Upgrade Servers
Cybereason Technical Operations can efficiently upgrade your server to the required Cybereason server version.
For cloud deployments, Technical Support uses a blue-green upgrade process, in which a parallel environment is created for the new version instead of upgrading the current environment. All data and configurations are migrated from the environment with the old version to an environment with the new Cybereason version. This method enables Cybereason Technical Operations to switch traffic from the old or “blue” deployment to the new or “green” deployment after the new deployment has been verified. If a problem is detected, it is possible to roll back to the old deployment quickly. This technique reduces downtime and minimizes risk to your environment.
The general steps of this process are outlined below in Upgrade steps, to help you prepare for server upgrade and be aware of expected downtime.
The following sections cover the upgrade process for major and minor Cybereason server versions. See Upgrade Sensors for information on how to upgrade sensors to the latest version.
It is recommended to verify that the upgraded server version is compatible with your sensors. For details, see Version Support.
In this topic:
Create an upgrade request
To request an upgrade, contact your Customer Success Manager. You must submit your request 7 days prior to the desired upgrade time, however no later than the close of business on every Monday. Requests that are submitted after the close of business on Monday will be processed the following Monday.
In the upgrade request, you can select the upgrade start time.
The following maintenance windows are available for upgrades:
Sundays to Thursdays, from 7 am to 12 pm, Israel Standard Time (IST)
Upgrade start time: 7 am to 12 pm (IST) - This is the maintenance window during which the upgrade begins
In addition, you can ask to change the default configuration for selected features. The configuration changes will occur during the upgrade process.
Technical Operations processes requests based on the number of incoming requests and in-progress upgrades, and limits the number of upgrades performed each day. In the event there is a delay to your scheduled upgrade, Technical Operations will notify you as soon as possible.
During the upgrade process, Technical Operations first deploys the upgraded version of Cybereason in a new (“green”) environment. After the upgraded environment is ready, Technical Operations migrates the data from the old (“blue”) environment to the new environment. Upgrade rollback is possible during this time, and the Cybereason UI in the old environment remains available with only a temporary suspension of visibility into new activity. The upgrade mainly affects the availability of new data and does not affect system availability.
An estimated downtime period of six to eight hours is expected during maintenance. Under certain circumstances, the downtime period may be more than eight hours. If an extension is required, Cybereason Technical Operations will notify you and your Customer Success Manager by email.
During the upgrade process, you and your Customer Success Manager will receive one or more of the following maintenance notifications:
Important
If you are not sure you are set up to receive upgrade notifications, please reach out to your Customer Success Manager.
Maintenance Notification |
Description |
|---|---|
Planned Upgrade (Blue Green) |
A notification is sent with the planned maintenance timeline (start time). |
Upgrade Complete |
A notification is sent when the upgrade successfully completes. At this time, the environment is up and running, post-production tests have demonstrated success, and the environment is ready for use. |
Maintenance Cancelled |
A notification is sent if the maintenance was cancelled due to a rollback. |
Maintenance Extension |
A notification is sent if additional time is required to start or perform the upgrade. An extension enables the relevant technical teams to fix any technical issues that were encountered, instead of rolling back. |
Depending on the technical issues that were encountered during upgrade, a rollback can be performed within 2-4 hours (before sensor connectivity) or 4-6 hours (following sensor connectivity).
Following upgrade, the old environment will remain active for 7 days for rollback purposes.
Service Pack updates can also involve downtime, depending on the Service Pack content. The expected downtime for a full environment upgrade (without sensors) is similar to a major version upgrade.
Upgrade Steps
Important
The upgrade process is performed by Cybereason Technical Operations. You are not required to perform these steps. The information in this section is included in order to provide a better understanding of the process.
Sensor upgrades are not required for server upgrades. In addition, no IP or DNS changes are required.
Step |
Estimated duration |
Downtime implications |
Impact of the stage on your environment |
Customer approval Stage |
|---|---|---|---|---|
|
5 min. |
Sensors are not connected to the servers during the upgrade. No data is lost while sensors are disconnected from the servers. Sensors store the collected data locally until the new environment is available. |
Low |
No |
|
1 hr. |
None. This is done as part of the upgrade process. |
Low |
No |
|
1-2 hrs. |
UI in the old environment is still available but sensors do not send new data. Investigation queries return results based on existing data. |
Low |
No |
|
1-2 hrs. |
UI in the old environment is still available but sensors do not send new data. Investigation queries return results based on existing data. |
Low |
No |
|
1-2 hrs. |
UI in the old environment is still available but sensors do not send new data. Investigation queries return results based on existing data. |
Low |
No |
|
15 min. |
UI in the old environment is still available but sensors do not send new data. Investigation queries return results based on existing data. |
Low |
No |
|
30 min. |
UI in the old environment is still available but sensors do not send new data. Investigation queries return results based on existing data. |
Low |
No |
|
1 hr. |
UI in the old environment is still available but sensors do not send new data. |
Low |
No |
|
15 min. |
Route DNS server names & IP addresses to the new environment. The old environment is not accessible at this point, but servers are online for fast rollback if required. |
High |
Yes |
|
5 min. |
Sensors start to send all saved data from the last 6-8 hours (which during that time they were disconnected from the servers). |
Medium |
Yes |