2019-08-30 06:53 AM
Just want to confirm a couple of points, and hopefully I have the right understanding!
The Backup process for upgrading RSA SA 10.6.6 to RSA NetWitness 11.3 basically captures all the configuration for all RSA SA servers. This configuration information includes IP, subnet and other network and other information as well, right?
Now, once the 11.3 VM is setup, we migrate the HDDs of the corresponding 10.6.6 VM to the 11.3 VM, which basically means we're migrating all the log and meta data from the 10.6.6 VM to the 11.3 VM, right? So, for instance if I migrate the 10.6.6 VM HDDs of the Archiver to the 11.3 Archiver, I shall have all the logs and meta available on the new 11.3 Archiver machine, correct?
Additionally, after we've setup the VM, and before running nwsetup-tui we restore the backed up configuration on the VM, which should assign the same network (including IP and subnet) and other info to the new 11.3 VM, as was assigned to the corresponding old 10.6.6 VM, right?
Please let me know if I've got this understanding right!
2019-08-30 09:35 AM
The Backup process for upgrading RSA SA 10.6.6 to RSA NetWitness 11.3 basically captures all the configuration for all RSA SA servers. This configuration information includes IP, subnet and other network and other information as well, right?
Correct. Like you noted here, it's primarily config with the exception of the ESA Alerts/Incidents. This is because these are inside of mongo and we back up the entirety of the mongo databases. This is the only thing that I remember is self contained in the backup that is created by the script. The rest of the collected data, as you already stated, is covered in your next question.
Now, once the 11.3 VM is setup, we migrate the HDDs of the corresponding 10.6.6 VM to the 11.3 VM, which basically means we're migrating all the log and meta data from the 10.6.6 VM to the 11.3 VM, right? So, for instance if I migrate the 10.6.6 VM HDDs of the Archiver to the 11.3 Archiver, I shall have all the logs and meta available on the new 11.3 Archiver machine, correct?
Also correct. This is where you would migrate your metadb, sessiondb, and packetdb files of all core devices. Core devices being Decoders, Concentrators, Brokers, and Archivers.
Additionally, after we've setup the VM, and before running nwsetup-tui we restore the backed up configuration on the VM, which should assign the same network (including IP and subnet) and other info to the new 11.3 VM, as was assigned to the corresponding old 10.6.6 VM, right?
This is correct. Please do not attempt to change IP information while doing this upgrade as the IP information is scattered throughout the config files themselves, not just the CentOS network scripts. Conducting this change is unsupported and I can promise you is no fun to deal with.
You are free to change IP information after the upgrade has been completed as we have a process in the 11.3 Administration Guides.
2019-08-30 09:38 AM
Thanks Aaron
2019-08-30 09:40 AM
No problem!
2019-08-30 10:24 AM
AS a note, the migration backup scripts are designed to migrate the end device vm "in-place", (i.e. not moving to a "new" vm), you would run the backups with the "-u" option and it will place a copy of the backups back out on the device being backed up. you then boot to the 11.3 iso on that device and and install 11.3 (do not clear the disk configurations when asked), it will remove all partitions except anything in /var/netwitness (where the backup are located) and then install centos 7 and the basic install files, when you run "nwsetup-tui" you will select the upgrade mode and it will use then information in the backup to set the IP and other information on the host. after discovery and installation of the proper services, the host will be the same as it was before and the data drives should be mounted as they were on the old host, with no loss.
If you decide to go the route of creating a new VM for each on, you will have to manually copy the backup files to the proper location on the host BEFORE running the nwsetup-tui, and you will still be doing the upgrade, so adding the extra step is just complicating things.
2019-08-30 11:19 AM
Hi John,
Just to clarify, I simply follow the procedure given in the RSA Upgrade Guides for Virtual Host 10.6.6 to 11.3, and it should be good right? It speaks of deploying 11.3 via a OVF Template and then moving the HDDs, etc. It has visuals for the steps, so I can follow that smooth, right?