Updating Hyper-scalable PAS software
This section describes how to update the Hyper-scalable PAS release to a new version of the software, where the Centrify Privileged Access Service is already installed and running. In order to prevent downtime while updating the software, you create new nodes and deploy the new software to those nodes. Once the new nodes are deployed, you then add the new Web nodes to the load balancer, and change to the new deployment, setting the new nodes to active.
For example, if your configuration includes three Web nodes, two Background nodes, and two TCP Relay node deployed as Deployment A, you would deploy three new Web nodes, two new Background nodes, and two TCP Relay node as Deployment B. Once the new nodes are deployed, you add the Deployment B Web nodes to the load balancer (listener target) server group, which now includes six Web nodes. Since Deployment B is not active yet, no traffic is sent to the Deployment B Web nodes. Once Deployment B is set to active, traffic into the load balancer is sent to the Deployment B Web nodes and the nodes in Deployment A become inactive.
Updating Hyper-scalable PAS involves the following main tasks:
- Download the updated Hyper-scalable PAS software package, see Phase 1: Installing the Management node.
Update the database schema and create an updated Deployment on the Management node, see Phase 3: Creating a Deployment package.
Copy the new deployment file to new Windows 2016 Server to create new nodes, see Phase 4: Deploying Hyper-scalable PAS software to Web, Background, and TCP Relay nodes.
- Add the new Web nodes to the load balancer and activate the deployment, see Phase 5: Activating the Deployment.
After the load balancer shows the new nodes as healthy and distributing traffic, remove the nodes from the previous deployment. You can then tear down or reformat the nodes from the previous deployment.
To update Hyper-scalable PAS on the Web, Background, and TCP Relay nodes
The following step-by-step instructions are provided to augment the update overview provided above.
- On the Management node, log in as an user with administrator rights.
See Phase 1: Installing the Management node to download and unzip the updated Hyper-scalable PAS software package from Centrify onto the Management node.
Note: Do not run Centrify-PAS-NewInstallation.ps1 on an existing installation; doing so destroys all of the current data. After creating an initial Installation, the Installation is updated using the Centrify-PAS-NewDeploy.ps1; not using Centrify-PAS-NewInstallation.ps1 again.
See Phase 3: Creating a Deployment package to create an updated <deployment_id>.zip file in the ...\installations\<hostname>\Deployments\<date-DeploymentID>\ directory.
- See Phase 4: Deploying Hyper-scalable PAS software to Web, Background, and TCP Relay nodes to copy the updated deployment file, <deployment_id>.zip, from the Management node to the new target nodes.
- See Phase 5: Activating the Deployment to add the Web nodes to the target list of your load balancer and set nodes to active.
From the nodes you want to remove, type Centrify-PAS-Deploy-RemoveNode command.
You can then tear down or reformat the nodes from the previous deployment.