CA API Gateway - Upgrading your Gateway Appliance from 10.0 to 10.1

book

Article ID: 240960

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

The following document is an example of how to upgrade your CA API Gateway Appliance from version 10.0 to version 10.1

This Article is based on the formal upgrade documentation seen here

https://techdocs.broadcom.com/us/en/ca-enterprise-software/layer7-api-management/api-gateway/10-1/install-configure-upgrade/upgrade-the-gateway/upgrade-an-appliance-gateway/standard-upgrade-procedure.html

  • This document does not cover all upgrade scenarios
  • This document is not a replacement for contacting Broadcom Professional Services for upgrade assistance,
  • This document should only be used as a guide and not full upgrade planning
  • This document is applicable to upgrading the Gateway Appliance Form Factor (VMware ESX, AWS AMI or MS Azure Gateway appliances). 
  • This document does not cover upgrading Container or Software Installs
  • This document assumes you are not running the CA Siteminder SDK but if you are you can add the application of the corresponding CA Siteminder SDK that is included in the upgrade zip file to your patch sequence.

 

Cause

General Upgrade Sequence

This is the general flow of the procedure.  There are more detailed steps below in Step 1, Step 2 and Step 3

First, gather some details about your environment  (Step 1 below)

Gather Files from the Download Portal (Step 2 Below)

Copy patch L7P Files to your Gateway and change permissions (Step 3 Below)

Enter Patching Menu. Upload and install Patch Layer7_API_PlatformUpdate_64bit_v10.1.00-CentOS.L7P 

Reboot the Gateway 

Enter Patching Menu. Upload and install Patch Layer7_API_Gateway_v10.1.00.11620.L7P

Upgrade your Database from the Gateway Menu. 

Reboot the Gateway and when it comes back online your Gateway node should now be at version 10.1. 

Environment

CA API Gateway 10.0

Step 1:

First, gather some details about your environment

  1. Gather the Current Gateway Version.  You should be running Gateway 10.0.  It does not matter if you have any Cumulative Release Patches or Monthly Platform Patches applied. You do not have to be at any particular Cumulative Release or Monthly Platform patch level to upgrade from Gateway 10.0 to 10.1.  After upgrading from 10.0 to base 10.1 you will apply the latest 10.1 Cumulative Release patch (CR01) and if necessary the latest Monthly Platform patch. You can determine the current Gateway version by dropping into the Root Shell on your gateway and running rpm -qa ssg
  2. Determine if you are running any Broadcom provided Custom Assertions. If your installation includes any custom assertions built with Gateway 10.0 or older, you may need to recreate them using the latest Java 11-compatible Gateway Custom Assertion Software Development Kit. Verify with Broadcom Support before upgrading to ensure that your particular custom assertion will not cause issues during the Gateway upgrade.
  3. Consider if you are running a Standalone Gateway or a Clustered Environment. 

Step 2: 

Gather the necessary files

Download and prepare the necessary files you will need to upgrade from Gateway 10.0 to 10.1

Access the Broadcom Download Portal

https://support.broadcom.com/download-center/download-center.html

Select My Downloads from the Left-hand Pane

Select the proper category Cyber Security Software from the following Drop-Down 

Search for and click on the category API Gateway 

From here you will see a list of Software Entitlements specific to your contract.  For example you may see something like this in which case you would click into the 10.1 link

The file you will need to upgrade your Gateway 10 Appliance is called:

CA_API_Gateway_Virtual_CentOS_Appliance_Upgrade_10.1.00.zip

This ZIP file contains three files:

  • Layer7_API_PlatformUpdate_64bit_v10.1.00-CentOS.L7P
    • This is the first file you will apply which prepares the underlying Gateway Appliance OS Platform
  • Layer7_API_Gateway_v10.1.00.11620.L7P
    • This is the main Gateway 10.1 upgrade patch that brings your Gateway to version 10.1.  This is applied ONLY after you have successfully applied Layer7_API_PlatformUpdate_64bit_v10.1.00-CentOS.L7P
  • CA_SSO_SDK_Compact_v12.8.03.L7P
    • This is an optional upgrade file if you are running the CA SSO Siteminder integration on your Gateway

Now let's look at the upgrade process in detail:

Resolution

Step 3:

Upgrading the Gateway from 10.0 to 10.1

Stop Here:

Before proceeding take all precautions to VMware snapshot your Gateway 10.0 if possible.

Follow this Sequence to upgrade the Gateway Appliance to 10.1

Copy these two files to you Gateway /home/ssgconfig directory

Layer7_API_PlatformUpdate_64bit_v10.1.00-CentOS.L7P

Layer7_API_Gateway_v10.1.00.11620.L7P 

Log into the Gateway, drop into the root shell and navigate to the /home/ssgconfig directory and change the file permission to 755 with:

chmod 755 Layer7_API_PlatformUpdate_64bit_v10.1.00-CentOS.L7P 

chmod 755 Layer7_API_Gateway_v10.1.00.11620.L7P

Now enter the Gateway Patch Menu with Option 8 Display Patch Management Menu

Choose Option 1 Upload a patch to the Gateway

Choose Layer7_API_PlatformUpdate_64bit_v10.1.00-CentOS.L7P for upload processing

After the Patch has been uploaded Choose Option 2 Install a patch onto the Gateway and choose the Layer7_API_PlatformUpdate_64bit_v10.1.00-CentOS.L7P for installation

After the patch has been successfully uploaded and installed Reboot the Gateway Node.

Run the Patch Upload and Install for patch Layer7_API_Gateway_v10.1.00.11620.L7P similar to the first patch, uploading and installing it through the Gateway Menu.

After the application of the second patch Upgrade your Database from the Gateway Menu. Select option 2 (Display Layer7 API Gateway configuration menu) and then Select option 1 (Upgrade the Layer7 API Gateway database) and follow the prompts on the screen.

After the DB is upgraded Reboot the Gateway node

The Gateway node is now at Gateway 10.1 and you can use the same general process for each subsequent node in the cluster.

Note the Additional Information section below if you wish to extend the upgrade for 10.1 to include the latest Cumulative Release (CR) Patch and or the latest Monthly Platform Patch (which includes vulnerability fixes and other updates for the underlying Gateway Appliance platform)

 

 

Additional Information

Policy Manager Installation for Gateway 10.1

Please obtain the following file from your Download Portal and ensure you are using the Policy Manager for Gateway 10.1

CA_API_Gateway_Policy_Manager_10.1.00.zip

Applying Gateway 10.1's latest Cumulative Release Patch and/or the latest Monthly Platform Patch

Please see the following KB article to patch Gateway 10.1 with the latest CR and Monthly Patch.  

Please note that Gateway 10.0 and Gateway 10.1 have SEPARATE Cumulative Release patches so ensure that you are following the instructions for Gateway 10.1.  All Monthly Platform Patches can be applied to both Gateway 10.0 and Gateway 10.1 appliances and are not separate for each version.

https://knowledge.broadcom.com/external/article?articleId=240851

Attachments