- 26 Dec 2024
- 18 Minutes to read
- Print
- DarkLight
- PDF
Probe Upgrade on VM
- Updated on 26 Dec 2024
- 18 Minutes to read
- Print
- DarkLight
- PDF
Remote vRule Engine Upgrade (Optional)
Click here to upgrade Remote vRule Engine
Pre-requisite
Ensure that Maintenance Mode is not active during Probe upgrade
Linux
- Download the required .sh file to the Probe
- Using any browser, navigate to the directory vsp in Local Repository URL:
- Version 2.8 and Above: https://<Local Repository URL>:8443
- Version 2.7: http://<Local Repository URL>
- To install all the available SKUs (VSP-Enterprise, VSP-Web, VSP-Memory and VSP-Host), right click on the file vsp_install_vm.sh and select the option Copy link address
- Execute the below commands to download vsp_install_vm.sh to the server and install all SKUs
wget <copiedLink> --no-check-certificate chmod +x vsp_install_vm.sh sudo bash ./vsp_install_vm.sh -h # To view the help menu ./vsp_install_vm.sh -c <CMS_IP> -i <Host_IP> -k <VSP_Kafka_Node_IP> -l <LFR_IP> -n <Hostname> -L <LFR_Port> -s <SKU> -u
The required parameters for the script are:
Parameter Description -c <CMS_IP> IP Address of CMS -l <LFR_IP> IP Address of LFR -s <SKU> Provide the required SKU. Allowed values are web, host, mem - The optional parameters for the script are:Version 2.11 and Above:
Parameter Description -b <Release_Name> VSP Release Name to be used from the backup directory – Use it in cases where incremental LFR Refresh is complete and when the script needed for execution is located in the backup directory. Refer Incremental Refresh for more information -C <CMS DNS Name> Custom DNS name for CMS. Default value is int.cms.virsec.com -d <Backup_Location> To specify the backup location for Probe configuration, data and log information. If this parameter is provided, the existing Probe information is restored during the upgrade process. The default location to store backup files is /tmp/vsp_backup/ -e <0 | 1> To indicate Remote vRule configuration. Applicable only for Web SKU. Allowed Values are 0 (Default - Do not Enable), 1 (Enable). Do not provide this option for Remote vRule option -f <0 | 1> Force uninstall without backing up the vsp backup files during an upgrade. Allowed values are 0 (Default - Do not force uninstall), 1 (force uninstall). -H <0 | 1> Entries are not added in the /etc/host file to resolve the LFR and CMS DNS names. Allowed values are 0 (Do not add), 1 (Default - add). If value "1" is used, ensure that the parameters -C and -K are provided
-i <Host_IP> IP Address of Probe (Host) -K <Kafka DNS Name> Custom DNS name for Kafka. Default value is vsp-kafka.virsec -k <VSP_Kafka_Node_IP> IP Address of Kafka. This parameter is required if CMS IP and Kafka IP are different -L <LFR_Port> VSP LFR Port. The default port is 8443
-n <Hostname> Hostname of the Probe. This is utilized during probe registration with CMS -p <Host Profile Tags> Appropriate Host Profile Tag. A Host Profile Tag allows for an application instance to be auto-associated with a process profile on CMS
-U <0 | 1> To uninstall existing Probe services. Allowed values are 0 (Default - Do not uninstall), 1 (uninstall) -u <0 | 1> To uninstall existing Probe services and install the latest available version. Allowed values are 0 (Default - Do not uninstall), 1 (uninstall) Version 2.10 and Below:Parameter Description -b <Release_Name> VSP Release Name to be used from the backup directory – Use it in cases where incremental LFR Refresh is complete and when the script needed for execution is located in the backup directory. Refer Incremental Refresh for more information -C <CMS DNS Name> Custom DNS name for CMS. Default value is int.cms.virsec.com -d <Backup_Location> To specify the backup location for Probe configuration, data and log information. If this parameter is provided, the existing Probe information is restored during the upgrade process. The default location to store backup files is /tmp/vsp_backup/ -e To indicate Remote vRule configuration. Applicable only for Web SKU. Do not provide this option for Remote vRule option -f Force uninstall without backing up the vsp backup files during an upgrade -H Entries are not added in the /etc/host file to resolve the LFR and CMS DNS names. If this parameter is used, ensure that the parameters -C and -K are provided
-i <Host_IP> IP Address of Probe (Host) -K <Kafka DNS Name> Custom DNS name for Kafka. Default value is vsp-kafka.virsec -k <VSP_Kafka_Node_IP> IP Address of Kafka. This parameter is required if CMS IP and Kafka IP are different -L <LFR_Port> VSP LFR Port. The default port is:
Versions 2.8 and Above: 8443
Version 2.7: 80
-n <Hostname> Hostname of the Probe. This is utilized during probe registration with CMS -p <Host Profile Tags> Appropriate Host Profile Tag. A Host Profile Tag allows for an application instance to be auto-associated with a process profile on CMS
-U To uninstall existing Probe services -u To uninstall existing Probe services and install the latest available version
- Execute the below commands to download vsp_install_vm.sh to the server and install all SKUs
- Alternatively, to Install a specific SKU, navigate to the directory vsp > <Operating System> > <Operating System Version> NOTENavigate to the directory rpm for the Operating Systems RHEL and CentOS
- Select the SKU appropriate file with web (VSP-Enterprise, VSP-Web), memory (VSP-Memory) and host (VSP-Host) in its name. The file name format is vsp-<SKU>-vm.sh
- Right click on the relevant .sh file and select the option Copy link address
- Execute the below commands to download the file to the server and install probe
wget <copiedLink> --no-check-certificate chmod +x vsp-<SKU>-vm.sh sudo bash ./vsp-<SKU>-vm.sh -h # to view the help menu ./vsp-<SKU>-vm.sh -c <CMS_IP> -i <Host_IP> -k <VSP_Kafka_Node_IP> -n <Hostname> -o <Host_OS> -V <Host_OS_Version> -r
The required parameters for the script are:
Parameter Description -c <CMS_IP> IP Address of CMS -i <Host_IP> IP Address of Probe (Host) -k <VSP_Kafka_Node_IP> IP Address of Kafka -n <Hostname> Hostname of theProbe. This is utilized during probe registration with CMS -o <Host_OS> Operating System of the Probe -r To start VSP services after Installation -V <Host_OS_Version> Operating System Version of the Probe - Optional Parameter to install specific SKU
Parameter Description -e To indicate Remote vRule configuration. Do not provide this option for Remote vRule option
- At the end of the installation, the installed probe instance automatically registers with VSP CMS and a restart of the server is NOT required if the parameter -r is provided during installation
- If the parameter -r is not provided during installation, restart the services using the below command:
service vsp start
- For container-based CMS instances, restart the VSP services in Ubuntu and RHEL Probe instances using the below command:
service vsp restart
- Verification:
- Navigate to Deploy > Probes to verify that the Probe server is listed and in Connected state
- If VSP Host is configured, navigate to Manage > Host > Host Protection in the left navigation pane and ensure that the App Control Policy is associated with the existing Host Profile. If not, then modify the profile and select the required App Control Policy from the dropdown
Windows 2008 and Above
Before VSP Probe upgrade, utilize VSP-cli to back up the configuration, data and log information
- For Auto-registration process, the required .bat file must be downloaded to the Probes
- Using any browser, navigate to the directory vsp in Local Repository URL:
- Version 2.8 and Above: https://<Local Repository URL>:8443
- Version 2.7: http://<Local Repository URL>
- To install all the available SKUs (VSP-Enterprise, VSP-Web, VSP-Memory and VSP-Host), download vsp_install_vm.bat to the server
- Execute the below commands at the command prompt as an Administrator
vsp_install_vm.bat -U #To uninstall Previous version of VSP vsp_install_vm.bat -h #To view the help menu vsp_install_vm.bat -c <CMS_IP> -i <Host_IP> -k <VSP_Kafka_Node_IP> -l <LFR_IP> -s <SKU> -u
The required parameters for the script are:
Parameter Description -c <CMS_IP> IP Address of CMS -l <LFR_IP> IP Address of LFR -s <SKU>
Version 2.10 and BelowProvide the required SKU. Allowed values are web, host, mem - Make a note of the displayed token for future use during password reset
- Optional Parameters to install all SKUsVersion 2.11 and Above:
Parameter Description -b <Backup_Directory_Name> To use backup packages from given directory name on LFR for installation. Use it in cases where incremental LFR Refresh is complete and when the script needed for execution is located in the backup directory. Refer Incremental Refresh for more information -C <CMS DNS Name> Custom DNS name for CMS. Default value is int.cms.virsec.com -d <Backup_Location> To specify the backup location for Probe configuration, data and log information. If this parameter is provided, the existing Probe information is restored during the upgrade process. The default location to store backup files is /tmp/vsp_backup/ -e <0 | 1> To indicate Remote vRule configuration. Applicable only for full installation. Allowed Values are 0 (Default - Do not Enable), 1 (Enable). Do not provide this option for Remote vRule option -f <0 | 1> Force uninstall without backing up the vsp backup files during an upgrade. Allowed values are 0 (Default - Do not force uninstall), 1 (force uninstall). -H <0 | 1> Entries are not added in the /etc/host file to resolve the LFR and CMS DNS names. Allowed values are 0 (Do not add), 1 (Default - add). If value "1" is used, ensure that the parameters -C and -K are provided
-i <Host_IP> IP Address of Probe (Host) -K <Kafka DNS Name> Custom DNS name for Kafka. Default value is vsp-kafka.virsec -k <VSP_Kafka_Node_IP> IP Address of Kafka. This parameter is required if CMS IP and Kafka IP are different -L <LFR_Port> VSP LFR Port. The default port is 8443
-n <Hostname> Hostname of the Probe. This is utilized during probe registration with CMS -O <0 | 1> To install HOST-ONLY features. Allowed Values are 0 (complete installation) or 1 (Host only installation). Default value is 0 -p <Host Profile Tags> Appropriate Host Profile Tag. A Host Profile Tag allows for an application instance to be auto-associated with a process profile on CMS
-U <0 | 1> To uninstall existing Probe services. Allowed values are 0 (Default - Do not uninstall), 1 (uninstall) -u <0 | 1> To uninstall existing Probe services and install the latest available version. Allowed values are 0 (Default - Do not uninstall), 1 (uninstall)
-x <0 | 1> To set the password to stop/modify a service using VSP-CLI utility. Allowed values are 0 (Default - Do not Prompt), 1 (Prompt). When this parameter is used, the user is prompted to provide the password (this method is preferred due to security reasons). A valid password must be 16 (minimum) – 511 (maximum) characters in length and must have alphanumeric characters in both upper and lower cases -X <Password> To set the password to stop/modify a service using VSP-CLI utility. When this parameter is used, the password must be provided along with the command. A valid password must be 16 characters (minimum) in length and must have alphanumeric characters in both upper and lower cases. Once the password is set, VSP Service (start/stop using services.msc OR sc command) is not allowed Version 2.10 and Below:Parameter Description -b <Backup_Directory_Name> To use backup packages from given directory name on LFR for installation. Use it in cases where incremental LFR Refresh is complete and when the script needed for execution is located in the backup directory. Refer Incremental Refresh for more information -C <CMS DNS Name> Custom DNS name for CMS. Default value is int.cms.virsec.com -d <Backup_Location> To specify the backup location for Probe configuration, data and log information. If this parameter is provided, the existing Probe information is restored during the upgrade process. The default location to store backup files is /tmp/vsp_backup/ -e To indicate Remote vRule configuration. Do not provide this option for Remote vRule option -f Force uninstall without backing up the vsp backup files during an upgrade -H Entries are not added in the /etc/host file to resolve the LFR and CMS DNS names. If this parameter is used, ensure that the parameters -C and -K are provided
-i <Host_IP> IP Address of Probe (Host) -K <Kafka DNS Name> Custom DNS name for Kafka. Default value is vsp-kafka.virsec -k <VSP_Kafka_Node_IP> IP Address of Kafka. This parameter is required if CMS IP and Kafka IP are different -L <LFR_Port> VSP LFR Port. The default port is:
Versions 2.8 and Above: 8443
Version 2.7: 80
-n <Hostname> Hostname of the Probe. This is utilized during probe registration with CMS -p <Host Profile Tags> Appropriate Host Profile Tag. A Host Profile Tag allows for an application instance to be auto-associated with a process profile on CMS
-q <Kafka_container_Port>
Version 2.9 and BelowVSP Kafka Port (Default port is 9092) -U To uninstall existing Probe services -u To uninstall existing Probe services and install the latest available version
-x To set the password to stop/modify a service using VSP-CLI utility. When this parameter is used, the user is prompted to provide the password (this method is preferred due to security reasons). A valid password must be 16 characters (minimum) in length and must have alphanumeric characters in both upper and lower cases. Once the password is set, VSP Service start/stop (using services.msc OR sc command) is not allowed -X <Password> To set the password to stop/modify a service using VSP-CLI utility. When this parameter is used, the password must be provided along with the command. A valid password must be 16 characters (minimum) in length and must have alphanumeric characters in both upper and lower cases. Once the password is set, VSP Service (start/stop using services.msc OR sc command) is not allowed
- Execute the below commands at the command prompt as an Administrator
- Alternatively, to install a specific SKU, download the appropriate .zip file
- Select the appropriate file with web (VSP-Enterprise, VSP-Web), memory (VSP-Memory) and host (VSP-Host) in its name. The file format is vsp-<SKU>-vm.zip
- Unzip the file to obtain vm-install.bat file
- Execute the below command to install probe
vm-install.bat -h # to view help menu vm-install.bat -c <CMS_IP> -i <Host_IP> -k <VSP_Kafka_Node_IP> -r
The required parameters for the script are:
Parameter Description -c <CMS_IP> IP Address of CMS -i <Host_IP> IP Address of Probe (Host) -k <VSP_Kafka_Node_IP> IP Address of Kafka -n <Hostname> Hostname of the Probe. This is utilized during probe registration with CMS -r To start VSP services after Installation - Make a note of the displayed token for future use during password reset
- Optional Parameters to install specific SKU
Parameter Description -e To indicate Remote vRule configuration. Do not provide this option for Remote vRule option -x To set the password to stop/modify a service using VSP-CLI utility. When this parameter is used, the user is prompted to provide the password (this method is preferred due to security reasons). A valid password must be 16 characters (minimum) in length and must have alphanumeric characters in both upper and lower cases. Once the password is set, VSP Service start/stop (using services.msc OR sc command) is not allowed -X <password> To set the password to stop/modify a service using VSP-CLI utility. When this parameter is used, the password must be provided along with the command. A valid password must be 16 characters (minimum) in length and must have alphanumeric characters in both upper and lower cases. Once the password is set, VSP Service (start/stop using services.msc OR sc command) is not allowed
- At the end of the installation, the installed probe instance automatically registers with VSP CMS and a restart of the server is NOT required if the parameter -r is provided during installation
- If the parameter -r is not provided during installation, start the installed VSP ASI service
- Verify that VSP Probe is installed as a service
- Verification:
- Navigate to Deploy > Probes to verify that the Probe server is listed and in Connected state
- If VSP Host is configured, navigate to Manage > Host > Host Protection in the left navigation pane and ensure that the App Control Policy is associated with the existing Host Profile. If not, then modify the profile and select the required App Control Policy from the dropdown
Windows 2003
For Auto-registration process, the required .bat file must be downloaded to the Probes
- Before VSP Probe upgrade, utilize VSP-cli to back up the configuration, data and log information. Refer Maintenance article for more information
- Using any browser, navigate to the directory vsp in Local Repository URL:
- Version 2.8 and Above: https://<Local Repository URL>:8443
- Version 2.7: http://<Local Repository URL>
- To install all the available SKUs (VSP-Enterprise, VSP-Web, VSP-Memory and VSP-Host), download vsp_install_vm.bat to the server
- Execute the below commands at the command prompt as an Administrator
vsp_install_vm.bat -U #To uninstall Previous version of VSP vsp_install_vm.bat -h #To view the help menu vsp_install_vm.bat -c <CMS_IP> -i <Host_IP> -k <VSP_Kafka_Node_IP> -l <LFR_IP> -s <SKU> -u
The required parameters for the script are:
Parameter Description -c <CMS_IP> IP Address of CMS -l <LFR_IP> IP Address of LFR -s <SKU>
Version 2.10 and BelowProvide the required SKU. Allowed values are web, host, mem - Make a note of the displayed token for future use during password reset
- Optional Parameters for this script are:Version 2.11 and Above:
Parameter Description -b <Backup_Directory_Name> To use backup packages from given directory name on LFR for installation. Use it in cases where incremental LFR Refresh is complete and when the script needed for execution is located in the backup directory. Refer Incremental Refresh for more information -C <CMS DNS Name> Custom DNS name for CMS -d <Backup_Location> To specify the backup location for Probe configuration, data and log information. If this parameter is provided, the existing Probe information is restored during the upgrade process. The default location to store backup files is /tmp/vsp_backup/ -e <0 | 1> To indicate Remote vRule configuration. Applicable only for web SKU. Allowed Values are 0 (Default - Do not Enable), 1 (Enable). Do not provide this option for Remote vRule option -f <0 | 1> Force uninstall without backing up the vsp backup files during an upgrade. Allowed values are 0 (Default - Do not force uninstall), 1 (force uninstall). -H <0 | 1> Entries are not added in the /etc/host file to resolve the LFR and CMS DNS names. Allowed values are 0 (Do not add), 1 (Default - add). If value "1" is used, ensure that the parameters -C and -K are provided
-i <Host_IP> IP Address of Probe (Host) -K <Kafka DNS Name> Custom DNS name for Kafka -k <VSP_Kafka_Node_IP> IP Address of Kafka -L <LFR_Port> VSP LFR Port. The default port is 8443
-n <Hostname> Hostname of the Probe. This is utilized during probe registration with CMS -O <0 |1> To install HOST-ONLY features. Allowed Values are 0 (complete installation) or 1 (Host only installation). Default value is 0 -p <Host Profile Tags> Appropriate Host Profile Tag. A Host Profile Tag allows for an application instance to be auto-associated with a process profile on CMS
-U <0 | 1> To uninstall existing Probe services. Allowed values are 0 (Default -Do not uninstall), 1 (uninstall) -u <0 | 1> To uninstall existing Probe services and install the latest available version. Allowed values are 0 (Default – Do not uninstall), 1 (uninstall)
-x (Not applicable for Windows 2003) To set the password to stop/modify a service using VSP-CLI utility. When this parameter is used, the user is prompted to provide the password (this method is preferred due to security reasons). A valid password must be 16 characters (minimum) in length and must have alphanumeric characters in both upper and lower cases. Once the password is set, VSP Service start/stop (using services.msc OR sc command) is not allowed -X (Not applicable for Windows 2003) To set the password to stop/modify a service using VSP-CLI utility. When this parameter is used, the password must be provided along with the command. A valid password must be 16 characters (minimum) in length and must have alphanumeric characters in both upper and lower cases. Once the password is set, VSP Service (start/stop using services.msc OR sc command) is not allowed Version 2.10 and Below:Parameter Description -b <Backup_Directory_Name> To use backup packages from given directory name on LFR for installation. Use it in cases where incremental LFR Refresh is complete and when the script needed for execution is located in the backup directory. Refer Incremental Refresh for more information -C <CMS DNS Name> Custom DNS name for CMS -d <Backup_Location> To specify the backup location for Probe configuration, data and log information. If this parameter is provided, the existing Probe information is restored during the upgrade process. The default location to store backup files is /tmp/vsp_backup/ -e To indicate Remote vRule configuration. Applicable only for full installation. Do not provide this option for Remote vRule option -f Force uninstall without backing up vsp backup files during an upgrade -H Entries are not added in the /etc/host file to resolve the LFR and CMS DNS names. If this parameter is used, ensure that the parameters -C and -K are provided
-i <Host_IP> IP Address of Probe (Host) -K <Kafka DNS Name> Custom DNS name for Kafka -k <VSP_Kafka_Node_IP> IP Address of Kafka -L <LFR_Port> VSP LFR Port. The default port is:
Versions 2.8 and Above: 8443
Version 2.7: 80
-n <Hostname> Hostname of the Probe. This is utilized during probe registration with CMS -p <Host Profile Tags> Appropriate Host Profile Tag. A Host Profile Tag allows for an application instance to be auto-associated with a process profile on CMS
-q <Kafka_container_Port>
Version 2.9 and BelowVSP Kafka Port (Default port is 9092) -U To uninstall existing Probe services -u To uninstall existing Probe services and install the latest available version
-x (Not applicable for Windows 2003) To set the password to stop/modify a service using VSP-CLI utility. When this parameter is used, the user is prompted to provide the password (this method is preferred due to security reasons). A valid password must be 16 characters (minimum) in length and must have alphanumeric characters in both upper and lower cases. Once the password is set, VSP Service start/stop (using services.msc OR sc command) is not allowed -X (Not applicable for Windows 2003) To set the password to stop/modify a service using VSP-CLI utility. When this parameter is used, the password must be provided along with the command. A valid password must be 16 characters (minimum) in length and must have alphanumeric characters in both upper and lower cases. Once the password is set, VSP Service (start/stop using services.msc OR sc command) is not allowed
- Execute the below commands at the command prompt as an Administrator
- Alternatively, to install a specific SKU, download the appropriate .zip file
- In LFR, navigate to the directory: Windows > 2003 and select vsp-host-vm_x86.zip for 32 bit or vsp-host-vm_x64.zip for 64 bit
- Unzip the file to obtain vm-install.bat file
- Execute the below command to install probeShellShell
vm-install.bat -h # to view help menu vm-install.bat -c <CMS_IP> -i <Host_IP> -k <VSP_Kafka_Node_IP> -r
The required parameters for the script are:
Parameter Description -c <CMS_IP> IP Address of CMS -i <Host_IP> IP Address of Probe (Host) -k <VSP_Kafka_Node_IP> IP Address of Kafka -n <Hostname> Hostname of the Probe. This is utilized during probe registration with CMS -r To start VSP services after Installation - Make a note of the displayed token for future use during password reset
- The Optional Parameters for this script are:
Parameter Description -e To indicate Remote vRule configuration. Do not provide this option for Remote vRule option -x (Not applicable for Windows 2003) To set the password to stop/modify a service using VSP-CLI utility. When this parameter is used, the user is prompted to provide the password (this method is preferred due to security reasons). A valid password must be 16 characters (minimum) in length and must have alphanumeric characters in both upper and lower cases. Once the password is set, VSP Service start/stop (using services.msc OR sc command) is not allowed -X (Not applicable for Windows 2003) To set the password to stop/modify a service using VSP-CLI utility. When this parameter is used, the password must be provided along with the command. A valid password must be 16 characters (minimum) in length and must have alphanumeric characters in both upper and lower cases. Once the password is set, VSP Service (start/stop using services.msc OR sc command) is not allowed
- At the end of the installation, the installed probe instance automatically registers with VSP CMS and a restart of the server is NOT required if the parameter -r is provided during installation
- If the parameter -r is not provided during installation, start the installed VSP ASI service
- Verify that VSP Probe is installed as a service
- Verification:
- Navigate to Deploy > Probes in CMS
- Verify that the Probe server is listed and in Connected state
For any publisher trust issues on Windows 2003, refer to the troubleshooting article for the recommended actions