Introduction to live upgrades¶
A live upgrade of cyberelements Cleanroom involves directly updating components that are already installed. This method therefore involves production shutdowns, with varying impacts depending on the components being updated. We recommend updating components in the following order:
cyberelements Cleanroom clients. Impact during version upgrade: interruption of the client connection with disconnection of applications requiring it (HTML5 or Web applications are not affected). The client version upgrade can take up to 5 minutes (depending on the performance of the computer and the analysis components of the workstation, such as antivirus or EDR).Direct recording agent. Impact during version upgrade: direct access or RDP and HTML5 RDP applications with agent will be interrupted. We recommend allowing for 5 minutes of service unavailability for the server on which the agent is installed. In addition, since the version upgrade can be automated and scheduled, it is best to trigger it outside of working hours.Mediation ControllerServer. Impact during the version upgrade: instability of all platform services (depending on when the various subcomponents are upgraded). We recommend allowing for a maintenance window of at least 1 hour.Edge GatewayServer. Impact during the upgrade: direct access provided by the Edge Gateway server will be unavailable, as will the ability to access applications and resources normally accessible via the Edge Gateway. We recommend allowing for a one-hour maintenance window.
Tip
Upgrading different servers can be done in parallel to reduce platform downtime.
For initial upgrades with cyberelements Cleanroom, setting aside a total maintenance window of four hours allows you to perform the upgrade while still having time to contact Support in case of questions or unexpected events specific to your environment. Based on initial experience, the server upgrade can take as little as 30 minutes in the most favorable cases (prerequisites correctly in place, high Debian package download speed, and server power not limiting the upgrade).
Information
For cluster architectures, the operations required to upgrade the servers must be performed at least twice (for each server of the same type). Please note that we recommend using the same version for Mediation Controller servers, so their upgrades must either be performed in parallel or sequentially (starting with the slave server).
Overall, the live upgrade will follow these steps:
- Planning and Preparation
- Creation of a recipe book
- Verification of the opening of flows to Debian repositories
- Downloading of necessary sources and tools
- Backup of the cyberelements Cleanroom environment (including external databases if used)
- Qualifying new client components and cyberelements Cleanroom agent
- Upgrading
- Upgrading clients and cyberelements Cleanroom agent
- Upgrading Mediation Controller server(s)
- Upgrading Edge Gateway server(s)
- Upgrading HTML5 Gateway server(s)
- Validation
- Validation of Mediation Controller and Edge Gateway server versions
- Validation of the cyberelements Cleanroom platform based on the acceptance criteria document compiled during the preparatory phase
The acceptance criteria document will be used at the end of the version upgrade operation to confirm that the platform is functioning correctly. It is strongly recommended to identify the services currently delivered by the cyberelements Cleanroom infrastructure in order to compile it (e.g., web application to a specific web server; connection via SAMLv2 identity federation or use of direct access).
The qualification of new client and agent components consists of validating the proper functioning of the new version on a few machines representative of the overall infrastructure. If no malfunctions are detected, the global version upgrade process can be initiated.