Views:
'Upgrade on activation' is a feature that can be used to automatically upgrade Deep Security Agents to a newer version of software based on a check of the agent version during the activation process. This feature is especially useful if you want to distribute the agent using the baking process (see Install the agent on an AMI or WorkSpace bundle). When agents are baked it can be difficult for you to update your ‘golden’ images each time a new version of the Deep Security Agent is released. In this case, 'upgrade on activation' can be used so that each time the older agent from the baked image activates, Deep Security Manager instructs the agent to upgrade to the version you specify as part of the activation process keeping the running agents used in your environment up-to-date.
Note
Note
This feature complies with your agent version control settings.
Note
Note
This feature is currently available only on Linux and Windows computers. Support for Unix is planned for a future release.
This feature works with these operating systems:
  • Red Hat Enterprise Linux
  • Ubuntu
  • CentOS
  • Debian
  • Amazon Linux
  • Oracle Linux
  • SUSE Linux Enterprise Server
  • Cloud Linux
  • Windows

Enable automatic agent upgrade

  1. Make sure the latest agent software and kernel support packages are available in Deep Security Manager. You can configure Deep Security Manager to automatically download software updates, or import them manually. For details, see Get Deep Security Agent software.
  2. Go to Administration > System Settings > Agents.
  3. Under Agent Upgrade, select any of the following: Automatically upgrade Linux agents on activation, Automatically upgrade Windows agents on activation, Automatically upgrade Unix agents on activation.
  4. Click Save.

Check that agents were upgraded successfully

The Version column on the Computers page displays the installed Deep Security Agent version for each computer.
In addition, when an automatic agent upgrade is triggered, System events are generated that you can use to track the status of the upgrade. You can check for these system events:
ID
Event
Description
264
Agent Software Upgrade Requested
An agent software upgrade has been triggered, either manually or by an automatic agent upgrade.
277
Upgrade on Activation Skipped
The agent was eligible for an automatic upgrade, but the upgrade did not occur.
The event details list the existing agent version and the attempted upgrade version, along with the reason the upgrade failed. The reasons can be:
  • Upgrade on activation was skipped for this computer because there is a pending reboot request. Please restart the computer to resolve this issue. The upgrade request will be serviced during the next activation after the reboot.
  • Upgrade on activation is not currently supported for use on Windows servers when the target version to upgrade to is earlier than Deep Security Agent 12. There are improvements in the 12 agent that are required for this feature. Please update the agent version control configuration to use a 12 or later agent for this platform to allow the upgrade to succeed.
  • The agent was not upgraded automatically because a required Linux kernel support file was not found. Deep Security Manager usually downloads required Linux kernel support packages automatically, but you can also download and import packages to Deep Security Manager manually and then upgrade the agent. See Get Deep Security Agent software.
  • The agent was not upgraded automatically because the upgrade on activation feature does not support the currently installed OS. You may be able to upgrade the agent manually. See Manually install the Deep Security Agent.
706
Software Update: Agent Software Upgraded
The upgrade was successful.
707
Software Update: Agent Software Upgrade Failed
The upgrade was not successful. Refer to the event details for more information about why it was not successful.