NetWitness Community

To maintain healthy/secure systems and using enhanced features, upgrading NetWitness stacks is one of key activities by security operation team need to do at the time when new version or patch is released.

While performing the activities, one of key goals is to upgrade smoothly and to minimize service downtime complying with SLA.

In a certain deployment architecture, there are some cases where several remote NW hosts are placed within co-located remote DC having narrow network bandwidth to NW Server in central DC.

In this case, the upgrading remote hosts may take more times than other hosts because of narrow bandwidth.

It may directly impact to increase service downtime. sometimes it comes to get timeout and fall into error state.

As per a customer's request in similar condition, I've prepared upgrade steps to utilize local resource as repository instead of relying on HTTPS connection to NW server.

It helps customer to conduct the upgrade being free from such a bandwidth resource limitation

• Upgrade Scenario
  - NW Server (11.3.2.1 to 11.5.2.0)
  - MA (11.3.2.1 to 11.5.2.0)
  - ESA (11.3.2.1 to 11.5.2.0)
  - Concentrator (11.3.2.1 to 11.5.2.0)
  - (Network)Decoder (11.3.2.1 to 11.5.2.0)
  where NW core hosts are located at remote site under narrow bandwidth
  
  Let's assume that you decide to utilize local repository against the non-zero node, NW core hosts

• Upgrade Steps
  1. Preparation
     - Upload upgrade packs to NW core hosts (Concentrator & Decoder)
     * netwitness-11.5.0.0.zip
     * netwitness-11.5.1.0.zip
     * netwitness-11.5.2.0.zip
     
     - Verify the checksum (sha256sum)
     
     
  2. Create local repository onto target host (Concentrator, Decoder)
     - Find appropriate disk volume to place local repository(e.g /var/netwitness/localrepo)
     - Create local repository at target host by issueing commands below one by one.
     
     Note. the directory should be good enough to save upgrade packs
     Note. place the zip file and sha256sum checksum file under same directory
     
     target host# mkdir /var/netwitness/localrepo
     target host# /opt/rsa/saTools/bin/external-repo-creator netwitness-11.5.0.0.zip /var/netwitness/localrepo
     target host# /opt/rsa/saTools/bin/external-repo-creator netwitness-11.5.1.0.zip /var/netwitness/localrepo
     target host# /opt/rsa/saTools/bin/external-repo-creator netwitness-11.5.2.0.zip /var/netwitness/localrepo
     
     - Configure the temporary repobase as local
     Note. the directory path should be the same with absolute directory path you've created above
     (e.g /var/netwitness/localrepo ====> file:///var/netwitness/localrepo)
     
     target host# echo "file:///var/netwitness/localrepo" > /etc/netwitness/platform/repobase
     
     
  3. Upgrade NW hosts as usual (NW Server goes first and then others)
     You can continue to upgrade each host as usual.
     Once you've completed other hosts and ready to upgrade target host, you may issue a command at NW server console
     
     node-zero# upgrade-cli-client --upgrade --host-addr <target host IP> --version 11.5.2.0 // Just you need this one.
     e.g) node-zero# upgrade-cli-client --upgrade --host-addr 192.168.229.133 --version 11.5.2.0 // Just you need this one.
     
     
  4. Refresh and release the local repo configuration
     Once the target host is about to reboot after completion of upgrade, you need to release the temporary local repository setup by issuing a command
     
     target host# ./refresh-localrepo.sh
     Note. please find this script being attached and upload to your target host in advance.
     
     
  5. Reboot
     Reboot the target host thru NW UI.
     
     

I've validated these steps against upgrade paths below:
- 11.2.0.1 to 11.3.2.1
- 11.3.2.1 to 11.5.2.0

it works!

Enjoy your upgrade works!!

Important notice: It's not part of RSA official NW upgrade guide. please feel free to use these steps at your own risk.