Contents
Upgrading Kaspersky Anti Targeted Attack Platform
You can upgrade Kaspersky Anti Targeted Attack Platform from version 6.0.2 to version 6.1.
You cannot migrate from the non-high-availability version of the application to the high availability version by upgrading it — if you are using the non-high-availability version of the application, you can only install the non-high-availability version during the upgrade, and vice versa.
Upgrading the application involves the following steps:
- Upgrading the Sandbox component.
The application does not have a standard upgrade procedure. You must install the component version 6.1.
After installing the component you need to set the maximum number of simultaneously running virtual machines. The default value is 48.
When installing the component on a VMware ESXi virtual machine, you must set up a configuration described in Calculations for the Sandbox component section.
- Upgrading the Central Node component.
You can upgrade the component to version 6.1 only from version 6.0.2. If you are using an earlier version, you must upgrade the component to version 6.1 over several steps.
If you are not using the distributed solution and multitenancy mode and are using a standalone Central Node server, you can upgrade the application on the Central Node server.
If you are using the distributed solution and multitenancy mode:
- You can update the application on the PCN server. After the application upgrade is complete, the PCN server belongs to the same tenant it belonged to before the upgrade.
- If you want to update the application on an SCN server, change the role of the server from SCN to standalone Central Node server before performing the update.
The application is updated on the standalone Central Node server.
After upgrading the application, you can assign the SCN role to servers and select the tenant to which the SCN server belongs.
- After the application update is complete, by default, all users with the Administrator role are granted access to the web interface of the PCN server and all SCN servers.
If before the application update, each user's access to SCN web interfaces was configured individually, you can configure it again.
After the program update is complete, by default, all users with the Senior security officer and Security officer roles are granted access to the web interface of the PCN server and all SCN servers.
If before the application update, each user's access to SCN web interfaces was configured individually, you can configure it again. To do so, in the web interface of the PCN server:
- Add the relevant tenants.
- Configure the access of user accounts with the Senior security officer and Security officer roles to those tenants and servers.
- Delete all SCNs that are temporarily disconnected from the PCN during the update.
- Re-connect all relevant SCNs to the PCN.
The application prompts you to select a tenant for each SCN server.
User access to SCN web interfaces is configured.
Perform the application update procedure on the server where you want to update the data.
If the Central Node component is deployed as a cluster, you can update the component on any server in the cluster.
Kaspersky Anti Targeted Attack Platform may contain user data and other confidential information. The Kaspersky Anti Targeted Attack Platform administrator must take steps to ensure the security of this data when upgrading the application, or in other cases when it may be necessary to permanently delete data. The Kaspersky Anti Targeted Attack Platform administrator bears responsibility for access to data stored on application servers.
- Upgrading the Sensor component installed on a standalone server.
You can upgrade the component to version 6.1 only from version 6.0.2.
- Upgrading the Endpoint Agent component:
- Kaspersky Endpoint Agent for Windows.
If you use the solution together with Kaspersky Security for Windows Server, you can migrate from Kaspersky Security for Windows Server to Kaspersky Endpoint Security for Windows version 12.1 or later that contains the built-in agent. For more information about migration, see the Kaspersky Endpoint Security for Windows Help.
- Kaspersky Endpoint Security for Windows.
- Kaspersky Endpoint Agent for Windows.
Special considerations for updating Kaspersky Anti Targeted Attack Platform from version 6.0.2 to version 6.1
- After upgrading Kaspersky Anti Targeted Attack Platform to version 6.1, you must add license keys again.
- A short interruption in the operation of the application is considered acceptable, including for the high availability version of the application.
- If the Kaspersky Secure Mail Gateway solution is used in the role of the Sensor component, the settings for integration with it are saved.
- Sandbox component data is not saved. We recommend deleting custom operating system images before updating Sandbox and uploading them after the update.
- Central Node 6.1 is not compatible with Sensor and Sandbox components of earlier versions.
Upgrading Central Node installed on a server
You can upgrade Central Node to version 6.1 only from version 6.0.2. If you are using an older version, you must upgrade Central Node to 6.1 in the following order: 3.7 → 3.7.1, 3.7.1 → 3.7.2, 3.7.2 → 4.0, 4.0 → 4.1, 4.1 → 5.0, 5.0 → 5.1, 5.1 → 6.0, 6.0 → 6.0.2.
If you are using the
and mode, you must prepare the PCN and SCN servers as well as standalone servers with the Sensor component for the upgrade. For more details on the preparation procedure, see the Updating Kaspersky Anti Targeted Attack Platform section.The upgrade is delivered as an upgrade package. The package is included in the application distribution kit.
To upgrade Central Node installed on a server:
- Place the application upgrade package on the Central Node server in the
/data
directory. - Sign in to the management console of the Central Node server where you want to perform the upgrade via SSH or through the terminal.
- Make sure that the /dev/sda2 file system has more than 100 GB of free space.
- Unpack the update archive:
- If you are upgrading the application to version 6.1 on an Ubuntu operating system, run the following command:
tar xvf /data/kata-cn-ubuntu-upgrade-6.1.0-324-x86_64_en-ru-zh.tar.gz -C /data/
. - If you are upgrading the application to version 6.1 on an Astra Linux operating system, run the following command:
tar xvf /data/kata-cn-astra-upgrade-6.1.0-324-x86_64_en-ru.tar.gz -C /data/
.
- If you are upgrading the application to version 6.1 on an Ubuntu operating system, run the following command:
- Install the upgrade package by running the following commands:
cd /data/upgrade/
chmod u+x ./install_kata_upgrade.sh
./install_kata_upgrade.sh
The user name entry window is displayed.
- In the displayed window, in the Username field, enter the name of the user with administrator rights, select the OK button and press Enter.
Default value: admin.
- In the displayed window, in the Password field, enter the password of the user with administrator rights, select the OK button and press Enter.
The window for entering the path to the update archive is displayed.
- This opens a window; in that window, in the Data directory field, enter the path to the update archive, select the OK button and press Enter.
Default value: /data/upgrade
After some time, the console will display a message prompting you to power off the server.
- After the message prompting you to power off the server is displayed, run the following command:
poweroff
- Mount the iso image with Kaspersky Anti Targeted Attack Platform version 6.1 (kata-cn-6.1.0-324-inst.x86_64_en-ru-zh.iso). If you are using Kaspersky Anti Targeted Attack Platform based on the Astra Linux operating system, follow these instructions to create an iso image.
- Boot from the device that has the mounted iso image.
- In the GRUB menu, select Upgrade KATA 6.0
- Follow the remaining steps of the wizard to complete the upgrade on the server.
Central Node is upgraded.
After upgrading, you must log in again to the Central Node server management console over SSH or through the terminal.
Page topUpgrading Central Node installed as a cluster
You can upgrade Central Node to version 6.1 only from version 6.0.2. If you are using an older version, you must upgrade Central Node to 6.1 in the following order: 3.7 → 3.7.1, 3.7.1 → 3.7.2, 3.7.2 → 4.0, 4.0 → 4.1, 4.1 → 5.0, 5.0 → 5.1, 5.1 → 6.0, 6.0 → 6.0.2.
If you are using the distributed solution and multitenancy mode, you must prepare the PCN and SCN servers as well as standalone servers with the Sensor component for the upgrade. For more details on the preparation procedure, see the Updating Kaspersky Anti Targeted Attack Platform section.
The upgrade is delivered as an upgrade package. The package is included in the application distribution kit.
To upgrade Central Node installed as a cluster:
- Place the application upgrade package on the Central Node cluster server with the manager role in the Docker swarm, in the
/data
directory. To view the role, use the$ docker node ls
command. - Enter the management console of the relevant server over SSH or through a terminal.
- Make sure that the /dev/sda2 file system on each server of the cluster has more than 100 GB of free space.
- Unpack the update archive:
- If you are upgrading the application to version 6.1 on an Ubuntu operating system, run the following command:
tar xvf /data/kata-cn-ubuntu-upgrade-6.1.0-324-x86_64_en-ru-zh.tar.gz -C /data/
. - If you are upgrading the application to version 6.1 on an Astra Linux operating system, run the following command:
tar xvf /data/kata-cn-astra-upgrade-6.1.0-324-x86_64_en-ru.tar.gz -C /data/
.
- If you are upgrading the application to version 6.1 on an Ubuntu operating system, run the following command:
- Install the upgrade package by running the following commands:
cd /data/upgrade/
chmod u+x ./install_kata_upgrade.sh
./install_kata_upgrade.sh
This opens the user name entry window.
- In the Username field, enter the name of the user with administrator rights, select the OK button and press Enter.
Default value: admin.
- In the Password field, enter the password of the user with administrator rights, select the OK button, and press Enter.
This opens the window for entering the path to the update archive.
- In the Data directory field, enter the path to the update archive, select the OK button, and press Enter.
Default value: /data/upgrade.
After some time, the console displays a message telling you to power off one of the servers in the cluster.
- Connect to the server that you want to power off over SSH or through a terminal.
- Run the
poweroff
command. - Mount the iso image with Kaspersky Anti Targeted Attack Platform version 6.1 (kata-cn-6.1.0-324-inst.x86_64_en-ru-zh.iso). If you are using Kaspersky Anti Targeted Attack Platform based on the Astra Linux operating system, follow these instructions to create an iso image.
- Boot from the device that has the mounted iso image.
- In the GRUB menu, select Upgrade KATA 6.0.
- Follow the remaining steps of the wizard to complete the upgrade on the server.
- After the upgrade is complete, go to the console of the server you connected to at step 2 and press Enter.
A script is started that completes the upgrade process. After the update is complete, the console displays a message telling you to shut down the next server in the cluster.
- Repeat steps 9 to 15 for each server in the cluster.
The last server to be updated is the server to which you connected at step 2. For that server, step 15 is omitted.
The Central Node component is upgraded.
After updating the component, you must log in again to the Central Node server management console over SSH or through the terminal.
Page topUpgrading Sensor installed on a standalone server
You can upgrade Sensor to version 6.1 only from version 6.0.2.
The upgrade is delivered as an upgrade package. The package is included in the application distribution kit.
To upgrade the Sensor deployed on a standalone server:
- Place the application upgrade package on the Sensor server in the
/data
directory. - Sign in to the management console of the Sensor server where you want to perform the upgrade via SSH or through the terminal.
- Make sure that the /dev/sda2 file system has more than 100 GB of free space.
- Unpack the update archive:
- If you are upgrading the application to version 6.1 on an Ubuntu operating system, run the following command:
tar xvf /data/kata-cn-ubuntu-upgrade-6.1.0-324-x86_64_en-ru-zh.tar.gz -C /data/
. - If you are upgrading the application to version 6.1 on an Astra Linux operating system, run the following command:
tar xvf /data/kata-cn-astra-upgrade-6.1.0-324-x86_64_en-ru.tar.gz -C /data/
.
- If you are upgrading the application to version 6.1 on an Ubuntu operating system, run the following command:
- Install the upgrade package by running the following commands:
cd /data/upgrade/
chmod u+x ./install_kata_upgrade.sh
./install_kata_upgrade.sh
The user name entry window is displayed.
- In the displayed window, in the Username field, enter the name of the user with administrator rights, select the OK button and press Enter.
Default value: admin.
- In the displayed window, in the Password field, enter the password of the user with administrator rights, select the OK button and press Enter.
The window for entering the path to the update archive is displayed.
- This opens a window; in that window, in the Data directory field, enter the path to the update archive, select the OK button and press Enter.
Default value: /data/upgrade
After some time, the console will display a message prompting you to power off the server.
- After the message prompting you to power off the server is displayed, run the following command:
poweroff
- Mount the iso image of Kaspersky Anti Targeted Attack Platform version 6.1. If you are using Kaspersky Anti Targeted Attack Platform based on the Astra Linux operating system, follow these instructions to create an iso image.
- Boot from the device that has the mounted iso image.
- In the GRUB menu, select Upgrade KATA 6.0
- Follow the remaining steps of the wizard to complete the upgrade on the server.
Sensor is upgraded.
After upgrading, you must log in again to the Sensor server management console over SSH or through the terminal.
Page topContents and amount of information kept when upgrading the Kaspersky Anti Targeted Attack Platform
Information about the contents and amount of data kept when upgrading Kaspersky Anti Targeted Attack Platform from version 6.0 to version 6.1 is listed in the following table.
Contents and volume of data saved when upgrading the application from version 6.0 to version 6.1
Data type |
Data saved during upgrade |
---|---|
Central Node or PCN settings. |
All data except:
|
Application database on Central Node or PCN (alert database, application operation monitoring data, custom rule database, tasks, policies, rules added to exclusions). |
All data except:
|
Events database. |
All data. |
Storage and quarantine |
All data. |
Sandbox artifacts. |
All data. |
Sensor settings. |
All data. |
Sensor data. |
Recorded raw network traffic dumps. |