Views:

Customer Action Required:

If you originally deployed Deep Security Manager from AWS Marketplace using Deep Security 12.x or earlier, you will need to perform a one-time manual upgrade of the Deep Security Manager to upgrade the underlying OS from Amazon Linux to Amazon Linux 2. For details on the upgrade process, see Upgrade Deep Security Manager AMI.

 
To correspond with the AWS end-of-life date, one-click upgrades will no longer be available on Deep Security Manager deployments that are using Amazon Linux after December 31, 2020. However, one-click upgrades will continue for Deep Security Manager deployments that are using Amazon Linux 2.
 

Before you begin:

  • You have a recent backup of the database (see Backing Up and Restoring Amazon RDS DB Instances). In the event of a catastrophic failure during the upgrade, there may be no way to recover without a backup.
  • Deep Security Manager instances are behind an Elastic Load Balancer (ELB) or are using elastic IPs.
  • Check your manager version and operating system
  • Check whether the manager is running Amazon Linux or Amazon Linux 2

For detailed instructions, please see Upgrade Deep Security Manager AMI.

Choose an upgrade method:

If you previously installed Deep Security Manager 11.x or 12.x from AWS Marketplace, you will need to complete a one-time manual upgrade from Amazon Linux to Amazon Linux 2. Amazon Linux does not support in-place upgrades to Amazon Linux 2, so one-click upgrade is not available to complete the operating system upgrade from Amazon Linux to Amazon Linux 2.

 
To allow you time to complete the manual upgrade, Trend Micro will publish one-click upgrades for both Amazon Linux and Amazon Linux 2 until December 31, 2020. After that date (which is the AWS end-of-life date), one-click upgrades will no longer be available on Deep Security Manager deployments that are using Amazon Linux. However, one-click upgrades will continue for Deep Security Manager deployments that are using Amazon Linux 2.
 
If you are currently running this Deep Security Manager environment,And want to upgrade toUse this upgrade method.
Any version earlier than Deep Security 11Any versionOne-click upgrades became available in Deep Security 11. Earlier versions require that you Perform a manual upgrade.
Deep Security 11 or 12Deep Security 20 with Amazon LinuxIf you see A new version of Deep Security is available in a banner at the top of the Deep Security Manager console, you can Perform a one-click upgrade.
Note: One-click upgrades for Amazon Linux will end on December 31, 2020, which is the AWS end-of-life date for Amazon Linux.
Deep Security 11 or 12Deep Security 20 with Amazon Linux 2Amazon Linux does not support in-place upgrade to Amazon Linux 2, so one-click upgrade is not available. Perform a manual upgrade.
Deep Security 20 with Amazon LinuxLater versions of Deep Security 20 with Amazon LinuxIf you see A new version of Deep Security is available in a banner at the top of the Deep Security Manager console, you can Perform a one-click upgrade.
Note: One-click upgrades for Amazon Linux will end on December 31, 2020, which is the AWS end-of-life date for Amazon Linux.
Deep Security 20 with Amazon LinuxDeep Security 20 with Amazon Linux 2Amazon Linux does not support in-place upgrade to Amazon Linux 2, so one-click upgrade is not available. Perform a manual upgrade.
Deep Security 20 with Amazon Linux 2Later versions of Deep Security 20 with Amazon Linux 2If you see A new version of Deep Security is available in a banner at the top of the Deep Security Manager console, you can Perform a one-click upgrade.

Upgrade Procedures:

References to one-click upgrade and manual upgrade can be found here:

Additional Reference:

Post Upgrade tasks (Optional):

  • After the upgrade, the manager's server certificate is kept, unless you performed a fresh install. If your certificate was created using a weak cryptographic algorithm, such as SHA-1, consider replacing the certificate. Using stronger cryptography ensures compliance with the latest standards, and provides better protection against the latest exploits and attacks.
    See Replace the Deep Security Manager TLS certificate.
Comments (0)