Updated NAPP no longer hosts a particular version of Malware Prevention Service SVM Image
Article ID: 383313
Updated On:
Products
Issue/Introduction
NAPP is upgraded to a newer version and a previously hosted Malware Prevention Service (MPS) SVM is no longer hosted in the upgraded NAPP.
New deployments of SVM or auto-deployment on newly added hosts fail.
Starting with NAPP 4.2.0, Malware Prevention Service VM Images are hosted in the NAPP repository itself. But due to space limitations, only certain versions of the SVM images are hosted for a particular NAPP version. When NAPP is upgraded, it is possible that a previously hosted SVM image would be deleted from the (new) NAPP repository and a newer version of SVM is made available.
In such scenarios, if the deleted SVM image is already deployed in one or more clusters, the deployment needs to be upgraded to the newly hosted versions of the SVM
The clusters where the deleted/unsupported SVM versions are deployed will be in a degraded state. Many workflows like addition of new hosts, redeployment of SVM, etc will no longer be supported for the degraded clusters. The customers are required to upgrade the SVM to a newer version on these clusters and follow the workaround documented in this document
The following table describes the versions of SVM which are no longer hosted in corresponding NAPP versions.
| Sr No. | NAPP Version | Deleted SVM Version |
| 1 | NAPP 4.2.0.1 | 4.2.0.0 |
Eg. If the customer has upgraded NAPP to version 4.2.0.1 and has MPS SVM version 4.2.0.0 deployed in one or more clusters, the customer needs to upgrade the SVM to newer versions and follow the workaround for the SVM 4.2.0.0
Environment
NSX 4.2.0.0 or newer
NAPP 4.2.0.0 or newer
Distributed (E-W) Malware Prevention Service (MPS) is being used and MPS SVMs are deployed on one or more clusters
Cause
As the Malware Prevention Service VM Images are hosted in the NAPP repository itself, only certain versions of the SVM images are hosted for a particular NAPP version. When NAPP is upgraded, it is possible that a previously hosted SVM image would be deleted from the (new) NAPP repository and a newer version of SVM is made available.
In such scenarios, if the deleted SVM image is already deployed in one or more clusters, the deployment needs to be upgraded to the newly hosted versions of the SVM
Resolution
(1) On the clusters where the deprecated SVM is deployed, upgrade the deployments to newer versions of the SVM. Refer to ”Update or Delete NSX Malware Prevention Service Virtual Machine” section in the NSX Administration Guide for detailed steps
(2) Refer to the Malware Prevention API guide (https://developer.broadcom.com/xapis/malware-prevention-api/latest/malware-prevention/) and follow the below steps to delete the references (called SVM Deployment Spec) to the deprecated/deleted SVM images
(a) Use the ‘Get Service Definition’ API to list all registered deployment specs
eg: curl -H 'Authorization: <value>' https://{NSX_IP}/napp/api/v1/malware-prevention/svm-spec
"deployment_specs": {
"results": [
{
"ovf_url": "http://ip/ovf/SVM-4.2.0.ovf",
"deployment_spec_name": "MPS-SVM-4.2.0.0",
"svm_version": "4.2.0.0"
},
{
"ovf_url": "http://ip/ovf/SVM-4.2.0.2.ovf",
"deployment_spec_name": "MPS-SVM-4.2.0.2",
"svm_version": "4.2.0.2"
}
]
}
(b) Get the ‘deployment_spec_name’ of the deployment_spec which has the deleted ‘svm_version’ (refer to the table above which lists deleted SVMs)
Eg. for NAPP 4.2.0.1, we will be deleting "MPS-SVM-4.2.0.0" with "svm_version": "4.2.0.0" which has been deleted.
(c) Use the “Delete Deployment Spec” API to delete the above deployment spec
Eg. curl -X DELETE -H 'Authorization: <value>' https://{NSX_IP}/napp/api/v1/malware-prevention/svm-spec?deployment_spec_name=MPS-SVM-4.2.0.0
3. In the NSX UI, verify that the deleted deployment spec is not visible in the dropdown in the deployment screen.
Feedback
