1. Click Run upgrade.

Note

In case the upgrade requires preparation, the system upgrade can be performed once the initial preparation stage is completed. Although it is recommended to wait for the preparation process to finish. This will reduce the downtime when running the actual system upgrade.

../../_images/5-1-upgrade-prepare.png
  1. Click Confirm to proceed with system update.

Note

If you enabled the Deny new connections option before upgrading, make sure to disable it after restarting the system.


In addition to the current system version, Fudo PAM stores the previous revision, allowing for restoring the system to its previous state. In the event of an unsuccessful system update, Fudo PAM detects the problem during system restart and restarts itself using the previous system revision. It’s also possible to bring the previous version back to the system via the Restart option from the options menu:

../../_images/5-1-rollback-restart.png ../../_images/5-1-versions-modal.png

Warning

Rollback process will result in the loss of all sessions recorded on the new system version and any system configuration changes. All the object configurations that were created, changed or recorded between the current and the previous system versions will be deleted. This includes the password changers activity. If any passwords were changed during the newer version’s usage, restarting Fudo will lead to lost access to corresponding systems.

If the active version is chosen in the modal, the system will be restarted as described at the Restart page.


Deleting upgrade snapshot

Deleting upgrade snapshot will free the storage space occupied by previous system version.

Warning

After deleting the upgrade snapshot it will not be possible to restore the system to previous version.

  1. Select Settings > System.
  2. Select the Upgrade tab.
  3. Click Remove upgrade snapshot.
  4. Confirm deleting previous system version.

Related topics: