Data Center Security Server (DCS) Upgrade Plan: Know before you upgrade
search cancel

Data Center Security Server (DCS) Upgrade Plan: Know before you upgrade

book

Article ID: 213959

calendar_today

Updated On:

Products

Data Center Security Server Data Center Security Server Advanced Data Center Security Monitoring Edition

Issue/Introduction

If you plan to upgrade your DCS Manager you should follow this article to ensure a seamless upgrade

Environment

Data Center Security (DCS) 

Resolution

DCS Version
Note: You must first upgrade to DCS 6.9.2 for all prior versions, before upgrading to DCS 6.9.3
Please contact Technical Support if you require assistance

Backups

- Make a backup of the database. (Possibly shrink, follow up with DBA)

Make a database backup

Backup and restore DCS database

- Snapshot or backup of the DCS manager

- Backup all the .ssl files and certs in the DCS manager directories (install directory/server)

      --cacerts file location (install directory\server\jre\lib\security\cacerts)

- Backup of the server.xml and the quartz.properties files (install directory\server\tomcat\conf)

- Backup rootkey.cer (install directory\server\umc\ssl\umcCA\certs

- Ensure you have adequate space on the manager and DB

System requirements for DCS environment

SQL Users and Settings 

 - Stop all maintenance tasks on the DB (nothing should be running, Splunk connectors, etc)

 - Disable and log out any SIEM type of users so nothing is pulling data from the database

 - Verify your database users (sa, scsp_ops, scspdba) are present/enabled in the database and have the correct permissions and you have the passwords that you installed with. In addition there will be a umcadmin user for the dcsc_umc database. It's common for DBAs to disable accounts like SA and the umcadmin account and these are needed during the upgrade.

 - Ensure scsp_ops and umcadmin passwords are 17 or more characters in length, the upgrade will fail on the UMC database if the password is under 17 characters

 - Use the actual "sa" account when upgrading, it will only be used during the upgrade as we make changes in SQL that require the "sa" account

DCS Manager Action Items

 - Stop DCS services on ALL managers, disable the SISManager service on all but the primary manager (You will re-enable those when you start the upgrade on those managers)

 - Stop AV and disable UAC and SmartScreen (SEP tamper protection in particular, if applicable)

 - Ensure no GPO is set to re-enable the services

 - If there's an agent on the managers, set the prevention policy to null

- Verify registry key TomcatOnlyInstall on primary server does not exist or should be set to FALSE

DCS Tomcat only registry key

- Upgrade primary (run server.exe from an Administrative Command Prompt)

- After the primary has been upgraded, login to UMC and ensure you can see your Assets page

Upgrading Secondary Servers (aka Tomcat Only)

- Enable the SISManager Service (disabled in prior steps)
- Run server.exe from an Administrative Command Prompt

Additional Information

-If you have windows agents lower than 6.7.3.1474, you will need to apply the liveupdate fix after your upgrade is complete (Partner with support for the workaround)

If you are running a DCS Manager version 6.7.x or 6.8.x, 6.9.0, 6.9.1, you will need to first upgrade the DCS Manager to DCS 6.9.2 before upgrading to DCS 6.9.3

Powered by Wolken Software