You can install version 16.1 of Administration Server on a device that has an earlier version of Administration Server installed (starting from version 13). When upgrading to version 16.1, all data and settings from the previous version of Administration Server are preserved.
To ensure that users can sign in to Web Console with their existing accounts by using configured two-factor authentication secret keys, and that OpenAPI automation scripts continue to work after the upgrade, you must perform the following steps:
sudo mysql -u root -p -e "CREATE DATABASE <iam_db_name>;"
When upgrading Administration Server from version 15.4 or earlier to version 16 or later, prepare the answer file with new parameters for IAM. For the list of the required parameters, refer to the article: Installing Kaspersky Security Center Linux in silent mode. Add the KLAUTOANSWERS environment variable and set its value to the path to the answer file.
Make available the port used by the kliam process for the OpenID Connect protocol authentication. By default, 4444. Refer to the trusted parameter description in the following article: Kaspersky Security Center Web Console installation parameters.
Stages
Upgrading of Administration Server
You can upgrade a version of Administration Server by using one of the following methods:
By creating the Administration Server data backup, installing a new Administration Server version, and restoring the Administration Server data from the backup
During the upgrade, concurrent use of the DBMS by Administration Server and another application is strictly forbidden.
If your network includes several Administration Servers, you have to upgrade every Server manually. Kaspersky Security Center Linux does not support centralized upgrade.
Running the postinstall.pl script (optional step)
If the answer file does not include IAM parameters or the answer file is not found, a message is shown in the terminal during upgrade that asks you to run the postinstall.pl script.
At this stage of the scenario, do the following:
In the Administration Server operating system, create an unpriviliged user account 'ksciam' that must be a member of the 'kladmins' group:
adduser ksciam
gpasswd -a ksciam kladmins
usermod -g kladmins ksciam
Under an account with root privileges, run the /opt/kaspersky/ksc64/lib/bin/setup/postinstall.pl script to configure the Administration Server after upgrade. When prompted, enter the following settings:
Enter the account name to start the IAM service. The account must be a member of the entered security group. By default, the ksciam account is used.
Select the DBMS that you installed to work with the IAM service:
If you installed MySQL or MariaDB, enter 1.
If you installed PostgreSQL or Postgres Pro, enter 2.
Enter the IAM DBMS address to be used by the IAM service.
Enter the IAM DBMS port number. This port is used to communicate with the IAM service. By default, the following ports are used:
Port 3306 for MySQL or MariaDB
Port 5432 for PostgreSQL or Postgres Pro
Enter the IAM database name to be used by the IAM service. The name of the database used by IAM service should be different from database used by the Administration Server.
Note that if you upgrade the Administration Server to the version 16.1, you will not be able to create new installation packages of Network Agent version 15 or earlier. However, previously created installation packages will be available.
When you upgrade Kaspersky Security Center Linux from a previous version, all the installed plug-ins of supported Kaspersky applications are kept. Administration Server plug-in and Network Agent plug-in are upgraded automatically.