<< PREVIOUS      NEXT >>




Install  the new version of VSP CMS using the below process:



If the required CMS deployment type is "large" ensure that the VM has 64GB RAM



  1. Execute the below steps to add the required environmental variables

    1. sudo bash


    2. vi /etc/environment


    3. Add the below variables 




  2. Execute the below commands to stop and clean previous CMS instance:

    1. sudo su



    2. cd /var/cms/docker-compose-files



    3. ./stop.sh



      1. Execute the below command to view the help menu: 

        ./stop.sh -h




    4. ./cleanup.sh



      1. Execute the below command to view the help menu: 

        ./cleanup.sh -h




    5. service docker restart


  3. For upgrade from VSP CMS 2.4.x or previous versions, execute the commands:

    1. rm -rf /var/lib/kafkavolume


    2. rm -rf /var/lib/zookeepervolume


  4. Remove the files of the previous version

    1. cd /var/cms



    2. rm *



  5. Download the tar file vsp-cms-lfr.tar.gz from the Artifactory directory: <Release> > tar_package > cms_lfr


  6. Alternatively, use the wget command as described below:

    1. Log in to the Artifactory and navigate to the directory: <Release> > tar_package > cms_lfr.Click on the tar file and click URL to File

    2. Execute the below command to download the tar file

      wget <Copied_URL> --user=<Artifactory Username> --ask-password


  7. Extract the downloaded tar file using the below command. This command may take approximately 10 minutes

    1. tar -xvzf vsp-cms-lfr.tar.gz



  8. The below files are extracted

  9. Execute the below commands to install and configure CMS:

    1. ./vsp_cms_installer.sh




    2. echo 1 > /proc/sys/vm/drop_caches



    3. service docker restart



    4. Execute the below command to view the help menu:

      ./setup.sh -h






      Ensure that the script setup.sh is NOT executed with "sudo"


    5. ./setup.sh [Optional Arguments] <IP_ADDRESS> <SSL_VERIFY>


      1. IP_ADDRESS – IP Address of the VM where CMS package is installed

      2. (Optional) SSL_VERIFY – Provide 0 to disable SSL hostname verification between CMS and Probe. This is useful when a customized domain name is desired for CMS (Default Domain Name: int.cms.virsec.com). Ensure that the option is disabled for ECS Fargate. Provide 1 to enable SSL hostname verification. The option is enabled by default

      3. (Optional) -f : Defines the CMS Deployment type. Allowed Values:

        small: Only the core CMS services are installed. Recommended for POVs only.



        • jreports-service – Reports are scheduled and generated in this service

        • licenseserver – This service is the on-prem license server

        • organization-service – Provides communication with the VSP MSSP instance

        • report-service – Provides CMS Reporting functionality

        • ticket-zendesk-service – Provides the ability to configure the ticketing service Zendesk

        • virsec-api-snap-service – Provides the capability to access CMS information through SNAP API

        • vsp-log-manager-service – Responsible for the logging functionality


        large: The Core and optional CMS services are installed. If not specified, the default option is large

      4. (Optional) -x :  Custom advertised listener for Kafka

      5. (Optional) -k : Ensure that CMS is not running during usage. Allowed Kafka options:

        0: For Unsecure Kafka connection. By default, the value is set to 0 if not specified

        1: For One-way SSL where the Client verifies the server

        2: For Two-way SSL where both the Client and Server verify each other



        If there is a Custom DNS for Kafka listener, then use the options 0 or 1 for Kafka. Do not use the option 2


      6. (Optional) -P : Provide this parameter to select the optional services that need to be started in case of CMS Deployment Type - large. If this option is not provided, all the optional services are started by default. A snippet of the log with the option -P is provided below. When prompted, provide y/n for optional services [Ticketing Service (Zendesk), Centralized Logging System, MSSP, VSP APIs, Reporting Feature, On-premise License Server]




        If a proxy server is configured for internet access, ensure that the root certificate information is added to the property file, as described in the Deploy Custom SSL Certificates topic of the Maintenance Section


  10. In cases where RAM settings for small and large CMS deployment types need modifications, follow the steps before CMS deployment: 



    The file contains VSP-recommended RAM values for the available CMS deployment types. Any change in these values may affect CMS functioning


    1. sudo bash


    2. cd /var/cms/form-factors


    3. vi ff-ram-size.csv


    4. Modify the values as required. The specified value is in GBs. Save the file




  1. To verify whether LFR is up and running, execute the below command:

    1. docker ps | grep lfr




  2. After a couple of minutes, access the URL: http://<VM_IP_Address> to view the refreshed LFR




  • After the upgrade, if probe upgrade is NOT planned, ensure that the Application is un-provisioned and provisioned on CMS and the business application is restarted

  • When CMS is upgraded from VSP 2.3.2 or previous versions to 2.5.0, probes do not auto-connect to CMS. In such cases, restart the probe service manually


<< PREVIOUS      NEXT >>