Security Management Center Components Upgrade task

Recommendations before upgrading

We recommend using the Security Management Center Components Upgrade task available in the ESMC Web Console to upgrade your ESMC infrastructure. Carefully review the directions here before upgrading.

note

Note

ESMC 7 automatically notifies you when a new version of the ESMC Server is available.

For additional instructions to upgrade ESET Security Management Center to the latest version guide, see our Knowledgebase article.

Are you upgrading from ERA/ESMC Virtual Appliance?

Are you upgrading an environment with ERA Proxy?

hmtoggle_plus0The ESMC Server instance is installed on a failover cluster?
hmtoggle_plus0Important instructions before upgrading Apache HTTP Proxy on Microsoft Windows
hmtoggle_plus0Important instructions before upgrading Apache HTTP Proxy on Virtual Appliance

 

important

Important

You can upgrade to ESMC 7.2 only from ERA version 6.5 and later. If you use an older version of ERA 6.x, upgrade to ERA 6.5 first.

Back up the following data before you start the upgrade task:

All certificates (Certificate Authority, Server Certificate and Agent Certificate)

Export your Certification Authority Certificates from an old ESMC Server to a .der file and save to external storage.

Export your Peer Certificates (for ESET Management Agent, ESMC Server) and private key .pfx file from an old ESMC Server and save to external storage.

Your ERA/ESMC database. If you have an older unsupported database installed (MySQL 5.5 or MSSQL 2008), upgrade your database to a compatible database version before upgrading the ESMC Server.

 

ESMC Server component version 7.2 is not compatible with 32-bit machines (x86 architecture). Upgrading a 32-bit Server machine from versions 6.5-7.0 to 7.2 will fail.

If you have already run the upgrade and now your system is not working, you need to manually reinstall all ESMC components to the original version.

If you want to upgrade, you need to migrate your current ESMC to a 64-bit machine, and after successful migration, you can run the upgrade task.

ESMC 7.2 uses LDAPS as the default protocol for Active Directory synchronization. If you upgrade an earlier ESMC version on Windows to ESMC 7.2 and you were using the Active Directory synchronization, synchronization tasks will fail in ESMC 7.2.

To upgrade ESET Security Products, use the Software Install task. Run the task using the latest installer package to install the latest version over your existing product.

Recommended upgrade procedure

1.Upgrade the ESMC Server - Select only the machine with the ESMC Server as target for the Security Management Center Components Upgrade task.
 

warning

Warning

When upgrading from ERA 6.x, make sure to upgrade to the ESMC Server before upgrading the Agents. ESET Management Agents 7.x use a new communication protocol and are not able to connect to ERA 6.x Server.

 

2.Select some client computers (as a test sample - at least one client from each operating system and bitness) and run the Security Management Center Components Upgrade task on them.

We recommend that you use Apache HTTP Proxy (or any other transparent web proxy with caching enabled) to limit the network load. The test client machines will trigger the download/caching of the installers. The next time the task is run, the installers will be distributed to client computers directly from the cache.

3.After the computers with upgraded ESET Management Agent are successfully connecting to the ESMC Server, proceed with upgrading the rest of the clients.

 

note

Note

To upgrade ESET Management Agents on all managed computers in the network, select the Static Group All as target for the Security Management Center Components Upgrade task. Computers that were already upgraded before will not be upgraded again.

List of upgraded components:

ESMC Server

ESET Management Agent

ESMC Web Console - only applies when Apache Tomcat was installed to its default installation folder in both Windows and Linux distributions, including ESMC Virtual Appliance (for example: /var/lib/tomcat8/webapps/, /var/lib/tomcat7/webapps/, /var/lib/tomcat/webapps/).

warning

Warning

oApache Tomcat is not upgraded during the ESMC Web Console upgrade via the Components Upgrade task.

oESMC Web Console upgrade does not work if Apache Tomcat was installed in a custom location.

oIf a custom version of Apache Tomcat is installed (manual installation of the Tomcat service), the subsequent ESMC Web Console upgrade via the All-in-one installer or via Components Upgrade Task is not supported.

ESMC Mobile Device Connector. We recommend that you upgrade MDM to version 6.5 before upgrading your environment to version 7.2.

Components that must be upgraded manually:

Apache Tomcat (we strongly recommend that you keep Apache Tomcat up-to-date, see Upgrading Apache Tomcat)

Database Server

Apache HTTP Proxy (can be achieved using All-in-one installer, see Upgrading Apache HTTP Proxy)

ESET Rogue Detection Sensor - To upgrade, install a newer version over the older version (follow the installation instructions for Windows or Linux). If you installed RD Sensor with older ESMC 7.x, you do not need to upgrade it, as there are no new RD Sensor releases.

Troubleshooting

warning

Warning

If the components upgrade fails on a machine running the ESMC Server or Web Console, you may not be able to log into the Web Console remotely. We recommend that you configure physical access to the server machine before performing this upgrade. If you cannot arrange for physical access to the machine, make sure you can log onto it with administrative privileges using a remote desktop. We recommend that you back up your ESMC Server and Mobile Device Connector databases before performing this operation. To back up your Virtual Appliance, create a snapshot or clone your virtual machine.

Verify whether you can access the ESMC repository from an upgraded computer.

Re-running the Security Management Center Components Upgrade task will not work if there is at least one component already upgraded to the newer version.

If there is no clear reason for the failure, you can upgrade components manually. See our instructions for Windows or Linux.

For more suggestions to resolve upgrade issues, see general troubleshooting information.