Upgrade Your Multi-Tenant Deployment - Installation Guide - 6.13 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Installation Guide

Product
Cortex XSOAR
Version
6.13
Creation date
2024-04-15
Last date published
2024-10-09
Category
Installation Guide
Abstract

Upgrading a Cortex XSOAR multi-tenant deployment including preparation, upgrade, and post-upgrade steps.

The upgrade process makes changes to the data in the database which can introduce version incompatibility between the Cortex XSOAR service version and the database version during the upgrade.

Note

Cortex XSOAR with Elasticsearch requires one additional index per tenant, host group, and main account. If you are using Elasticsearch, verify you have sufficient available shards before upgrading to Cortex XSOAR v6.5 and above.

To limit downtime, you can upgrade the main server, restart your main server, and then upgrade your host servers separately. This enables you to plan your upgrade process more efficiently. Although you do not need to upgrade the host servers immediately after upgrading the main server, we highly recommend completing the upgrade process as soon as possible.

The host server is one version earlier than the main server

Cortex XSOAR does not support any functionality if the version difference between the main server and the host server is greater than one version. For example, if the main server is 6.13 and the host server is 6.12, functionality is supported. If the main server is 6.13 and the host server is 6.11, functionality is not supported.

If the version on a host server is no more than one version back (previous version) from the main server, you can still view and edit incidents, work with indicators, and use dashboards.

Note

Content synchronization and host management are not possible when the main server and host server are not the same version.

While you can run Cortex XSOAR if the host server is more than one version from the main server, no functionality is guaranteed and no support is provided.

The following actions are not available where the host server is one version earlier than the main server:

  • Distribute and update playbooks and scripts

  • Propagate new integrations from Marketplace to host servers

  • Manage hosts - delete, add to high availability group, etc.

  • Manage accounts - move accounts to another host, sync, etc.

  • Add new roles and propagation labels to accounts

To upgrade a multi-tenant environment with high availability, do the following:

  1. Stop the main servers.

  2. Upgrade the main servers.

  3. Start the main servers.

  4. Upgrade each host server group at a convenient time. All hosts in the same high-availability group must be upgraded at the same time. All other host server groups can continue to run, and their tenants can be accessed directly through the host.

For Disaster Recovery (DR), you have primary servers for the main and host servers and secondary (backup) servers for the main and host servers. The secondary (backup) servers need to be up and running when the primary servers are being upgraded, so you should always upgrade the secondary (backup) servers before the primary servers. To upgrade a multi-tenant environment with disaster recovery, the procedure should be performed in the following order:

Upgrade Main Server with Disaster Recovery
  1. Stop the main primary server.

  2. Stop the main secondary (backup) server.

  3. Upgrade the main secondary server.

  4. Start the main secondary server.

  5. Upgrade the main primary server.

  6. Start the main primary server.

Upgrade the Host Servers with Disaster Recovery

Can be performed immediately or at a later date. For each host:

  1. Stop the primary host server.

  2. Stop the secondary (backup) host server.

  3. Upgrade the secondary host server.

  4. Start the secondary host server.

  5. Upgrade the primary host server.

  6. Start the primary host server.

How to upgrade

Before you begin, verify that your system meets the general system requirements, including the required operating system, as well as multi-tenant hardware requirements.

  1. Prepare for Upgrade.

    1. Back up your data.

    2. Download the new installer and copy it to all the servers that will be upgraded by running the following command.

      wget -O demisto.sh "<downloadLink>"

      Note

      You can use the original URL that was sent to you when installing Cortex XSOAR by changing it to the following:

      • Change download.demisto.works to download.demisto.com

      • If you want a specific version (other than a general available release), add &downloadName=<version>_<latest or build number> to the end of the URL.

        For example, to upgrade to the latest v6.11 release, type https://download.demisto.com/download-params/?token=xxxxxxx&email=user@paloaltonetworks.com&downloadName=6_11_latest&eula=accept

      If you do not have the original URL, open a Customer Support ticket and select the Download Link option. The link is then sent automatically.

    3. Run the following command to allow the .sh file to run as an executable file.

      chmod +x demisto.sh

  2. Stop the main server.

    sudo service demisto stop

    (Multi-tenant High Availability) Stop all the main app servers.

    Multi-tenant DR) Stop the main primary and secondary servers.

  3. Upgrade the main servers.

    sudo ./demisto.sh -- -multi-tenant

    (Multi-tenant High Availability) Choose a main app server and run the installer on it. After checking the main app server is up and running, run the installer on the other main app servers.

    (Multi-tenant DR) Run the installer on the main secondary (backup) server. After checking the main secondary (backup) server is up and running, run the installer on the main primary server.

  4. Restart the main server.

    sudo service demisto start

  5. Upgrade the host servers.

    Repeat this step for all host servers that you want to upgrade.

    (Multi-tenant High Availability) Repeat this step for all high availability groups.

    1. Stop the host server(s) that you want to upgrade.

      sudo service demisto stop

      (Multi-tenant DR) Stop host secondary (backup) servers.

    2. Run the installer.

      sudo ./demisto.sh -- -multi-tenant

      Cortex XSOAR uses the /tmp folder for installation. If the folder is blocked by policy, you need to specify a new directory or use /var/tmp directory by adding the -target argument to installation before any other flag. For example, sudo ./demisto.sh -target /var/tmp --multi-tenant

      (Multi-tenant High Availability) Choose a host app server and run the installer on it. After checking the host app server is up and running, run the installer on the other host app servers.

      (Multi-tenant DR) Run the installer on the host secondary (backup) server. After checking the host secondary server is up and running, run the installer on the host primary server.

  6. Restart the host server.

    sudo service demisto

  7. Validate the upgrade.

    1. (Multi-tenant High Availability) Check that the main servers are accessible through the load balancer the same as before the upgrade.

    2. Check that all tenants are accessible through the main server.