This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Garrett_DirSec
Advisor
‎2020-06-11 11:11 AM

Cluster-specific workflow for R80.40 remote hotfix/JHA installation

Jump to solution

Hello -

What's New in R80.40 HERE includes central hotfix/JHA deployment.    This is great news and very attractive new feature for customers with sizable numbers of gateways.    Nice this includes central JFA install on R80.30, R80.20 gateways as well.

The workflow section of admin guide glosses over the specific procedure used when upgrading a cluster.

Can we assume the remote cluster JHA install would happen based on best practice procedures as documented in release notes (ie. zero downtime -- install on gatewayA, failover, and then install on gatewayB)?

Please update the workflow diagram in admin guide for cluster upgrade.

Side topic:   will be be able to TEST/DEMO this on DEMOPOINT?

reference:

R80.40 admin guide reference for central hotfix install HERE (with requirements).  

Thanks in adv. -GA

1 Solution

Accepted Solutions
Boaz_Orshav
Employee
Employee
‎2020-06-11 11:21 AM

Jump to solution

Hi

  Yes, your assumption regarding cluster installation is correct.

  We will add it to documentation.

  Thanks for the tip and will be glad if you have more after using it.....

Boaz

View solution in original post

0 Kudos
11 Replies
Boaz_Orshav
Employee
Employee
‎2020-06-11 11:21 AM

Jump to solution

Hi

  Yes, your assumption regarding cluster installation is correct.

  We will add it to documentation.

  Thanks for the tip and will be glad if you have more after using it.....

Boaz

0 Kudos
Garrett_DirSec
Advisor
‎2020-06-11 11:31 AM
In response to Boaz_Orshav

Jump to solution

Hello @Boaz_Orshav  -- thanks for quick reply. 

I'm curious on topics of (a) error handling, and (b) pre-verification?

Will there be able to easily "check" group of target gateways if a JHA "should" install without issues (example:  identify an installed hotfix that may block install of JHA)?

How will failures be handled?   Will logs be collected for central view -- will central status provide more information than "failed"?

thanks -GA 

0 Kudos
Boaz_Orshav
Employee
Employee
‎2020-06-13 10:04 PM
In response to Garrett_DirSec

Jump to solution

Hi

  Regarding verification - the action "Verify" actually runs the Deployment Agent verify option on the gateway so every pre-verification that is done by CPUSE (like conflict with current HF, disk space etc.) will be identified and reported as is (the central deployment will show the message the CPUSE on the gateway is issuing).

  Logs - we are aware of the need to centrally collect logs in error cases. The Central Deployment GUI has lot's of required functionality and in order not to wait for all to be ready we deliver it in phases.

  R81 shall include much more than R80.40 and so on.

  The logs collection is on the short list for the next version (after 81)

Maarten_Sjouw
Champion
Champion
‎2020-06-13 11:50 PM
In response to Boaz_Orshav

Jump to solution
In a MUliti Domain environment with losts of domains with just 1 GW or 1 cluster, will the packages be loaded once on the global level and then redistributable per domain?
Regards, Maarten
0 Kudos
Boaz_Orshav
Employee
Employee
‎2020-06-13 11:58 PM
In response to Maarten_Sjouw

Jump to solution
On 80.40 the packages are downloaded to the GW from the Check Point Download Center.
On 81 the management can manage a repository and in this version the repository shall be one per MDS (from global context) and installation shall be per domain (package will be taken from the global repository and transferred to the GW)
Garrett_DirSec
Advisor
‎2020-06-15 06:23 AM
In response to Boaz_Orshav

Jump to solution

hello @Boaz_Orshav --  thanks for additional details.

Is this new mechanism leveraging BLINK subsystem?   Or did you have to code from scratch? 

thanks -GA

0 Kudos
Boaz_Orshav
Employee
Employee
‎2020-06-17 09:46 PM
In response to Garrett_DirSec

Jump to solution
The remote (central) installation is orchestrating the Deployment Agent (CPUSE) on the Gateways side, hence supports also Blink packages deployment.
Notice this ability shall be released as part of 81.00
0 Kudos
G_W_Albrecht
Legend
Legend
‎2020-06-23 02:38 AM
In response to Boaz_Orshav

Jump to solution

Dashboard tells me that TX appliances are unsupported - this is not mentioned in current documentation...

CCSE CCTE SMB Specialist
0 Kudos
Dale_Lobb
Collaborator
‎2020-06-16 11:35 AM

Jump to solution

What about taking a backup/snapshot before the installation?  Is or can that be part of the automatic deployment?

0 Kudos
Boaz_Orshav
Employee
Employee
‎2020-06-17 09:48 PM
In response to Dale_Lobb

Jump to solution
Taking automatic snapshot is already part of version upgrade flow.
Do you mean you would like to have it also for Jumbo/HF installation?
0 Kudos
Garrett_DirSec
Advisor
‎2020-06-18 08:00 AM
In response to Boaz_Orshav

Jump to solution

hello @Boaz_Orshav -- this would be nice option.  

0 Kudos
Labels