- 23 Jan 2025
- 18 Minutes to read
- Print
- DarkLight
- PDF
Probe Upgrade on VM
- Updated on 23 Jan 2025
- 18 Minutes to read
- Print
- DarkLight
- PDF
About this Article
This article provides information related to the remote vRule engine and Probe upgrade on VM.
Remote vRule Engine Upgrade (Optional)
Click here to upgrade Remote vRule Engine
Pre-requisite
Ensure that Maintenance Mode is not active during Probe upgrade
Linux
Download the required .sh file to the Probe
Using any browser, navigate to the directory vsp in Local Repository URL:
Version 2.8 and Above: https://<Local Repository URL>:8443
Version 2.7: http://<Local Repository URL>
To install all the available SKUs (VSP-Enterprise, VSP-Web, VSP-Memory and VSP-Host), right click on the file vsp_install_vm.sh and select the option Copy link address
Execute the below commands to download vsp_install_vm.sh to the server and install all SKUs
wget <copiedLink> --no-check-certificate chmod +x vsp_install_vm.sh sudo bash ./vsp_install_vm.sh -h # To view the help menu ./vsp_install_vm.sh -c <CMS_IP> -i <Host_IP> -k <VSP_Kafka_Node_IP> -l <LFR_IP> -n <Hostname> -L <LFR_Port> -s <SKU> -u
The required parameters for the script are:
Parameter
Description
-c <CMS_IP>
IP Address of CMS
-l <LFR_IP>
IP Address of LFR
-s <SKU>
Provide the required SKU. Allowed values are web, host, mem
The optional parameters for the script are:
Parameter | Description |
---|---|
-b <Release_Name> | VSP Release Name to be used from the backup directory – Use it in cases where incremental LFR Refresh is complete and when the script needed for execution is located in the backup directory. Refer Incremental Refresh for more information |
-C <CMS DNS Name> | Custom DNS name for CMS. Default value is int.cms.virsec.com |
-d <Backup_Location> | To specify the backup location for Probe configuration, data and log information. If this parameter is provided, the existing Probe information is restored during the upgrade process. The default location to store backup files is /tmp/vsp_backup/ |
-e <0 | 1> | To indicate Remote vRule configuration. Applicable only for Web SKU. Allowed Values are 0 (Default - Do not Enable), 1 (Enable). Do not provide this option for Remote vRule option |
-f <0 | 1> | Force uninstall without backing up the vsp backup files during an upgrade. Allowed values are 0 (Default - Do not force uninstall), 1 (force uninstall). |
-H <0 | 1> | Entries are not added in the /etc/host file to resolve the LFR and CMS DNS names. Allowed values are 0 (Do not add), 1 (Default - add). If value "1" is used, ensure that the parameters -C and -K are provided |
-i <Host_IP> | IP Address of Probe (Host) |
-K <Kafka DNS Name> | Custom DNS name for Kafka. Default value is vsp-kafka.virsec |
-k <VSP_Kafka_Node_IP> | IP Address of Kafka. This parameter is required if CMS IP and Kafka IP are different |
-L <LFR_Port> | VSP LFR Port. The default port is 8443 |
-n <Hostname> | Hostname of the Probe. This is utilized during probe registration with CMS |
-p <Host Profile Tags> | Appropriate Host Profile Tag. A Host Profile Tag allows for an application instance to be auto-associated with a process profile on CMS |
-U <0 | 1> | To uninstall existing Probe services. Allowed values are 0 (Default - Do not uninstall), 1 (uninstall) |
-u <0 | 1> | To uninstall existing Probe services and install the latest available version. Allowed values are 0 (Default - Do not uninstall), 1 (uninstall) |
Parameter | Description |
---|---|
-b <Release_Name> | VSP Release Name to be used from the backup directory – Use it in cases where incremental LFR Refresh is complete and when the script needed for execution is located in the backup directory. Refer Incremental Refresh for more information |
-C <CMS DNS Name> | Custom DNS name for CMS. Default value is int.cms.virsec.com |
-d <Backup_Location> | To specify the backup location for Probe configuration, data and log information. If this parameter is provided, the existing Probe information is restored during the upgrade process. The default location to store backup files is /tmp/vsp_backup/ |
-e | To indicate Remote vRule configuration. Applicable only for Web SKU. Do not provide this option for Remote vRule option |
-f | Force uninstall without backing up the vsp backup files during an upgrade |
-H | Entries are not added in the /etc/host file to resolve the LFR and CMS DNS names. If this parameter is used, ensure that the parameters -C and -K are provided |
-i <Host_IP> | IP Address of Probe (Host) |
-K <Kafka DNS Name> | Custom DNS name for Kafka. Default value is vsp-kafka.virsec |
-k <VSP_Kafka_Node_IP> | IP Address of Kafka. This parameter is required if CMS IP and Kafka IP are different |
-L <LFR_Port> | VSP LFR Port. The default port is: Versions 2.8 and Above: 8443 Version 2.7: 80 |
-n <Hostname> | Hostname of the Probe. This is utilized during probe registration with CMS |
-p <Host Profile Tags> | Appropriate Host Profile Tag. A Host Profile Tag allows for an application instance to be auto-associated with a process profile on CMS |
-U | To uninstall existing Probe services |
-u | To uninstall existing Probe services and install the latest available version |
Alternatively, to Install a specific SKU, navigate to the directory vsp > <Operating System> > <Operating System Version>
NOTE
Navigate to the directory rpm for the Operating Systems RHEL and CentOS
Select the SKU appropriate file with web (VSP-Enterprise, VSP-Web), memory (VSP-Memory) and host (VSP-Host) in its name. The file name format is vsp-<SKU>-vm.sh
Right click on the relevant .sh file and select the option Copy link address
Execute the below commands to download the file to the server and install probe
wget <copiedLink> --no-check-certificate chmod +x vsp-<SKU>-vm.sh sudo bash ./vsp-<SKU>-vm.sh -h # to view the help menu ./vsp-<SKU>-vm.sh -c <CMS_IP> -i <Host_IP> -k <VSP_Kafka_Node_IP> -n <Hostname> -o <Host_OS> -V <Host_OS_Version> -r
The required parameters for the script are:
Parameter
Description
-c <CMS_IP>
IP Address of CMS
-i <Host_IP>
IP Address of Probe (Host)
-k <VSP_Kafka_Node_IP>
IP Address of Kafka
-n <Hostname>
Hostname of theProbe. This is utilized during probe registration with CMS
-o <Host_OS>
Operating System of the Probe
-r
To start VSP services after Installation
-V <Host_OS_Version>
Operating System Version of the Probe
Optional Parameter to install specific SKU
Parameter
Description
-e
To indicate Remote vRule configuration. Do not provide this option for Remote vRule option
At the end of the installation, the installed probe instance automatically registers with VSP CMS and a restart of the server is NOT required if the parameter -r is provided during installation
If the parameter -r is not provided during installation, restart the services using the below command:
service vsp start
For container-based CMS instances, restart the VSP services in Ubuntu and RHEL Probe instances using the below command:
service vsp restart
Verification:
Navigate to Deploy > Probes to verify that the Probe server is listed and in Connected state
If VSP Host is configured, navigate to Manage > Host > Host Protection in the left navigation pane and ensure that the App Control Policy is associated with the existing Host Profile. If not, then modify the profile and select the required App Control Policy from the dropdown
NOTE
After the upgrade, ensure that the Application is un-provisioned and re-provisioned on CMS. Restart the business application. Click here for more information on business application upgrade
Windows 2008 and Above
NOTE
Before VSP Probe upgrade, utilize VSP-cli to back up the configuration, data and log information
For Auto-registration process, the required .bat file must be downloaded to the Probes
Using any browser, navigate to the directory vsp in Local Repository URL:
Version 2.8 and Above: https://<Local Repository URL>:8443
Version 2.7: http://<Local Repository URL>
To install all the available SKUs (VSP-Enterprise, VSP-Web, VSP-Memory and VSP-Host), download vsp_install_vm.bat to the server
Execute the below commands at the command prompt as an Administrator
vsp_install_vm.bat -U #To uninstall Previous version of VSP vsp_install_vm.bat -h #To view the help menu vsp_install_vm.bat -c <CMS_IP> -i <Host_IP> -k <VSP_Kafka_Node_IP> -l <LFR_IP> -s <SKU> -u
The required parameters for the script are:
Parameter
Description
-c <CMS_IP>
IP Address of CMS
-l <LFR_IP>
IP Address of LFR
-s <SKU>
Version 2.10 and BelowProvide the required SKU. Allowed values are web, host, mem
Make a note of the displayed token for future use during password reset
Optional Parameters to install all SKUs
Parameter | Description |
---|---|
-b <Backup_Directory_Name> | To use backup packages from given directory name on LFR for installation. Use it in cases where incremental LFR Refresh is complete and when the script needed for execution is located in the backup directory. Refer Incremental Refresh for more information |
-C <CMS DNS Name> | Custom DNS name for CMS. Default value is int.cms.virsec.com |
-d <Backup_Location> | To specify the backup location for Probe configuration, data and log information. If this parameter is provided, the existing Probe information is restored during the upgrade process. The default location to store backup files is /tmp/vsp_backup/ |
-e <0 | 1> | To indicate Remote vRule configuration. Applicable only for full installation. Allowed Values are 0 (Default - Do not Enable), 1 (Enable). Do not provide this option for Remote vRule option |
-f <0 | 1> | Force uninstall without backing up the vsp backup files during an upgrade. Allowed values are 0 (Default - Do not force uninstall), 1 (force uninstall). |
-H <0 | 1> | Entries are not added in the /etc/host file to resolve the LFR and CMS DNS names. Allowed values are 0 (Do not add), 1 (Default - add). If value "1" is used, ensure that the parameters -C and -K are provided |
-i <Host_IP> | IP Address of Probe (Host) |
-K <Kafka DNS Name> | Custom DNS name for Kafka. Default value is vsp-kafka.virsec |
-k <VSP_Kafka_Node_IP> | IP Address of Kafka. This parameter is required if CMS IP and Kafka IP are different |
-L <LFR_Port> | VSP LFR Port. The default port is 8443 |
-n <Hostname> | Hostname of the Probe. This is utilized during probe registration with CMS |
-O <0 | 1> | To install HOST-ONLY features. Allowed Values are 0 (complete installation) or 1 (Host only installation). Default value is 0 |
-p <Host Profile Tags> | Appropriate Host Profile Tag. A Host Profile Tag allows for an application instance to be auto-associated with a process profile on CMS |
-U <0 | 1> | To uninstall existing Probe services. Allowed values are 0 (Default - Do not uninstall), 1 (uninstall) |
-u <0 | 1> | To uninstall existing Probe services and install the latest available version. Allowed values are 0 (Default - Do not uninstall), 1 (uninstall) |
-x <0 | 1> | To set the password to stop/modify a service using VSP-CLI utility. Allowed values are 0 (Default - Do not Prompt), 1 (Prompt). When this parameter is used, the user is prompted to provide the password (this method is preferred due to security reasons). A valid password must be 16 (minimum) – 511 (maximum) characters in length and must have alphanumeric characters in both upper and lower cases |
-X <Password> | To set the password to stop/modify a service using VSP-CLI utility. When this parameter is used, the password must be provided along with the command. A valid password must be 16 characters (minimum) in length and must have alphanumeric characters in both upper and lower cases. Once the password is set, VSP Service (start/stop using services.msc OR sc command) is not allowed |
Parameter | Description |
---|---|
-b <Backup_Directory_Name> | To use backup packages from given directory name on LFR for installation. Use it in cases where incremental LFR Refresh is complete and when the script needed for execution is located in the backup directory. Refer Incremental Refresh for more information |
-C <CMS DNS Name> | Custom DNS name for CMS. Default value is int.cms.virsec.com |
-d <Backup_Location> | To specify the backup location for Probe configuration, data and log information. If this parameter is provided, the existing Probe information is restored during the upgrade process. The default location to store backup files is /tmp/vsp_backup/ |
-e | To indicate Remote vRule configuration. Do not provide this option for Remote vRule option |
-f | Force uninstall without backing up the vsp backup files during an upgrade |
-H | Entries are not added in the /etc/host file to resolve the LFR and CMS DNS names. If this parameter is used, ensure that the parameters -C and -K are provided |
-i <Host_IP> | IP Address of Probe (Host) |
-K <Kafka DNS Name> | Custom DNS name for Kafka. Default value is vsp-kafka.virsec |
-k <VSP_Kafka_Node_IP> | IP Address of Kafka. This parameter is required if CMS IP and Kafka IP are different |
-L <LFR_Port> | VSP LFR Port. The default port is: Versions 2.8 and Above: 8443 Version 2.7: 80 |
-n <Hostname> | Hostname of the Probe. This is utilized during probe registration with CMS |
-p <Host Profile Tags> | Appropriate Host Profile Tag. A Host Profile Tag allows for an application instance to be auto-associated with a process profile on CMS |
-q <Kafka_container_Port> | VSP Kafka Port (Default port is 9092) |
-U | To uninstall existing Probe services |
-u | To uninstall existing Probe services and install the latest available version |
-x | To set the password to stop/modify a service using VSP-CLI utility. When this parameter is used, the user is prompted to provide the password (this method is preferred due to security reasons). A valid password must be 16 characters (minimum) in length and must have alphanumeric characters in both upper and lower cases. Once the password is set, VSP Service start/stop (using services.msc OR sc command) is not allowed |
-X <Password> | To set the password to stop/modify a service using VSP-CLI utility. When this parameter is used, the password must be provided along with the command. A valid password must be 16 characters (minimum) in length and must have alphanumeric characters in both upper and lower cases. Once the password is set, VSP Service (start/stop using services.msc OR sc command) is not allowed |
Alternatively, to install a specific SKU, download the appropriate .zip file
Select the appropriate file with web (VSP-Enterprise, VSP-Web), memory (VSP-Memory) and host (VSP-Host) in its name. The file format is vsp-<SKU>-vm.zip
Unzip the file to obtain vm-install.bat file
Execute the below command to install probe
vm-install.bat -h # to view help menu vm-install.bat -c <CMS_IP> -i <Host_IP> -k <VSP_Kafka_Node_IP> -r
The required parameters for the script are:
Parameter
Description
-c <CMS_IP>
IP Address of CMS
-i <Host_IP>
IP Address of Probe (Host)
-k <VSP_Kafka_Node_IP>
IP Address of Kafka
-n <Hostname>
Hostname of the Probe. This is utilized during probe registration with CMS
-r
To start VSP services after Installation
Make a note of the displayed token for future use during password reset
Optional Parameters to install specific SKU
Parameter
Description
-e
To indicate Remote vRule configuration. Do not provide this option for Remote vRule option
-x
To set the password to stop/modify a service using VSP-CLI utility. When this parameter is used, the user is prompted to provide the password (this method is preferred due to security reasons). A valid password must be 16 characters (minimum) in length and must have alphanumeric characters in both upper and lower cases. Once the password is set, VSP Service start/stop (using services.msc OR sc command) is not allowed
-X <password>
To set the password to stop/modify a service using VSP-CLI utility. When this parameter is used, the password must be provided along with the command. A valid password must be 16 characters (minimum) in length and must have alphanumeric characters in both upper and lower cases. Once the password is set, VSP Service (start/stop using services.msc OR sc command) is not allowed
At the end of the installation, the installed probe instance automatically registers with VSP CMS and a restart of the server is NOT required if the parameter -r is provided during installation
If the parameter -r is not provided during installation, start the installed VSP ASI service
Verify that VSP Probe is installed as a service
Verification:
Navigate to Deploy > Probes to verify that the Probe server is listed and in Connected state
If VSP Host is configured, navigate to Manage > Host > Host Protection in the left navigation pane and ensure that the App Control Policy is associated with the existing Host Profile. If not, then modify the profile and select the required App Control Policy from the dropdown
NOTE
After the upgrade, ensure that the Application is un-provisioned and re-provisioned on CMS. Restart the business application. Click here for more information on business application upgrade
Windows 2003
NOTE
Before VSP Probe upgrade, utilize VSP-cli to back up the configuration, data and log information
For Auto-registration process, the required .bat file must be downloaded to the Probes
Before VSP Probe upgrade, utilize VSP-cli to back up the configuration, data and log information. Refer Maintenance article for more information
Using any browser, navigate to the directory vsp in Local Repository URL:
Version 2.8 and Above: https://<Local Repository URL>:8443
Version 2.7: http://<Local Repository URL>
To install all the available SKUs (VSP-Enterprise, VSP-Web, VSP-Memory and VSP-Host), download vsp_install_vm.bat to the server
Execute the below commands at the command prompt as an Administrator
vsp_install_vm.bat -U #To uninstall Previous version of VSP vsp_install_vm.bat -h #To view the help menu vsp_install_vm.bat -c <CMS_IP> -i <Host_IP> -k <VSP_Kafka_Node_IP> -l <LFR_IP> -s <SKU> -u
The required parameters for the script are:
Parameter
Description
-c <CMS_IP>
IP Address of CMS
-l <LFR_IP>
IP Address of LFR
-s <SKU>
Version 2.10 and BelowProvide the required SKU. Allowed values are web, host, mem
Make a note of the displayed token for future use during password reset
Optional Parameters for this script are:
Parameter | Description |
---|---|
-b <Backup_Directory_Name> | To use backup packages from given directory name on LFR for installation. Use it in cases where incremental LFR Refresh is complete and when the script needed for execution is located in the backup directory. Refer Incremental Refresh for more information |
-C <CMS DNS Name> | Custom DNS name for CMS |
-d <Backup_Location> | To specify the backup location for Probe configuration, data and log information. If this parameter is provided, the existing Probe information is restored during the upgrade process. The default location to store backup files is /tmp/vsp_backup/ |
-e <0 | 1> | To indicate Remote vRule configuration. Applicable only for web SKU. Allowed Values are 0 (Default - Do not Enable), 1 (Enable). Do not provide this option for Remote vRule option |
-f <0 | 1> | Force uninstall without backing up the vsp backup files during an upgrade. Allowed values are 0 (Default - Do not force uninstall), 1 (force uninstall). |
-H <0 | 1> | Entries are not added in the /etc/host file to resolve the LFR and CMS DNS names. Allowed values are 0 (Do not add), 1 (Default - add). If value "1" is used, ensure that the parameters -C and -K are provided |
-i <Host_IP> | IP Address of Probe (Host) |
-K <Kafka DNS Name> | Custom DNS name for Kafka |
-k <VSP_Kafka_Node_IP> | IP Address of Kafka |
-L <LFR_Port> | VSP LFR Port. The default port is 8443 |
-n <Hostname> | Hostname of the Probe. This is utilized during probe registration with CMS |
-O <0 |1> | To install HOST-ONLY features. Allowed Values are 0 (complete installation) or 1 (Host only installation). Default value is 0 |
-p <Host Profile Tags> | Appropriate Host Profile Tag. A Host Profile Tag allows for an application instance to be auto-associated with a process profile on CMS |
-U <0 | 1> | To uninstall existing Probe services. Allowed values are 0 (Default -Do not uninstall), 1 (uninstall) |
-u <0 | 1> | To uninstall existing Probe services and install the latest available version. Allowed values are 0 (Default – Do not uninstall), 1 (uninstall) |
-x (Not applicable for Windows 2003) | To set the password to stop/modify a service using VSP-CLI utility. When this parameter is used, the user is prompted to provide the password (this method is preferred due to security reasons). A valid password must be 16 characters (minimum) in length and must have alphanumeric characters in both upper and lower cases. Once the password is set, VSP Service start/stop (using services.msc OR sc command) is not allowed |
-X (Not applicable for Windows 2003) | To set the password to stop/modify a service using VSP-CLI utility. When this parameter is used, the password must be provided along with the command. A valid password must be 16 characters (minimum) in length and must have alphanumeric characters in both upper and lower cases. Once the password is set, VSP Service (start/stop using services.msc OR sc command) is not allowed |
Parameter | Description |
---|---|
-b <Backup_Directory_Name> | To use backup packages from given directory name on LFR for installation. Use it in cases where incremental LFR Refresh is complete and when the script needed for execution is located in the backup directory. Refer Incremental Refresh for more information |
-C <CMS DNS Name> | Custom DNS name for CMS |
-d <Backup_Location> | To specify the backup location for Probe configuration, data and log information. If this parameter is provided, the existing Probe information is restored during the upgrade process. The default location to store backup files is /tmp/vsp_backup/ |
-e | To indicate Remote vRule configuration. Applicable only for full installation. Do not provide this option for Remote vRule option |
-f | Force uninstall without backing up vsp backup files during an upgrade |
-H | Entries are not added in the /etc/host file to resolve the LFR and CMS DNS names. If this parameter is used, ensure that the parameters -C and -K are provided |
-i <Host_IP> | IP Address of Probe (Host) |
-K <Kafka DNS Name> | Custom DNS name for Kafka |
-k <VSP_Kafka_Node_IP> | IP Address of Kafka |
-L <LFR_Port> | VSP LFR Port. The default port is: Versions 2.8 and Above: 8443 Version 2.7: 80 |
-n <Hostname> | Hostname of the Probe. This is utilized during probe registration with CMS |
-p <Host Profile Tags> | Appropriate Host Profile Tag. A Host Profile Tag allows for an application instance to be auto-associated with a process profile on CMS |
-q <Kafka_container_Port> | VSP Kafka Port (Default port is 9092) |
-U | To uninstall existing Probe services |
-u | To uninstall existing Probe services and install the latest available version |
-x (Not applicable for Windows 2003) | To set the password to stop/modify a service using VSP-CLI utility. When this parameter is used, the user is prompted to provide the password (this method is preferred due to security reasons). A valid password must be 16 characters (minimum) in length and must have alphanumeric characters in both upper and lower cases. Once the password is set, VSP Service start/stop (using services.msc OR sc command) is not allowed |
-X (Not applicable for Windows 2003) | To set the password to stop/modify a service using VSP-CLI utility. When this parameter is used, the password must be provided along with the command. A valid password must be 16 characters (minimum) in length and must have alphanumeric characters in both upper and lower cases. Once the password is set, VSP Service (start/stop using services.msc OR sc command) is not allowed |
Alternatively, to install a specific SKU, download the appropriate .zip file
In LFR, navigate to the directory: Windows > 2003 and select vsp-host-vm_x86.zip for 32 bit or vsp-host-vm_x64.zip for 64 bit
Unzip the file to obtain vm-install.bat file
Execute the below command to install probe
ShellShell
vm-install.bat -h # to view help menu vm-install.bat -c <CMS_IP> -i <Host_IP> -k <VSP_Kafka_Node_IP> -r
The required parameters for the script are:
Parameter
Description
-c <CMS_IP>
IP Address of CMS
-i <Host_IP>
IP Address of Probe (Host)
-k <VSP_Kafka_Node_IP>
IP Address of Kafka
-n <Hostname>
Hostname of the Probe. This is utilized during probe registration with CMS
-r
To start VSP services after Installation
Make a note of the displayed token for future use during password reset
The Optional Parameters for this script are:
Parameter
Description
-e
To indicate Remote vRule configuration. Do not provide this option for Remote vRule option
-x (Not applicable for Windows 2003)
To set the password to stop/modify a service using VSP-CLI utility. When this parameter is used, the user is prompted to provide the password (this method is preferred due to security reasons). A valid password must be 16 characters (minimum) in length and must have alphanumeric characters in both upper and lower cases. Once the password is set, VSP Service start/stop (using services.msc OR sc command) is not allowed
-X (Not applicable for Windows 2003)
To set the password to stop/modify a service using VSP-CLI utility. When this parameter is used, the password must be provided along with the command. A valid password must be 16 characters (minimum) in length and must have alphanumeric characters in both upper and lower cases. Once the password is set, VSP Service (start/stop using services.msc OR sc command) is not allowed
At the end of the installation, the installed probe instance automatically registers with VSP CMS and a restart of the server is NOT required if the parameter -r is provided during installation
If the parameter -r is not provided during installation, start the installed VSP ASI service
Verify that VSP Probe is installed as a service
Verification:
Navigate to Deploy > Probes in CMS
Verify that the Probe server is listed and in Connected state
NOTE
After the upgrade, ensure that the Application is un-provisioned and re-provisioned on CMS. Restart the business application. Click here for more information on business application upgrade
For any publisher trust issues on Windows 2003, refer to the troubleshooting article for the recommended actions