...
| Table of Contents | ||||
|---|---|---|---|---|
|
| Panel | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
ZIRO recommends upgrading your OS against vulnerabilities every quarters. This can be done after upgrading your ZPC application although keep in mind that downtimes may occurs during the upgrade. To learn how to update your OS against the latest vulnerabilities, review the Update OS Against Latest Vulnerabilities Section at the end of this document. |
WHAT YOU WILL NEED
Tools
FTP Client (WinSCP, FileZilla, etc)
This will be used to move the upgrade file(s) onto the ZPC machine.SSH Client (Putty, SecureCRT, etc)
This will be used to connect to the ZPC machine via the stack8-console and perform the upgrade.
Credentials to your s8admin account
This is the account you will use to connect to the stack8-console via SSH. The default password for the s8admin account is $tacK8, unless your team changed it during the initial deployment of the ZPC OVA.
Upgrade files (links to the latest version are available from the ZIRO Customer Portal)
Latest version of stack8-console
Latest version of ZPC
DOWNLOAD UPGRADE FILES PROVIDED BY EMAIL
In order to upgrade ZPC, you will use the stack8-console built into the ZPC machine. The stack8-console also receives periodic updates and needs to be kept up to date.
...
Get in touch with our Support team to receive the links to the latest versions of both ZPC and the stack8-console upgrade files. Please download them to your local machine before proceeding to step 3.
CONNECT VIA SFTP TO UPLOAD FILES TO THE ZPC MACHINE (VIDEO)
1. Open your chosen SFTP client and connect to ZPC using your s8admin credentials:
...
| Warning |
|---|
The upgrade will not be possible unless the files are uploaded to the correct folder! |
CONNECT VIA SSH TO UPGRADE THE STACK8-CONSOLE (VIDEO)
Open your chosen SSH client and connect to ZPC using your s8admin credentials:
Username: s8admin
Default password: $tacK8 (this password should have been changed during the initial deployment of your ZPC machine)
...
| Tip |
|---|
You have successfully upgraded the stack8-console! |
CONNECT VIA SSH TO UPGRADE ZPC (VIDEO)
| Note |
|---|
IMPORTANT NOTE: As of version 6.5.0 of ZPC, upgrading ZPC will not be permitted if the stack8-console is not running the latest available version. (See video for details) Upgrade the stack8-console before upgrading ZPC to avoir any issues. |
Open your chosen SSH client and connect to ZPC using your s8admin credentials:
Username: s8admin
Default password: $tacK8 (this password should have been changed during the initial deployment of your ZPC machine)
...
| Tip |
|---|
You have successfully upgraded ZPC on the inactive side of the machine. |
FLIP YOUR PRODUCTION TRAFFIC (VIDEO)
| Note |
|---|
Important Note: Before pointing your production traffic to the newest version of ZPC, we suggest performing some smoke tests on the new version to make sure it is working well in your environment. |
...
| Warning |
|---|
The traffic flip will log out anybody currently working in ZPC, but there is no other downtime required. |
Open your chosen SSH client and connect to ZPC using your s8admin credentials:
Username: s8admin
Default password: $tacK8 (this password should have been changed during the initial deployment of your ZPC machine)
Select the Routing & Traffic Flip menu item and select smacs.
You will be presented the routing table and receive the following prompt:
“Would you like to flip your production traffic?”
Type “y” and hit ENTER key.
You will receive a 2nd prompt:
“Would you like to import the LIVE side application settings to other side (i.e. configurations, audits, etc...) before performing the traffic flip?”
Type “y” and hit ENTER key
Now wait for the import of the configurations and traffic flip to complete.
| Tip |
|---|
You have successfully imported your configuration and flipped your production traffic. You are now running the latest version of ZPC in production! 🎈🎉 |
| Note |
| Panel | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
ZIRO recommends upgrading your OS against vulnerabilities every quarters. This can be done after upgrading your ZPC application although keep in mind that downtimes may occurs during the upgrade. To learn how to update your OS against the latest vulnerabilities, review the Update OS Against Latest Vulnerabilities Section below. |
UPDATE OS AGAINST LATEST VULNERABILITIES
What you will need:
SSH Client (Putty, SecureCRT, etc)
This will be used to connect to the ZPC machine via the stack8-console and perform the upgrade.Stack8-console version 3.0.2 or newer
Although the feature was available in earlier releases of Stack8-console, we recommend upgrading to at least version 3.0.2 to address some issues with this feature and for added quality of life improvements.ZPC must be running on the new OS
If you are not sure which version of the OS you are running, check the banner at the top of Stack8-console. The version of the OS should appear as long as you have updated the console to version 3.0.2 or newer.ZPC must be able to reach Internet over port 80
This will allow ZPC to reach Ubuntu’s file servers to download the latest patches. Failing to open port 80 to the internet during the upgrade may cause the upgrade process to fail.
How to upgrade the OS
Open your chosen SSH client and connect to ZPC using your s8admin credentials:
Username: s8admin
Default password: $tacK8 (this password should have been changed during the initial deployment of your ZPC machine)
Select the Update OS Security Vulnerabilities menu item and type “Y” then ENTER when ready to start
The server should now connect to Ubuntu’s remote download servers and update its softwares.
Wait until the process is over, this could take a while (up to two hours in some rare instances)
| Tip |
|---|
That's it! You have successfully patched the OS against the latest vulnerabilities. 🎈🎉 |