Skip to content

Upgrading DCAs

Introduction

This guide will walk you through the process of upgrading your White Cloud Security (WCS) Data Center Appliance (DCA). The upgrade involves downloading the new version of the DCA image, validating its integrity, implementing it into your cloud environment, and decommissioning the old version once the new node is verified to be functioning correctly.

Step 1: Obtaining the New DCA Image

1.1 Accessing the Image

New version DCA images are made available via Google Drive. To receive the link to the Google Drive folder containing the latest DCA image, you must first initiate a request for the latest version and confirm that you are a valid license holder. Upon verification, White Cloud Security will provide you with the link.

1.2 Downloading the Image

  1. Navigate to the provided Google Drive link.
  2. Locate the latest DCA image file.
  3. Download the image to your local system.

1.3 Verifying the Image Integrity

Each DCA image is provided with handprint identifying factors. These factors are used to ensure that the image you downloaded is authentic and has not been tampered with. The verification process involves using five hashes (SHA-1, SHA-256, SHA-512, MD5, and CRC32) and the file length, which is the same technology used to validate approved app runs in the product itself.

1.3.1 Handprint Verification Process

  1. Obtain the handprint identifying factors from White Cloud Security. This information typically includes checksums or hashes.
  2. Generate the checksums/hashes of the downloaded image using tools for each algorithm:
  3. For SHA-1: 
    sha1sum <path-to-downloaded-image>
  4. For SHA-256: 
    sha256sum <path-to-downloaded-image>
  5. For SHA-512: 
    sha512sum <path-to-downloaded-image>
  6. For MD5: 
    md5sum <path-to-downloaded-image>
  7. For CRC32: 
    crc32 <path-to-downloaded-image>
  8. Compare the generated checksums/hashes and file length with those provided by White Cloud Security.
  9. If all values match, the image is verified. If not, do not proceed with the installation and contact White Cloud Security support.

Step 2: Implementing the New DCA Node

2.1 Preparing for Installation

Before proceeding, ensure that you have the necessary access and permissions to add a new node to your cloud environment and connect it to your existing MySQL database.

2.2 Standard Install Method

Follow the standard installation method provided by White Cloud Security to set up the new DCA node. The general steps are as follows:

2.2.1 Deploying the New DCA Image

  1. Upload the verified DCA image to your cloud environment.
  2. Launch a new virtual machine or container instance using the uploaded DCA image.
  3. Once the DCA appliance is running, reference Quick Start Guide for setup.

2.2.2 Connecting to MySQL Database

  1. During the setup, configure the new DCA node to connect to your existing MySQL database.
  2. Ensure that the new node has the necessary permissions and can successfully communicate with the database.

2.3 Adding to Load Balancer

If you are using a load balancing reverse proxy cluster, you need to add the new DCA node to the load balancer configuration.

2.3.1 Updating Load Balancer Configuration

  1. Access your load balancer management console.
  2. Add the new DCA node’s IP address or hostname to the load balancer’s configuration.
  3. Ensure that the load balancer can route traffic to the new node.
  4. Apply the changes and verify that the new node is receiving traffic.

Step 3: Validating the New Node

3.1 Testing and Verification

After the new DCA node is part of your current cluster, perform the following tests to ensure it is working properly:

  1. Check the DCA node’s status via the WCS dashboard.
  2. Verify that the new node can successfully collect and process security events.
  3. Ensure that the node is correctly integrated into the MySQL database.
  4. Test the node’s functionality within the load balancer cluster.

3.2 Monitoring and Validation Period

Allow the new DCA node to run for a validation period to ensure stability and reliability. Monitor the node’s performance and logs during this period.

Step 4: Decommissioning the Old DCA Node

4.1 Preparation for Decommissioning

Before decommissioning the old DCA nodes, ensure that the new nodes are fully functional and stable.

4.2 Removing Old Nodes from Load Balancer

  1. Access your load balancer management console.
  2. Remove the old DCA nodes from the load balancer’s configuration.
  3. Apply the changes to stop routing traffic to the old nodes.

4.3 Shutting Down Old Nodes

  1. Access your cloud environment management console.
  2. Locate the old DCA nodes.
  3. Shut down the old nodes and remove them from your cloud environment.

4.4 Clean-Up

Remove any associated resources of the old DCA nodes, such as disks and network interfaces, to free up resources in your cloud environment.