Upgrading Kaspersky SD-WAN

THE UPDATE FUNCTIONALITY (INCLUDING ANTI-VIRUS SIGNATURE UPDATES AND CODE BASE UPDATES), AS WELL AS THE KSN FUNCTIONALITY MAY NOT BE AVAILABLE IN THE SOFTWARE IN THE TERRITORY OF THE USA.

Before updating Kaspersky SD-WAN, make sure that none of the CPE devices have the Error status. You can view the status of CPE devices in the CPE device table. We also recommend making backup copies of the solution components:

• If your solution components are deployed on virtual machines, take snapshots of the virtual machines. After updating Kaspersky SD-WAN, you can delete the snapshots of the virtual machines. For details on how to take snapshots of virtual machines, please refer to the official documentation of your virtualization environments.
• If your solution components are deployed on physical servers, you need to make backups of hard drives of the physical servers.

The Kaspersky SD-WAN upgrade scenario involves the following steps:

1. Preparing the administrator device

   Prepare the administrator device for solution upgrade. You can use a local or remote virtual machine, or a personal computer as the administrator device. When deploying a Kaspersky SD-WAN testbed in accordance with the all-in-one deployment scenario, you must use a virtual machine as the administrator device.

2. Preparing the configuration file

   Set up the configuration file in accordance with the changes that have been made to the new version of Kaspersky SD-WAN. You can view the changes in the in the CHANGELOG.md file in the root directory of the installation archive.

   When upgrading Kaspersky SD-WAN, make sure that you keep the files with passwords and SSL certificates.

3. Upgrading Kaspersky SD-WAN

   Upgrade Kaspersky SD-WAN in one of the following ways:

   • If you want to upgrade the solution in attended mode:

     ansible-playbook -i inventory/generic -e "@<path to configuration file>" -e "@inventory/external/images.yml" -K --ask-vault-pass knaas/knaas-install.yml

     When running the command, enter the password of the root account on the administrator device and the generated master password.

   • If you want to upgrade the solution in partially attended mode:

     ansible-playbook -i inventory/generic -e "@<path to configuration file>" -e "@inventory/external/images.yml" -K --vault-password-file ./passwords/vault_password.txt knaas/knaas-install.yml

     Enter the root password o the administrator device when running the command.

   • If you want to upgrade the solution in unattended mode:

     ansible-playbook -i inventory/generic -e "@<path to configuration file>" -e "@inventory/external/images.yml" -e "ansible_become_password=yourSudoPassword" --vault-password-file ./passwords/vault_password.txt knaas/knaas-install.yml

The Kaspersky SD-WAN components are upgraded on the virtual machines or physical servers that you specified in the configuration file. A successful upgrade message is displayed in the console of the administrator device.

If a network connectivity issue occurs with one of the virtual machines or physical servers during the upgrade of solution components, an error message is displayed in the administrator device console, and the solution is not upgraded. In that case, you need to restore network connectivity and then run the upgrade command again.

After upgrading the solution, you must clear your Bash command history.

See also About the attended, unattended, and partially attended action modes

Page top