This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Highlighted
Garrett_Anderso
Advisor
‎2020-06-11 11:11 AM

Cluster-specific workflow for R80.40 remote hotfix/JHA installation

Jump to solution

Hello -

What's New in R80.40 HERE includes central hotfix/JHA deployment.    This is great news and very attractive new feature for customers with sizable numbers of gateways.    Nice this includes central JFA install on R80.30, R80.20 gateways as well.

The workflow section of admin guide glosses over the specific procedure used when upgrading a cluster.

Can we assume the remote cluster JHA install would happen based on best practice procedures as documented in release notes (ie. zero downtime -- install on gatewayA, failover, and then install on gatewayB)?

Please update the workflow diagram in admin guide for cluster upgrade.

Side topic:   will be be able to TEST/DEMO this on DEMOPOINT?

reference:

R80.40 admin guide reference for central hotfix install HERE (with requirements).  

Thanks in adv. -GA

Tags (4)
1 Solution

Accepted Solutions
Highlighted
Boaz_Orshav
Employee+
Employee+
‎2020-06-11 11:21 AM

Jump to solution

Hi

  Yes, your assumption regarding cluster installation is correct.

  We will add it to documentation.

  Thanks for the tip and will be glad if you have more after using it.....

Boaz

View solution in original post

0 Kudos
11 Replies
Highlighted
Boaz_Orshav
Employee+
Employee+
‎2020-06-11 11:21 AM

Jump to solution

Hi

  Yes, your assumption regarding cluster installation is correct.

  We will add it to documentation.

  Thanks for the tip and will be glad if you have more after using it.....

Boaz

View solution in original post

0 Kudos
Highlighted
Garrett_Anderso
Advisor
‎2020-06-11 11:31 AM

Jump to solution

Hello @Boaz_Orshav  -- thanks for quick reply. 

I'm curious on topics of (a) error handling, and (b) pre-verification?

Will there be able to easily "check" group of target gateways if a JHA "should" install without issues (example:  identify an installed hotfix that may block install of JHA)?

How will failures be handled?   Will logs be collected for central view -- will central status provide more information than "failed"?

thanks -GA 

0 Kudos
Highlighted
Boaz_Orshav
Employee+
Employee+
‎2020-06-13 10:04 PM

Jump to solution

Hi

  Regarding verification - the action "Verify" actually runs the Deployment Agent verify option on the gateway so every pre-verification that is done by CPUSE (like conflict with current HF, disk space etc.) will be identified and reported as is (the central deployment will show the message the CPUSE on the gateway is issuing).

  Logs - we are aware of the need to centrally collect logs in error cases. The Central Deployment GUI has lot's of required functionality and in order not to wait for all to be ready we deliver it in phases.

  R81 shall include much more than R80.40 and so on.

  The logs collection is on the short list for the next version (after 81)

Highlighted
Maarten_Sjouw
Champion
Champion
‎2020-06-13 11:50 PM

Jump to solution
In a MUliti Domain environment with losts of domains with just 1 GW or 1 cluster, will the packages be loaded once on the global level and then redistributable per domain?
Regards, Maarten
0 Kudos
Highlighted
Boaz_Orshav
Employee+
Employee+
‎2020-06-13 11:58 PM

Jump to solution
On 80.40 the packages are downloaded to the GW from the Check Point Download Center.
On 81 the management can manage a repository and in this version the repository shall be one per MDS (from global context) and installation shall be per domain (package will be taken from the global repository and transferred to the GW)
Highlighted
Garrett_Anderso
Advisor
‎2020-06-15 06:23 AM

Jump to solution

hello @Boaz_Orshav --  thanks for additional details.

Is this new mechanism leveraging BLINK subsystem?   Or did you have to code from scratch? 

thanks -GA

0 Kudos
Highlighted
Boaz_Orshav
Employee+
Employee+
‎2020-06-17 09:46 PM

Jump to solution
The remote (central) installation is orchestrating the Deployment Agent (CPUSE) on the Gateways side, hence supports also Blink packages deployment.
Notice this ability shall be released as part of 81.00
0 Kudos
Highlighted
G_W_Albrecht
Champion
Champion
‎2020-06-23 02:38 AM

Jump to solution

Dashboard tells me that TX appliances are unsupported - this is not mentioned in current documentation...

0 Kudos
Highlighted
Dale_Lobb
Collaborator
‎2020-06-16 11:35 AM

Jump to solution

What about taking a backup/snapshot before the installation?  Is or can that be part of the automatic deployment?

0 Kudos
Highlighted
Boaz_Orshav
Employee+
Employee+
‎2020-06-17 09:48 PM

Jump to solution
Taking automatic snapshot is already part of version upgrade flow.
Do you mean you would like to have it also for Jumbo/HF installation?
0 Kudos
Highlighted
Garrett_Anderso
Advisor
‎2020-06-18 08:00 AM

Jump to solution

hello @Boaz_Orshav -- this would be nice option.  

0 Kudos