Juniper Secure Analytics Upgrading JSA to 7.3.0
Release
7.3.0
Modified: 2017-12-11
Copyright © 2017, Juniper Networks, Inc.
Juniper Networks, Inc.1133 InnovationWaySunnyvale, California 94089USA408-745-2000www.juniper.net
Juniper Networks, the Juniper Networks logo, Juniper, and Junos are registered trademarks of Juniper Networks, Inc. and/or its affiliates inthe United States and other countries. All other trademarks may be property of their respective owners.
Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify,transfer, or otherwise revise this publication without notice.
Juniper Secure Analytics Upgrading JSA to 7.3.07.3.0Copyright © 2017 Juniper Networks, Inc. All rights reserved.
The information in this document is current as of the date on the title page.
YEAR 2000 NOTICE
Juniper Networks hardware and software products are Year 2000 compliant. Junos OS has no known time-related limitations through theyear 2038. However, the NTP application is known to have some difficulty in the year 2036.
ENDUSER LICENSE AGREEMENT
The Juniper Networks product that is the subject of this technical documentation consists of (or is intended for use with) Juniper Networkssoftware. Use of such software is subject to the terms and conditions of the End User License Agreement (“EULA”) posted athttp://www.juniper.net/support/eula/. By downloading, installing or using such software, you agree to the terms and conditions of thatEULA.
Copyright © 2017, Juniper Networks, Inc.ii
Table of Contents
About the Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii
Documentation and Release Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii
Documentation Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii
Documentation Feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix
Requesting Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x
Self-Help Online Tools and Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . x
Opening a Case with JTAC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x
Chapter 1 What's NewWhen You Upgrade to JSA 7.3.0 . . . . . . . . . . . . . . . . . . . . . . . . . . 13
What's New When You Upgrade to JSA 7.3.0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Shared License Pool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
RHEL V7.3 Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Chapter 2 Preparing for the Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Preparing for the Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Software Version Requirements for Upgrades . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Memory and Disk Space Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
JSA Memory Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Other Memory Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Disk Space Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Supported Web Browsers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Backing Up Third-party Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Upgrade Sequence in Distributed Deployments . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Upgrading High-availability Deployments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Precautions for Upgrading Appliances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Chapter 3 Upgrading JSA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Administrator Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Staging Files and Pretesting your Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Installing the JSA 7.3.0 ISO on the Console Appliance . . . . . . . . . . . . . . . . . . . . . . 24
Installing the JSA 7.3.0 ISO on all other Managed Hosts . . . . . . . . . . . . . . . . . . . . 25
Installation Wrap-up . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Clearing theWeb Browser Cache After Upgrades . . . . . . . . . . . . . . . . . . . . . . . . . . 27
iiiCopyright © 2017, Juniper Networks, Inc.
Copyright © 2017, Juniper Networks, Inc.iv
Juniper Secure Analytics Upgrading JSA to 7.3.0
List of Tables
About the Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii
Table 1: Notice Icons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viii
Table 2: Text and Syntax Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viii
Chapter 2 Preparing for the Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Table 3: Minimum and Optional Memory Requirements for JSA Appliances . . . . . 16
Table 4: Supported Web Browsers for JSA Products . . . . . . . . . . . . . . . . . . . . . . . . 17
vCopyright © 2017, Juniper Networks, Inc.
Copyright © 2017, Juniper Networks, Inc.vi
Juniper Secure Analytics Upgrading JSA to 7.3.0
About the Documentation
• Documentation and Release Notes on page vii
• Documentation Conventions on page vii
• Documentation Feedback on page ix
• Requesting Technical Support on page x
Documentation and Release Notes
To obtain the most current version of all Juniper Networks®technical documentation,
see the product documentation page on the Juniper Networks website at
http://www.juniper.net/techpubs/.
If the information in the latest release notes differs from the information in the
documentation, follow the product Release Notes.
Juniper Networks Books publishes books by Juniper Networks engineers and subject
matter experts. These books go beyond the technical documentation to explore the
nuances of network architecture, deployment, and administration. The current list can
be viewed at http://www.juniper.net/books.
Documentation Conventions
Table 1 on page viii defines notice icons used in this guide.
viiCopyright © 2017, Juniper Networks, Inc.
Table 1: Notice Icons
DescriptionMeaningIcon
Indicates important features or instructions.Informational note
Indicates a situation that might result in loss of data or hardware damage.Caution
Alerts you to the risk of personal injury or death.Warning
Alerts you to the risk of personal injury from a laser.Laser warning
Indicates helpful information.Tip
Alerts you to a recommended use or implementation.Best practice
Table 2 on page viii defines the text and syntax conventions used in this guide.
Table 2: Text and Syntax Conventions
ExamplesDescriptionConvention
To enter configuration mode, type theconfigure command:
user@host> configure
Represents text that you type.Bold text like this
user@host> show chassis alarms
No alarms currently active
Represents output that appears on theterminal screen.
Fixed-width text like this
• A policy term is a named structurethat defines match conditions andactions.
• Junos OS CLI User Guide
• RFC 1997,BGPCommunities Attribute
• Introduces or emphasizes importantnew terms.
• Identifies guide names.
• Identifies RFC and Internet draft titles.
Italic text like this
Configure themachine’s domain name:
[edit]root@# set system domain-namedomain-name
Represents variables (options for whichyou substitute a value) in commands orconfiguration statements.
Italic text like this
Copyright © 2017, Juniper Networks, Inc.viii
Juniper Secure Analytics Upgrading JSA to 7.3.0
Table 2: Text and Syntax Conventions (continued)
ExamplesDescriptionConvention
• To configure a stub area, include thestub statement at the [edit protocolsospf area area-id] hierarchy level.
• Theconsoleport is labeledCONSOLE.
Represents names of configurationstatements, commands, files, anddirectories; configurationhierarchy levels;or labels on routing platformcomponents.
Text like this
stub <default-metricmetric>;Encloses optional keywords or variables.< > (angle brackets)
broadcast | multicast
(string1 | string2 | string3)
Indicates a choice between themutuallyexclusive keywords or variables on eitherside of the symbol. The set of choices isoften enclosed in parentheses for clarity.
| (pipe symbol)
rsvp { # Required for dynamicMPLS onlyIndicates a comment specified on thesame lineas theconfiguration statementto which it applies.
# (pound sign)
community namemembers [community-ids ]
Encloses a variable for which you cansubstitute one or more values.
[ ] (square brackets)
[edit]routing-options {static {route default {nexthop address;retain;
}}
}
Identifies a level in the configurationhierarchy.
Indention and braces ( { } )
Identifies a leaf statement at aconfiguration hierarchy level.
; (semicolon)
GUI Conventions
• In the Logical Interfaces box, selectAll Interfaces.
• To cancel the configuration, clickCancel.
Representsgraphicaluser interface(GUI)items you click or select.
Bold text like this
In the configuration editor hierarchy,select Protocols>Ospf.
Separates levels in a hierarchy of menuselections.
> (bold right angle bracket)
Documentation Feedback
We encourage you to provide feedback, comments, and suggestions so that we can
improve the documentation. You can provide feedback by using either of the following
methods:
• Online feedback rating system—On any page of the Juniper Networks TechLibrary site
athttp://www.juniper.net/techpubs/index.html, simply click the stars to rate thecontent,
and use the pop-up form to provide us with information about your experience.
Alternately, you can use the online feedback form at
http://www.juniper.net/techpubs/feedback/.
ixCopyright © 2017, Juniper Networks, Inc.
About the Documentation
• E-mail—Sendyourcommentsto [email protected]. Includethedocument
or topic name, URL or page number, and software version (if applicable).
Requesting Technical Support
Technical product support is available through the JuniperNetworksTechnicalAssistance
Center (JTAC). If you are a customer with an active J-Care or Partner Support Service
support contract, or are covered under warranty, and need post-sales technical support,
you can access our tools and resources online or open a case with JTAC.
• JTAC policies—For a complete understanding of our JTAC procedures and policies,
review the JTAC User Guide located at
http://www.juniper.net/us/en/local/pdf/resource-guides/7100059-en.pdf.
• Product warranties—For product warranty information, visit
http://www.juniper.net/support/warranty/.
• JTAC hours of operation—The JTAC centers have resources available 24 hours a day,
7 days a week, 365 days a year.
Self-Help Online Tools and Resources
For quick and easy problem resolution, Juniper Networks has designed an online
self-service portal called the Customer Support Center (CSC) that provides youwith the
following features:
• Find CSC offerings: http://www.juniper.net/customers/support/
• Search for known bugs: https://prsearch.juniper.net/
• Find product documentation: http://www.juniper.net/documentation/
• Find solutions and answer questions using our Knowledge Base: http://kb.juniper.net/
• Download the latest versions of software and review release notes:
http://www.juniper.net/customers/csc/software/
• Search technical bulletins for relevant hardware and software notifications:
http://kb.juniper.net/InfoCenter/
• Join and participate in the Juniper Networks Community Forum:
http://www.juniper.net/company/communities/
• Open a case online in the CSC Case Management tool: http://www.juniper.net/cm/
Toverify serviceentitlementbyproduct serial number, useourSerialNumberEntitlement
(SNE) Tool: https://entitlementsearch.juniper.net/entitlementsearch/
Opening a Casewith JTAC
You can open a case with JTAC on theWeb or by telephone.
• Use the Case Management tool in the CSC at http://www.juniper.net/cm/.
• Call 1-888-314-JTAC (1-888-314-5822 toll-free in the USA, Canada, and Mexico).
Copyright © 2017, Juniper Networks, Inc.x
Juniper Secure Analytics Upgrading JSA to 7.3.0
For international or direct-dial options in countries without toll-free numbers, see
http://www.juniper.net/support/requesting-support.html.
xiCopyright © 2017, Juniper Networks, Inc.
About the Documentation
Copyright © 2017, Juniper Networks, Inc.xii
Juniper Secure Analytics Upgrading JSA to 7.3.0
CHAPTER 1
What's NewWhen You Upgrade to JSA7.3.0
• What's NewWhen You Upgrade to JSA 7.3.0 on page 13
What's NewWhen You Upgrade to JSA 7.3.0
JSA 7.3.0 introduces a shared license pool for managing EPS and FPM, and now uses
Red Hat Enterprise Linux (RHEL) V7.3.
NOTE: There is a change in the representation of releases for JSA releaseslater than JSA 2014.8. Starting with JSA 7.3.0, JSA releases are representedas 7.x.x releases. There is no change in the representation of JSA Releases2014.1 through 2014.8.
NOTE: You are recommended to apply JSA 7.3.0 patch 6 interim fix 01, if youare on JSA 7.3.0 patch 6. See JSA 7.3.0 patch 6 Interim Fix 01 patch releasenotes for details.
Shared License Pool
You can adapt to workload changes by distributing events per second (EPS) and flows
per minute (FPM) to any host in your deployment, regardless of which appliance the
license is allocated to.
Forexample, youhavea JSA2014.8distributeddeployment thathas twoeventprocessors,
onewith 7,500 EPS and the other with 15,000 EPS.When you upgrade to JSA 7.3.0, each
processor maintains the pre-upgrade EPS allocations, but the combined 22,500 EPS
becomepart of the shared license pool.When the data volumes for the event processors
change, or when you add amanaged host, you can redistribute the EPS capacity.
For more information about managing the shared license pool, see the License
Management chapter in the Juniper Secure Analytics Administration Guide.
13Copyright © 2017, Juniper Networks, Inc.
RHEL V7.3 Benefits
RHELV7.3makes JSAmoresecure.RHELV7.3alsosupportsLogicalVolumeManagement
(LVM), which provides flexible and advanced disk partitioning. With LVM, you can create
partitions, resize them, and aggregate clusters of storage together.
For example, youhavea JSAAll-In-One virtual appliance. Youneedmore local disk space
so that you can store events for a longer time. You can add another disk to extend the
/store partition.
RelatedDocumentation
• Preparing for the Upgrade on page 15
• Software Version Requirements for Upgrades on page 15
• Memory and Disk Space Requirements on page 16
Copyright © 2017, Juniper Networks, Inc.14
Juniper Secure Analytics Upgrading JSA to 7.3.0
CHAPTER 2
Preparing for the Upgrade
• Preparing for the Upgrade on page 15
• Software Version Requirements for Upgrades on page 15
• Memory and Disk Space Requirements on page 16
• SupportedWeb Browsers on page 17
• Backing Up Third-party Data on page 17
• Upgrade Sequence in Distributed Deployments on page 18
• Upgrading High-availability Deployments on page 18
• Precautions for Upgrading Appliances on page 19
Preparing for the Upgrade
To successfully upgrade an JSA system, verify your upgrade path, especially when you
upgrade from older versions that require intermediate steps. Youmust also review the
software, hardware, and high availability (HA) requirements.
NOTE: When you upgrade to JSA 2014.6 or later, the SSH keys on everymanaged host are replaced. If you are connecting to or from a JSAmanagedhost and you are using key-based authentication, do not remove or alter theSSH keys. Removing or altering the keysmight disrupt communicationbetween the JSA Console and themanaged hosts, and result in lost data.
RelatedDocumentation
Software Version Requirements for Upgrades on page 15•
• Memory and Disk Space Requirements on page 16
• SupportedWeb Browsers on page 17
Software Version Requirements for Upgrades
To ensure that JSA upgrades without errors, ensure that you use only the supported
versions of JSA software:
• Ensure that JSA 2014.8.r2 and later is installed.
15Copyright © 2017, Juniper Networks, Inc.
• Check the software version in the software by clicking Help >About.
NOTE: Software versions for all JSAappliances in a deploymentmust be thesame version and build. Deployments that use different JSA versions ofsoftware are not supported.
NOTE: For amanagedWinCollect deployment, youmust useWinCollectV7.2.5or later. If youareonanearlier versionofWinCollect, youmustupgradetoWinCollect V7.2.5 before you can apply the JSA 7.3.0 upgrade.
RelatedDocumentation
Memory and Disk Space Requirements on page 16•
• SupportedWeb Browsers on page 17
• Backing Up Third-party Data on page 17
Memory and Disk Space Requirements
Before you upgrade, ensure that JSAmeets theminimumor suggestedmemory and disk
space requirements.
JSAMemory Requirements
The following table describes the minimum and suggestedmemory requirements for
JSA appliances. Theminimummemory requirement defines the amount ofmemory that
is required by the software features. The suggestedmemory requirements include the
amount of memory that is required by the current software features and extra memory
for possible future capabilities. Appliances that have less than the suggested appliance
memory might experience performance issues during periods of excessive event and
flow traffic.
Table 3: Minimum andOptional Memory Requirements for JSA Appliances
Suggestedmemoryrequirement
MinimummemoryrequirementAppliance
2 GB2 GBFlow Collector Virtual without JSA Vulnerability Scanner
6 GB6 GBFlow Collector Virtual with JSA Vulnerability Scanner
48 GB12 GBJSA Event Collector/ Processor Virtual
48 GB12 GBJSA Flow Processor Virtual
48 GB24 GBJSA SIEM Virtual
Copyright © 2017, Juniper Networks, Inc.16
Juniper Secure Analytics Upgrading JSA to 7.3.0
Other Memory Requirements
If the following conditions are met, extra memory requirements might be required:
• If you plan to enable payload indexing, your system requires a minimum of 24 GB of
memory. However, 48 GB of memory is suggested.
Disk Space Requirements
Before you upgrade to JSA 7.3.0, ensure that the total size of the primary disk is at least
130 gigabytes (GB).
The upgrade pretest determines whether a partition includes enough free space to
complete an upgrade. Before you can upgrade, youmust free up sufficient disk space on
the partition that is defined in the pretest error message.
RelatedDocumentation
SupportedWeb Browsers on page 17•
• Backing Up Third-party Data on page 17
• Upgrade Sequence in Distributed Deployments on page 18
SupportedWeb Browsers
For the features in JSAproducts towork properly, youmust use a supportedwebbrowser.
The following table lists the supported versions of web browsers.
Table 4: SupportedWeb Browsers for JSA Products
Supported versionsWeb browser
45.2 Extended Support ReleaseMozilla Firefox
11.064-bit Microsoft Internet Explorer with Microsoft Edgemode enabled.
RelatedDocumentation
Backing Up Third-party Data on page 17•
• Upgrade Sequence in Distributed Deployments on page 18
• Upgrading High-availability Deployments on page 18
Backing Up Third-party Data
Before you upgrade, ensure that you back up all third-party data on the system.
All third-party data on the system is removed during the OS upgrade portion of the JSA
upgrade. Only data stored in the /store partition will be preserved. We recommend that
you back up any such data before performing the upgrade such as:
17Copyright © 2017, Juniper Networks, Inc.
Chapter 2: Preparing for the Upgrade
• Any third-party user accounts and data
• Any files, scripts, or data in /root
RelatedDocumentation
Upgrade Sequence in Distributed Deployments on page 18•
• Upgrading High-availability Deployments on page 18
• Precautions for Upgrading Appliances on page 19
Upgrade Sequence in Distributed Deployments
When you upgrade JSA systems, youmust complete the upgrade process on your JSA
Console first. Youmust be able to access the user interface on your desktop system
before you upgrade your secondary JSA Console andmanaged hosts.
Upgrade your JSA systems in the following order:
1. Console
2. The following JSA systems can be upgraded concurrently:
• Event Processors/ Collectors
• Flow Processors
RelatedDocumentation
Upgrading High-availability Deployments on page 18•
• Precautions for Upgrading Appliances on page 19
• Backing Up Third-party Data on page 17
Upgrading High-availability Deployments
Before you upgrade the JSA in a high-availability (HA) deployment, the primary host
mustbe theactive system inyourdeployment. Theprimaryhostmustbeupgradedbefore
youmanually upgrade the secondary host.
Before youupgrade the secondaryhost, copy the following file fromtheupgradedprimary
HA host to the secondary HA host to ensure that the management interfaces match
between the two hosts after the upgrade finishes:
scp /opt/qradar/conf/capabilities/map_localhost_interfaces.txt.bak
root@<secondary_ip>:/opt/qradar/ha/map_localhost_interfaces.txt
If the HA cluster is disconnected, or youwant to add a new secondary HA host, youmust
reinstall JSA on the secondary HA. Formore information about reinstalling software, see
the Juniper Secure Analytics Installation Guide for your system. After you reinstall the
secondary HA host, log in to the user interface to reconnect or to create a newHA cluster.
Copyright © 2017, Juniper Networks, Inc.18
Juniper Secure Analytics Upgrading JSA to 7.3.0
Before you upgrade a disconnected HA cluster, copy the following file from the primary
to the secondary HA host to ensure that the management interfaces match between
the two hosts after the upgrade finishes:
scp /opt/qradar/conf/capabilities/map_localhost_interfaces.txt.bak
root@<secondary_ip>:/opt/qradar/ha/map_localhost_interfaces.txt
NOTE: Disk replication and failover are disabled until the primary andsecondaryhosts synchronizeand theneedsupgradeor failed status is cleared
from the secondary host.
After you upgrade the secondary host, youmight need to restore the configuration of the
secondary host. Formore informationabout restoringa failedhost, see theAdministration
Guide for your product.
RelatedDocumentation
Precautions for Upgrading Appliances on page 19•
• Backing Up Third-party Data on page 17
• Upgrade Sequence in Distributed Deployments on page 18
Precautions for Upgrading Appliances
Follow certain precautions before upgrading JSA appliances.
Ensure that you take the following precautions:
• Back up your data, and confirm that backups are complete before you begin the
upgrade.
For more information about backup and recovery, see the Juniper Secure Analytics
Administration Guide for your product.
• Ensure that youeither havea JSAConsole connected to your hardwareor havea remote
connection to themanagementport (oftencalledanoutofbandmanagement setup).
This is important because, if you encounter a problemwhile you are reinstalling JSA,
you will need to access the server through one of these connections.
• Upgrade all managed hosts before you deploy changes.
• Close all open JSA sessions to avoid excess errors in your log file.
• Confirm that your appliancemeets the minimum requirements for JSA. For more
information about system requirements, see “Memory and Disk Space Requirements”
on page 16.
• Disconnect high availability (HA) hosts before the upgrade if the entire /store directory
is mounted on offboard storage. For more information about disconnecting an HA
cluster, see the High Availability Guide.
• Ensure that theorderofmountpoints in the /etc/fstab filematchesonboth theprimary
and secondary HA host:
19Copyright © 2017, Juniper Networks, Inc.
Chapter 2: Preparing for the Upgrade
• /store
• /store/tmp
• /store/transient
• Any subdirectory of /store if the partition is mounted on offboard storage
Restart the system after any updates to the /etc/fstab file.
• If theentire /storedirectory ismountedonoffboardstorage, run the followingcommand
to prepare the system for the upgrade:
/media/cdrom/post/prepare_offboard_storage_upgrade.sh
• If you are not prompted to remount your offboard storage solution during the upgrade,
remount the storage when the upgrade finishes.
For additional upgrade steps for iSCSI l offboard storage solutions, and for information
about remounting offboard storage, see the Configuring Offboard Storage Guide.
• For more information about managing licenses, see the Juniper Secure Analytics
Administration Guide.
RelatedDocumentation
• Backing Up Third-party Data on page 17
• Upgrade Sequence in Distributed Deployments on page 18
• Upgrading High-availability Deployments on page 18
Copyright © 2017, Juniper Networks, Inc.20
Juniper Secure Analytics Upgrading JSA to 7.3.0
CHAPTER 3
Upgrading JSA
• Administrator Notes on page 21
• Staging Files and Pretesting your Deployment on page 22
• Installing the JSA 7.3.0 ISO on the Console Appliance on page 24
• Installing the JSA 7.3.0 ISO on all other Managed Hosts on page 25
• InstallationWrap-up on page 26
• Clearing theWeb Browser Cache After Upgrades on page 27
Administrator Notes
1. This update includes a change to how login authentication works for fallback LDAP,
Radius, or Active Directory on administrator accounts. If the external authentication
server is unavailable, not all administrators will be able to fall back to their local
administrator passwords without a configuration change. This change was
implemented in JSA 7.3.0 to raise awareness for this change.
2. TLS v1.0 and TLSv1.1 is disabled in this release and connections to the user interface
for legacy browsers might be rejected.
3. WinCollect agents at version 7.2.2-2 or older use TLSv1.0 and TLS v1.1 connections to
upgrade agents, which is disabled in JSA 7.3.0. Administrators with managed
WinCollect agents must upgrade toWinCollect 7.2.5 before installing JSA 7.3.0 Patch
6. WinCollect 7.2.5 is a pre-requisite for JSA 7.3.0. Stand-aloneWinCollect agents are
not impacted by this requirement.
4. Customized routes or static routes configuredmanually in JSA are not preserved after
the upgrade to JSA 7.3.0 completes.
5. Any iptables rules configured by the administrator should be reviewed and noted for
clean up post installation. The interface names have changed in JSA 7.3.0 due to the
Red Hat Enterprise 7 operating system updates and administrators who reference
interfaces will need to update iptables rules manually.
6. Youmust be on JSA 2014.8.r2 or later to upgrade to JSA 7.3.0.
7. The upgrade from JSA 7.3.0 will use a .ISO file. In the past, support has stated that
ISOs are for new appliance installs only, but JSA 7.3.0 is going to be an exception to
this rule because of the Red Hat kernel update requirements.
21Copyright © 2017, Juniper Networks, Inc.
8. Each HA appliancemust be updated individually using the ISO file. The SFS file is
capable of allowing the primary appliance to update the secondary, but the ISO file
does not support this functionality. If you run the ISO setup on an HA primary, you
should wait for the update to complete, then run the setup on the HA secondary.
9. There is no patch "All" option as JSA 7.3.0 uses an ISO file to upgrade. The ISOmust
bemounted to the appliance and run locally on each host.
10. The 7.3.0 upgrade will take longer than expected due to the kernel changes to Red
Hat 7 Enterprise. Early upgrade customers are reporting 2 to 2.5 hours to upgrade the
Console appliance. Administrators should be aware of this longer time frame to plan
their maintenance windows.
11. Utilitiesor customscripts thatpowerusersmighthavecreated for their JSAdeployment
should be copied off of the system. During the 7.3.0 update a warning is displayed
that only data in /store is going to be preserved. After the appliance reboots, any
scripts, 3rd party accounts, or utilities in /tmp, or /, or /root will be deleted. This does
not impact ISO filesmounted initially using /root as the this clean up only occurs later
in the installation procedure.
Upgrades to JSA 7.3.0 Patch 6?Current JSA Version
NoJSA 2014.6 (any patch level) or earlier
NoJSA 2014.7 (any patch level)
NoJSA 2014.8
Yes, the latest ISO can upgrade beyond the initial 7.3.0 release versionsand there is no need to install multiple files. Use these release notes tocomplete this process.
JSA 2014.8.r2 or later
RelatedDocumentation
Staging Files and Pretesting your Deployment on page 22•
• Installing the JSA 7.3.0 ISO on the Console Appliance on page 24
• Installing the JSA 7.3.0 ISO on all other Managed Hosts on page 25
Staging Files and Pretesting your Deployment
It is important that administrators pretest their deployment to ensure that they will not
experience unexpected issues when updating to JSA 7.3.0. A pretest is a common
precaution that should be taken by all administrators before they install an update to
locate potential issues. The pretest does not restart services and can be completed
without scheduled downtime. The pretest typically takes between 3 to 5minutes to
complete on each appliance. If for some reason your SSH session is disconnected, you
can reconnect to the remote host using screen.
Copyright © 2017, Juniper Networks, Inc.22
Juniper Secure Analytics Upgrading JSA to 7.3.0
The pretest should be completed on all hosts by the administrator before you attempt
to upgrade to JSA 7.3.0.
1. Download the JSA 7.3.0 ISO (3.8 GB) from the Juniper Support website.
2. Using SSH, log in to your Console as the root user.
3. Type the following command: screen
4. Tomake the directory for the update, type: /opt/qradar/support/all_servers.sh -k“mkdir -p /media/cdrom || umount /media/cdrom"
5. To verify you have enough space (4GB) in /tmp for the ISO on all appliances, type:
/opt/qradar/support/all_servers.sh -k df -h /root /var/log | tee diskchecks.txt
• Best directory option: /root
It is available on all appliance types, is the best option to host the ISO file.
• 2nd best directory option: /var/log
This directory is available on all appliances, but there might not be the required
space available.
• DONOTUSE: /tmp, /store/tmp, or /store/transient for your ISO upgrade. These
directories are partitioned as part of the upgrade and administrators cannot use
them as storage locations or mount points for the ISO file.
If the disk check command fails, retype the quotation marks from your terminal,
then re-run the command. This command returns the details to both the command
windowand toa file on theConsole nameddiskchecks.txt. Review this file to ensure
that all appliances have at minimum 4GB of space available in a directory to copy
the ISO before attempting to move the file to amanaged host. If required, free up
disk space on any host that fails to have less that 4GB available.
Reminder:Utilitiesor customscripts thatadministratorshavecreated for JSAshould
be copied off of the system. During the 7.3.0 update awarning is displayed that only
data in /store will be preserved. Therefore, scripts, 3rd party utilities in /tmp, or /,
or /root will be deleted during the upgrade.
6. If there is not 4GB of space in /root or /var/log, the administratormustmake directory
space for the ISO file.
7. UsingWinSCP or SCP, copy the ISO to the /root or /var/log directory on the JSA
Console with 4GB of disk space for the ISO file.
8. To copy the files to all appliances, type: /opt/qradar/support/all_servers.sh -k -p/root/JSA7.3.0.iso -r /root
23Copyright © 2017, Juniper Networks, Inc.
Chapter 3: Upgrading JSA
9. Tomount the ISO on all appliances, type the following command:
/opt/qradar/support/all_servers.sh -C -k “mount -o loop /root/JSA7.3.0.iso/media/cdrom"
10. To pretest the Console appliance, type: /media/cdrom/setup -t
The pretest output will be written to the command window. Review this output after
the pretest completes.
11. Using SSH, open an SSH session to the other appliances in your deployment. JSA
Support recommends that all administrators run the pretest on each host to identify
issues before the update begins.
12. To pretest the managed host, type: /media/cdrom/setup -t
Result
If an appliance in your deployment fails the pretest, the administrators can take the
recommended action from the pretest utility. The issue must be resolved before the
update to 7.3.0 begins to prevent downtime for specific appliances. If there aremessages
you do not understand or want to discuss further, you can open an SR with Juniper
Customer Support.
RelatedDocumentation
Installing the JSA 7.3.0 ISO on the Console Appliance on page 24•
• Installing the JSA 7.3.0 ISO on all other Managed Hosts on page 25
• InstallationWrap-up on page 26
Installing the JSA 7.3.0 ISO on the Console Appliance
These instructions guide administrators through the process of upgrading an existing
JSA install at 2014.8.r2 patch or later to JSA software version 7.3.0. The update on the
Console must be completed first, before you attempt to update any managed hosts to
JSA 7.3.0.
Youmust complete: “Staging Files and Pretesting your Deployment” on page 22 before
you begin the installation steps listed below.
1. Using SSH, log in to the Console as the root user.
2. To run the ISO installer on the Console, type the following command:
/media/cdrom/setup
NOTE: Upgrading from JSA 2014.8.r2 patch or later to JSA 7.3.0 shouldtake approximately 2 hours on a Console appliance.
Copyright © 2017, Juniper Networks, Inc.24
Juniper Secure Analytics Upgrading JSA to 7.3.0
3. Wait for the Console primary update to complete.
4. For HA appliances. If you have an HA Secondary, you can now update the secondary
appliance.
5. Open an SSH session to the HA Console secondary.
6. Type the followingcommand toupdate the secondaryConsole: /media/cdrom/setup
7. Wait for the HA Console secondary to complete the update.
Result
A summary of the ISO installation advises you of any issues. If there are no issues,
administrators can now SSH tomanaged hosts and start the installer on each host to
run the setup in parallel.
RelatedDocumentation
Installing the JSA 7.3.0 ISO on all other Managed Hosts on page 25•
• InstallationWrap-up on page 26
• Clearing theWeb Browser Cache After Upgrades on page 27
Installing the JSA 7.3.0 ISO on all other Managed Hosts
After the Console and Console HA secondary are updated to JSA 7.3.0, then the rest of
the deployment can updated. There is no order required for updating specific appliance
types after the Console is updated. Administrators can update Event Processors, Event
Collectors, flow processors in any order. Youmust open an SSH session to each host to
run the setup command. The all_servers.sh utility is not supported for parallel ISO
installations. Administrators can start the ISOupdate in parallel onmultiple hosts, if they
are not HA pairs.
Administrators with appliances that are HA pairs must upgrade the primary appliance
first, then the secondary managed host.
Youmust complete: “Staging Files and Pretesting your Deployment” on page 22 before
you begin the installation steps listed below.
1. Using SSH, log in to the Console as the root user.
2. Open an SSH session to eachmanaged host and type the following command:
/media/cdrom/setup
NOTE: Upgrades formanagedhosts should take approximately 1.5 hours.
25Copyright © 2017, Juniper Networks, Inc.
Chapter 3: Upgrading JSA
3. Wait for the managed host update to complete.
4. For HA appliances. If you have an HA Secondary, you can now update the secondary
appliance.
5. Open an SSH session to the manage host HA secondary.
6. Type the following command to update the secondary: /media/cdrom/setup
7. Wait for the HA Console secondary to complete the update.
Result
A summary of the ISO installation advises you of any issues. If there are no issues,
administrators can now run the ISO setup on the Console HA secondary appliance, if you
have an HA pair. If you do not have a Console in HA, you can then start SSH sessions to
each host and run the setup in parallel.
RelatedDocumentation
Installing the JSA 7.3.0 ISO on the Console Appliance on page 24•
• InstallationWrap-up on page 26
• Clearing theWeb Browser Cache After Upgrades on page 27
InstallationWrap-up
1. After all hosts are updated, administrators can send an email to their team to inform
them that they will need to clear their browser cache before logging in to the JSA.
2. To unmount the /media/cdrom directory on all hosts, type:
/opt/qradar/support/all_servers.sh -C -k “umount /media/cdrom"
3. Administrators can delete the ISO from all appliances.
4. Administrators who useWinCollect agents version 7.2.6 or latest must reinstall the
SFS file on the JSA Console. This is due to issues were the ISO replaces the SFS on
the Console withWinCollect 7.2.5. Once the system is upgrade to 7.3.x, the same
version ofWinCollect must be reinstalled on the JSA console using the appropriate
7.3 SFS for WinCollect. To install the latest WinCollect SFS on the Console, see the
WinCollect release notes.
5. Review any static routes or customized routing. As mentioned in the administrator
notes, all routes were removed and will need to be reconfigured after the upgrade
completes.
Copyright © 2017, Juniper Networks, Inc.26
Juniper Secure Analytics Upgrading JSA to 7.3.0
6. Any iptable rules configured should be reviewedas the interface nameshave changed
in JSA 7.3.0 due to the Red Hat Enterprise 7 operating system updates. Any iptables
rules that use Red Hat 6 interface naming conventions will need to be updated.
7. Performanautomatic update to ensure that your configuration files contain the latest
network security information. For more information, see the Juniper Secure Analytics
Administration Guide.
RelatedDocumentation
Installing the JSA 7.3.0 ISO on the Console Appliance on page 24•
• Installing the JSA 7.3.0 ISO on all other Managed Hosts on page 25
• Clearing theWeb Browser Cache After Upgrades on page 27
Clearing theWeb Browser Cache After Upgrades
After you upgrade, clear the web browser cache before you log in to JSA.
1. To clear your web browser cache, ensure that you have only one instance of your web
browser open, and then clear the cache.
2. Log in to JSA by typing the IP address of the JSA system into a web browser:
https://IP Address
The default user name is admin.
RelatedDocumentation
• InstallationWrap-up on page 26
27Copyright © 2017, Juniper Networks, Inc.
Chapter 3: Upgrading JSA
Copyright © 2017, Juniper Networks, Inc.28
Juniper Secure Analytics Upgrading JSA to 7.3.0
Top Related