How to update or upgrade your SSIM environment
Before rolling out a patch in a large SSIM environment it is advise to follow these guidelines:
1- Bring down the number of incidents within the system:
2- Bring down rate of incidents entering the system;
Review default rules that can trigger large number of entries (especially if some Agents are out of time sync or turned off):
Make sure no rules trigger False positive incidents
3- If you have change settings in purge option wait for the next purge job and run your advanced SQL query again to see how many incidents/Alerts are left in the DB.
4- It would be advisable to reduce the number of events coming in during the update as it might take a while (in a multi SSIM environment with high EPS):
5- Make sure all the appliance's configurations are "In Sync"
Once the steps above have been done you can start the update process:
#Before starting backup your system make sure the following:
#Backup -> You need to make full DB2 and ldap backup (In general there is no roll back option once you start the update.)
You need also to follow this article if relevant : http://www.symantec.com/docs/TECH89265
Order to apply patch:
This is the most important step, you need to understand your architecture, what job each appliance is fulfilling
#Apply any patch or update in this order:
To apply update or upgrade:
Only update one appliance at time. For each appliance update after the reboot:
Important : In case of 4.7 Maintenance Pack 4 upgrade, be sure to update all the machines in your environement to 22.214.171.124 version before starting to update the master ldap to a great version. If this happens you will get error message saying : "this is a replica sim, first upgrade the directory master". Once all your machines are on 126.96.36.199 version you can start to apply Patches on the master ldap. This is becasue the install script expect the exact matching version.