Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
AntiSpoofing
Explorer

R80.20 CDT Versus SmartUpdate (FIGHT!)

Jump to solution

Hello all,

First post so please take it easy on me...

Why can't we upgrade managed firewalls (Service Packs and various updates) through a SmartUpdate-like utility?  Forgive me if this has been asked before.

 

>AntiSpoofing

0 Kudos
Reply
1 Solution

Accepted Solutions
Tomer_Noy
Employee
Employee

Yup, just a few clicks to install the latest Jumbo HF (without even having to search for it). Will automatically install cluster members one-by-one and take care of an orderly fail over.

Join our R80.40 EA!

We do have even more cool stuff coming 🙂

And here is a teaser:

R80.40 HF Installation.png

View solution in original post

18 Replies
PhoneBoy
Admin
Admin
For the last several years, we've distributed patches via CPUSE.
SmartUpdate was never updated to leverage this mechanism.
CDT can distribute CPUSE packages (among other things) to multiple gateways, but doesn't have a SmartUpdate GUI.
I suspect, though don't know the exact timelines, that we will integrate this function into SmartConsole in a later release.
0 Kudos
Reply
Dorit_Dor
Employee
Employee

We took a different route this time. We focused on robust core upgrades (with CPUSE and automation with CDT), all with APIs first and later UI.

We understand that a UI component is needed and phase 1 is coming in R80.40 (why phase 1? because it will not cover all the richness of CDT - it will enable simple update scenario). The UI will be based on UI extension and therefore part of Smart Console and not a separate application.    

In general the richness of CDT comes with strong automation (which wasnt part of SmartUpdate and is less UI relevant) but for CPUSE surely a UI is expected 

Dorit 

BTW you are welcome to join the early availability in a month or two

 

0 Kudos
Reply
Tomer_Noy
Employee
Employee

Yup, just a few clicks to install the latest Jumbo HF (without even having to search for it). Will automatically install cluster members one-by-one and take care of an orderly fail over.

Join our R80.40 EA!

We do have even more cool stuff coming 🙂

And here is a teaser:

R80.40 HF Installation.png

View solution in original post

AntiSpoofing
Explorer
Thank-You, yes, that was what I expected. I just thought that the CPUSE approach was a tad laborious since you are downloading multiple times the same package whereas the Management distribute and scheduled application was much-to-be-desired function.

Thanks!
0 Kudos
Reply
VincentBacher
Participant

This new feature is for hotfixes. Upgrading using SmartConsole would be the next step. We are waiting..... 😎

0 Kudos
Reply
AntiSpoofing
Explorer
Thanks Dorit!

BTW - Former Employee (Roger, Diamond TAC, Team 1)
0 Kudos
Reply
Lewis_Ryan
Explorer

Hi,

I thought CDT in GUI form was going to be part of R80.30 is this now not the case?  We are not yet on this release but were planning to be due to CDT availability in the console.

I have just checked on the SmartConsole for R80.30 on Demopoint but couldn't find CDT in the console, unless I am missing it or does it require an extension of some sort?

0 Kudos
Reply
PhoneBoy
Admin
Admin
Hadn't heard this MIGHT be in R80.30.
In any case, it's planned for R80.40 and you are encouraged to join the EA.
0 Kudos
Reply
Lewis_Ryan
Explorer
That's what I was told at the Demo at CPX Vienna. Will consider EA
0 Kudos
Reply
AntiSpoofing
Explorer
Thank-you sir!
I got word that it's coming.

It was just that it seemed like a step back from where "we" were...
0 Kudos
Reply
M_Ruszkowski
Contributor

Right now...I am on the CDT side.   So please don't take my CDT away!!!!

The CDT has worked very well for us. We have upgraded more that 135 firewalls in three months. Keep in mind, we can only do these upgrades on weekends. It used to take us more than a year to upgrade everything. The upgrades have been from R77.20 and R77.30 to R80.20 with Jumbo Take. And we are using CDT to roll out HFA's as well. We have already started patching with Take 118, which was recently released. This has dramatically sped up our upgrades and patching cycles.   This will be the first time in over 10 Years that all of our firewalls will be on the same version and HFA!    

If you have not tried CDT, I would recommend just skipping the basic method and go right to the advanced method and define a deployment plan. Not very hard to do it, and you are going to end up doing this way anyway. So don't bother with basic method.

Luis_Miguel_Mig
Specialist

I have watched this video about CDT in Smartconsole in R81. Beautiful. Really nice.
I was wondering what are the plans? Will the smartconsole with get more and more features of the CDT CLI version?
And just something simple: in the GUI version both gateways in the cluster get upgraded one after the other. I was thinking that it would be nice to give the administrator the option to wait to run postchecks before the upgrade of the second gateway.

0 Kudos
Reply
PhoneBoy
Admin
Admin

CDT may have a few more options overall, but the plan is to bring in more functionality into SmartConsole.
Like the suggestion for post-upgrade checks before upgrading other cluster members.
@Tsahi_Etziony 

0 Kudos
Reply
Tsahi_Etziony
Employee
Employee

The SmartConsole capabilities are separated from CDT and it is not a GUI for CDT. It is developed by the same team to make sure we learn from the CDT development, but it has much higher focus on usability, and hopefully it can be used without any learning effort. 

As @PhoneBoy wrote, we will continue to bring new capabilities to SmartConsole, but I expect CDT to stay with us for a very long time because frankly, it is much more powerful. We will definitely continue to develop and support both options.

The cluster suggestion is a high priority for us, but unfortunately it will probably only be available towards the end of 2021. The reason - we want to make the UX perfect, and it requires some more research and usability trials. If you are interested to contribute this effort, share your thoughts and even try out early developments, we would love to contact you for an open discussion. 

0 Kudos
Reply
Luis_Miguel_Mig
Specialist

Yeah absolutely, thanks.  I am definitely interested in the usability focus of the GUI/Smartconsole version. 
I guess that you may be already working on these few things I am suggesting, but anyway  at the  moment I miss:

- more visibility of what is going on during the upgrade, be aware of the different phases, perhaps show the cpuse messages...

- include snapshots in the process

-  include breakpoints and post checks, so the admin can pause for a while (after one member of the cluster has been upgraded) and then decide if resume or rollback

0 Kudos
Reply
Tsahi_Etziony
Employee
Employee

Sure. I'll have my guys contact you for future usability sessions and feedback. 

Your suggestions are indeed known to us. I only have one comment on the snapshot - when you perform a major upgrade, either from SmartConsole, using CDT or directly using the GW's CPUSE interface, CPUSE is keeping an automatic snapshot on the GW as part of the process. 

0 Kudos
Reply
Luis_Miguel_Mig
Specialist

That is great that CPUSE already do it. So perhaps a bit of visibility on what is going behind the scenes would be enough.
And would CPUSE allow you to use it for a rollback? And would CPUSE also be able to take the snapshot and store it remotely?

0 Kudos
Reply
Tsahi_Etziony
Employee
Employee

Visibility - for sure!

Currently exporting a snapshot or reverting to a saved snapshot is only available from the machine itself. 

0 Kudos
Reply