General Upgrade Information
Upgrade is supported for the following InTrust versions:
This guide describes upgrading extended InTrust deployments, not default InTrust deployments.
To upgrade a default deployment, simply close all running InTrust client components and run the Default InTrust Suite on a computer where a previous version is installed in the default configuration.
- The default InTrust components require that ports 900 and 8340 be open for inbound traffic. The InTrust installer knows how to configure these ports automatically in Windows Firewall. In addition, IT Security Search and the InTrust repository API work with port 8341, which is not configured automatically. If you use the API or IT Security Search, make sure this port is open.
- In the course of an upgrade from a version prior to 11.3.2, you may get the following error messages during repository indexing and searching:
Unknown field <field_name> referenced in log knowledge base as source of value.
This is caused by differences in log knowledge base definitions between the old and new InTrust versions. The problem should go away as soon as all InTrust components have been upgraded—not just InTrust Server, but also Repository Viewer and others.
Upgrading Your InTrust Organization
Before You Start
To upgrade your installation of InTrust, you have to upgrade all InTrust servers in your organization using the InTrust suite setup. Below are several recommendations on the steps you should take before starting the upgrade procedure.
- Close all applications working with InTrust servers (InTrust Deployment Manager, InTrust Manager, Repository Viewer, Knowledge Portal, and Monitoring Console).
- Wait for completion of all gathering tasks and jobs on the InTrust servers.
- Consider the accounts under which you are going to run setup. All the accounts you are going to use must be listed as InTrust organization administrators. For one of the InTrust servers you are going to upgrade, do the following:
- Open InTrust Manager and connect to the InTrust server.
- Open the properties of the root node.
- Add the necessary accounts to the list that appears.
- Optionally, you can stop the Quest InTrust Real-Time Monitoring Server service and Quest InTrust Server services on the InTrust servers pending upgrade. This can help speed up the upgrade process and ensures that InTrust setup does not interfere with service control. However, the updated versions of these services must be started manually after the upgrade.
- If the computer where you are going to upgrade InTrust Server or InTrust Manager is a SQL server, then make sure in advance that the installed version of SQL Server Native Client is no earlier than the version required by InTrust 11.4.1; version 11.0.6538.0 of the client is redistributed with InTrust.
Things to Remember
Note the following specifics, which you should be aware of throughout the upgrade process:
- If you are upgrading from version 11.2, you may get repository indexing failures while InTrust 11.2 servers still remain active. Indexing should work correctly again once all servers have been upgraded. This is caused by differences in log definitions used by the old and new InTrust versions.
- If you are upgrading from version 11.3.2 or earlier, don't enable InTrust self-audit until all InTrust servers have been upgraded. Otherwise, self-audit events logged during the transition period may be useless.
What Happens When Configuration Objects Receive Updates
For predefined configuration objects (such as tasks, real-time monitoring rules and data sources), it is InTrust policy not to overwrite their existing versions with the updated versions during upgrade. This approach ensures that your configuration, which is most likely customized, keeps working without changes during and after the upgrade, but it also means that in the usual course of an upgrade, these changed objects do not end up in your InTrust infrastructure.
InTrust releases newer than your current version may include fixed or enhanced versions of out-of-the-box configuration objects. If an InTrust version introduces any significant changes to such objects, the details are described in the Release Notes for that version, in the Enhancements and Resolved Issues topics. Check these topics to find out what exactly has changed in the configuration objects.
If you want the newer versions of such objects and you find that the upgrade has not deployed them, contact Quest Support for recommendations on the procedure that will best suit you.
Step 1: Database Preparation
If you plan to work with InTrust accessing the databases under a dbo account, you can proceed to Step 2.
Otherwise (that is, if your InTrust databases were accessed using a non-dbo account or you plan to use such an account when working with InTrust), take the following steps:
- Have your database administrator run the following scripts on your InTrust databases:
- On the configuration database:
- On the audit database(s):
- On the alert database(s)
Caution: These scripts are shipped with the distribution of your new InTrust version in the Scripts\Database Scripts folder. The scripts must be run using an account with the dbo role.
- Have your database administrator assign the database roles to those accounts planned for database access in accordance with the Minimal Rights and Permissions Required for InTrust Operations topic.