Updating using data migration script

You can upgrade a previous version of Kaspersky Industrial CyberSecurity for Networks by using the kics4net-backup.sh data migration script from the distribution kit of the current (new) version of the application. The capability to upgrade to the current version using the kics4net-backup.sh script is supported for application version 4.0 or later.

The kics4net-backup.sh script allows you to migrate the following data from the previous application version:

• Security policy
• Data on the state and/or operating modes of technologies and methods
• Settings for updating application modules and databases
• Information about an added license key
• Audit entries
• Application messages
• Vulnerability risks
• Registered events
• Saved traffic for events
• Network map data
• Data on executable files

You can also use the kics4net-backup.sh script to back up the data of the current application version. In addition to the data listed above, the script lets you save the following data in a backup copy:

• Network Anomaly Detection rules and dictionaries
• Registered network sessions with saved protocol attributes
• Data on the node computer hosting the installed application component:
  • Configuration of application services
  • Computer name
  • Application version number

The kics4net-backup.sh script can be used to create a backup copy of the data and download the data from the backup copy locally on the computer where the script is running. Therefore, both to create a backup copy of data and to download the data from the backup copy, sequentially run the script on each computer with the application component installed. You can work with computers hosting the Server and sensors to perform the steps for creating a backup copy of data and downloading the data from the backup copy in any order. For example, you can first run the script on the Server computer and then on the sensor computers, or vice versa.

The scenario for upgrading from a previous version of the application using the kics4net-backup.sh script consists of the following steps:

1. Creating a backup copy of data from the previous application version on the Server and sensors' computers

   To create a backup copy of data from the previous application version, perform the following actions on each computer with the application components installed:

   1. On the computer that has the previous version of the application components installed, copy the archive named kics4net-release_<application version number>.tar.gz from the distribution kit of the current (new) application version into a directory of your choice.
   2. Go to the folder containing the copied archive and enter the following command to unpack it:

      tar -zxvf kics4net-release_<application version>.tar.gz

      The unpacked folders and files will appear in the subfolder kics4net-release_<application version>.

   3. Go to the folder with the unpacked files of scripts and packages for installing, verifying and removing application components. The files are located in the kics4net-release_<application version>/linux-centos subfolder.
   4. Run the kics4net-backup.sh script:
      • To create a backup copy of data on the Server computer, enter the following command:

        sudo bash kics4net-backup.sh -b -p <path to backup file> <optional settings>

      • To create a backup copy of data on the sensor computer, enter the following command:

        sudo bash kics4net-backup.sh -s -p <path to backup file> <optional settings>

      where:

      • -b is a setting that enables logging Server data to the backup file (mandatory setting when the Server is running on the computer).
      • -p is a setting indicating the full path and name of the created backup file (required setting).
      • -s is a setting that enables logging sensor data to the backup file (mandatory setting when the sensor is running on the computer).
      •  <optional settings> refers to one or more optional settings listed below.

      You can use the following optional settings in the command for running the script to create a backup file:

      • -t is a setting for disabling retention of traffic (if this setting is not specified, traffic is saved).
      • -e is a setting for disabling retention of registered events (if the setting is not specified, events are saved). You can specify this setting only when creating a backup copy of data on the Server computer.
      • -n is a setting for disabling retention of network map data (if the setting is not specified, network map data is saved). You can specify this setting only when creating a backup copy of data on the Server computer.
      • -x is a setting for disabling retention of data related to executable files (if the setting is not specified, data on executable files is saved). You can specify this setting only when creating a backup copy of data on the Server computer.
      • -a is a setting for disabling retention of protocol attributes in registered network sessions (if the setting is not specified, protocol attributes are saved). You can specify this setting only when creating a backup copy of data on the Server computer.
      • -d is a setting that stops the application services (if this setting is not specified, the application services are started after the script finishes).

      An optional setting for the script run command is the -f setting, which is designed to create a backup copy of the data of the current version of the application and save all available data of the node. If this setting is specified, the saved data can be fully loaded only on the same node and in the same version of the application (including the same build number). When the -f parameter is used, the application saves traffic (unless traffic retention is disabled by using the -t parameter), events, network map data, data on executable files, protocol attributes in network sessions, and the following data to the backup file: node deployment parameters (including parameters of monitoring points and settings for storing data on nodes), a list of application users, settings of connectors, settings of connector types, settings of connection servers, settings for interaction with Kaspersky Security Center, data on installed application module and database updates, log levels for logging the activity of processes on nodes, and settings of widgets used for online system monitoring.

   Example: sudo bash kics4net-backup.sh -b -p ./old_kics4net_data -t

   The script will begin the data backup process. Wait for the kics4net-backup.sh script to finish and save the backup file that is created.

2. Removing the previous version of the application

   This step is necessary if you want to install components of the current version of the application to the same nodes where components of the previous version are installed.

   If a Server or sensor of the current version is installed on a separate computer (not on the node hosting a previous version of the component), copy the created backup file to this computer.

   Components of a previous version of the application can be removed in the following ways:

   • Centrally on all nodes where the previous version of the application was installed.

     This option uses the application components centralized installation script via the centralized removal procedure.

   • Locally at each node where a component from the previous version of the application is installed.

     This option uses the application components local removal script (if a component from the previous version of the application provides the capability for local installation and local removal).

   After removing components of the previous version of the application, make sure that the computers satisfy the hardware and software requirements for installing the current version. If necessary, install a supported operating system version and prepare the hardware and software on the computers.

3. Installing the current version of Kaspersky Industrial CyberSecurity for Networks and getting the application partially ready for use

   At this step, you need to install components of the current version of Kaspersky Industrial CyberSecurity for Networks. To do so, you can perform the centralized installation procedure or install components by using the application components local installation script.

   After installing components, you need to partially prepare the application for operation by completing steps 1–4 from the description of the preparation process.

   When adding monitoring points to the same network interfaces that were used in the previous version of the application, it is recommended to name the monitoring points the same as they were named in the previous version of the application. This will let you retain the link between events and the new monitoring points when you load data from the backup (otherwise, the names of old monitoring points will be marked as deleted in events if the same names are not found in the new version).

4. Loading data from the backup after installing the new version of the application

   To download data from the created backup files, perform the following steps on each computer where the application component is installed:

   1. On the computer with the current version of the application component installed, go to the directory where the kics4net-backup.sh script is located. You can go to the same folder that you opened at step 1, or you can go to the folder /opt/kaspersky/kics4net/sbin/.
   2. Run the kics4net-backup.sh script:
      • To download data from a backup copy on the Server computer, enter the following command:

        sudo bash kics4net-backup.sh -r -p <path to backup file> <optional setting>

      • To download data from a backup copy on the sensor computer, enter the following command:

        sudo bash kics4net-backup.sh -l -p <path to backup file> <optional setting>

      where:

      • -r is a setting that enables reading and downloading of data from the Server backup file (mandatory setting when running on the Server computer).
      • -p is a setting indicating the full path and name of the backup file (required setting).
      • -l is a setting that enables reading and downloading of data from the sensor backup file (mandatory setting when running on the sensor computer).
      • <optional setting> – -d is a setting that stops the application services (if this setting is not specified, the application services are started after the script finishes).

      An optional setting for the script run command is the -f parameter, which is intended to restore all available node data from the backup copy of the data of the current version of the application (if the backup copy was obtained at stage 1 of this scenario using the -f setting). However, all data can be fully restored only when loaded from a backup copy on the same node where this data was saved and in the same version of the application (including the same build number).

   The additional run command settings --restore-database and --restore-clickhouse-database are provided for specific scenarios for using the kics4net-backup.sh script. These settings are intended for restoring only the corresponding Server databases from a backup file. These settings are not used in the scenario for upgrading from a previous version of the application. The -r setting (see above) is intended for reading and loading data from the Server backup file, including data for restoring the databases.

   Example: sudo bash kics4net-backup.sh -r -p ./old_kics4net_data

   The script will begin to load data from the backup file into the application. Wait for the kics4net-backup.sh script to finish.

After loading data from backups on all nodes, connect to the Server via the web interface and check the node deployment settings under Settings → Deployment. Add sensors if necessary.

Page top