Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Itai_Minuhin
Employee
Employee

New upgrade mechanism for management servers in R80.40!

Hi everyone,

My name is Itai and I'm a Team Leader in Check Point R&D. My team is responsible for a new upgrade mechanism for the management server.

The new upgrade mechanism will be executed (under the hood) when upgrading from R80.20, R80.20.Mx and R80.30 to R80.40 (and to any future version).

I would like to share with you some exciting advantages of the new upgrade mechanism 

  • New updatable code mechanism for faster delivery of upgrade fixes and enhancements, automatically downloaded as upgrade packages from the Download Center for online environments. Also available for offline environments and requires to download latest upgrade package from the Download Center. For instructions see sk135172.
  • New dynamic HTML upgrade report shows the current status while upgrade is in progress and the final report once upgrade is done. 
    • When upgrading using CPUSE, the report is available by clicking the “To see a detailed upgrade report” link in the Package Details pane. Available from DA version1858.
    • When upgrading using CPUSE or Advanced upgrade, the report is available on the management server at $MDS_FWDIR/log/upgrade_report-<timestamp>.html
  • The new upgrade mechanism was designed to leverage best the architecture of R80.X thus it is more reliable.
  • Future releases will include Management API commands for management server upgrade, this will allow DevOps teams to orchestrate the upgrade process automatically.

Note: I would like to inform that the command for Advance Upgrade has been changed in the new upgrade mechanism. The command that should be used when upgrading from R80.20, R80.20.Mx and R80.30 to R80.40 is migrate_server  (instead of migrate command that is used when upgrading from R80.10 and lower versions). For more information search for migrate_server in R80.40 Installation and Upgrade Guide.

I hope you will enjoy from our new upgrade mechanism. Feel free to reply to this thread with comments or questions, or to reach me or @Eran_Habad privately. 

Itai

11 Replies
Itai_Minuhin
Employee
Employee

I'm adding an example of the upgrade report

 

Upgrade report for exampleUpgrade report for example

0 Kudos
Magnus-Holmberg
Advisor

Nice work, sounds like this could help in ramping out smaller changes faster.

Btw that’s looks like a MDS, if I understood correctly MDS is not yet supported in R80.40.
https://www.youtube.com/c/MagnusHolmberg-NetSec
Eran_Habad
Employee
Employee

Hi @Magnus-Holmberg thanks for the feedback. Of course MDS is supported in R80.40.

Eran

Magnus-Holmberg
Advisor

Hi,

 

Thanks for the clarification.
just notice that the limitation that was refering to R80.40 in MDS was regarding IOT.

Currently Check Point is extending its capabilitys in the cloud with more features.
Thinking more specificliy on Dome9 and Protego, these products are currently not part of the general mgmt release and depends on the cloud mgmt if i understand it correctly.

This new feature for mgmt upgrade is it planning to close the gap and bring more functions in the the regular mgmt/mds?
Maybe to be deliverd as a plugin or similar.

 

Thanks
Magnus

https://www.youtube.com/c/MagnusHolmberg-NetSec
0 Kudos
Eran_Habad
Employee
Employee

The management upgrade process is aimed for a smooth migration of the database between main train versions. After the upgrade, you can enjoy the features and capabilities of the new version. The question on cloud products is agnostic to the upgrade mechanism, and can be asked in the cloud section of Check Mates. In general, indeed some of Check Point's products are outside the main train (not only cloud) to allow CI/CD without dependency on Check Point releases. 

0 Kudos
Martin_Valenta
Advisor

Is it now prefered to upgrade mgmt vs migrate export and do clean install, if already on r80.20 3.10 kernel?
G_W_Albrecht
Legend
Legend

Afaik the R80.30 CPUSE upgrade of SMS did an export of the database, fresh install on a new partition (while keeping the old partition in case of upgrade failures) and database import. If you did that manually, you would have a backup of the database export.

Julian_Sanchez
Collaborator

Albretch, do you use only migrate export for backup of database? 

0 Kudos
zbyszek_b
Explorer

Hello.

I want to ask what will be better toll to backup R80.30 EPM Server, old "migrate export --include-uepm-msi-files" or new one "migrate_server export --include-uepm-msi-files"?

Thanks

Zbyszek 

0 Kudos
Julian_Sanchez
Collaborator

Hi Itai, 

Thanks for share this information. Really I didn´t know about the new mechanism, and maybe I have some doubts yet. I think  will be good do a meeting, or presentation with some examples. I have a question in this moment I have a SMS in R80.30, I think migrate the SMS to Open Server, what is the best way for migrate?:

1. Upgrade the SMS in R80.30 for CPUSE, and then use the database with migrate server export for migrate to Open Server,  (it will requiere one step more). 

2. Use migration_server export to R80.40 in the SMS in R80.30, and then in SMS Open Server with fresh install use migrate_import?

3. Use migrate export normal in R80.30 and use migrate import in the new SMS Open SErver in R80.40?

Maybe if I do the way 2, for logs and indexes I need do a migrate_server -l or not? or only transfer de logs? 

Regards, 

Julian. 

 

0 Kudos
Sergio_Mateos
Explorer

Hi 

We have discovered that in the process, all sheduled pdf reports (/opt/CPrt-R80.40/smartview/exported_files) are included in the file -- (so in this customer the exported file was around 3.4G, with near 4.7G of pdf files...) 

Is there anyway to avoid exportinf those exported reports?

BR

0 Kudos