Prerequisites for Upgrading ObserveIT
This topic describes the prerequisites and considerations that must be taken into account prior to performing an upgrade of an existing ITM On-Prem (ObserveIT) installation.
After upgrading an earlier ITM On-Prem (ObserveIT) installation to this version, database performance is significantly improved.
System Requirements
It is recommended that you always use the latest Service Pack for your operating system.
For details about System Requirements, see System Requirements.
Microsoft Windows Server 2008/R2 and Microsoft SQL Server 2008/R2 are not supported from version 7.5 and up.
Before you begin, note the following:
Prior to Web Console upgrade, you must remove the Web Console component and install the new version as Security Support Provider Interface (SSPI). It is not possible to upgrade from an older version configured with SQL authentication to a new version with SSPI.
-
If the Full Text Search (FTS) utility of Microsoft SQL Server is not installed before you begin the upgrade, you will receive a prompt during the upgrade procedure. The FTS utility enhances ObserveIT's powerful Search feature by providing an accelerated search experience, and it is highly recommended that you install it. By clicking Yes in the prompt window, you can install the FTS utility after completing the upgrade.
If you install the FTS utility after completing the upgrade, you must run the following command line in Microsoft SQL Server Management Studio: FTS EXEC dbo.uspDBA_FTSIndexCreate;
-
The ITM On-Prem (ObserveIT) upgrade process to the application and/or databases has no impact on the operating system of the servers they are running on. Whether the upgrade process succeeds or fails, no changes will be made to the actual operating system.
-
Upgrading the components does not require a reboot of the ITM On-Prem (ObserveIT) Application/Web Console Servers, or the SQL server, or any of the computers running the Agent software.
-
During the upgrade process, no sessions are recorded. The installed Agents will not be able to communicate with the ITM On-Prem (ObserveIT) Application Server for the amount of time that is required to perform the actual upgrade. In addition, each Agent needs to be upgraded during which time they cannot record data.
-
In cases when alerts are generated during the upgrade process, to enable risky users and their alerts to be updated in the User Risk Dashboard, it is recommended that you shut down the server-side processes before starting the upgrade procedure.
-
If the Website Categorization module is not already installed, you will receive an option during upgrade to install it. The ITM On-Prem (ObserveIT) Website Categorization module automatically detects categories of Websites that end users are browsing, enabling alerts to be generated on browsing categories such as Gaming, Adults, Infected or Malicious Websites, Phishing Websites, and more. For further details about this feature, please refer to Website Categorization.
Upgrading Large Scale Enterprises
When performing an upgrade for large scale enterprises, depending on the size of the database, a number of prerequisites are required for the successful migration of data. It is recommended that you contact Support to help you do this.
Preparing Working Backups
The upgrade process should complete without any issues. However, because upgrading the ITM On-Prem (ObserveIT) Database involves changes to the data, it is very important that you have a valid and working backup before you begin the upgrade process. A valid and working backup is required for the following components:
-
System State backup of the ITM On-Prem Web Console server using a Microsoft-supported Windows Server backup method/software.
-
System State backup of the ITM On-Prem (ObserveIT) Application Server using a Microsoft-supported Windows Server backup method/software.
-
System State backup of the SQL Server that host the ITM On-Prem (ObserveIT) Databases using a Microsoft-supported Windows Server backup method/software.
-
Full backup of the SQL Server ITM On-Prem (ObserveIT) Databases using a Microsoft-supported SQL Server backup method/software.
Important: If one or all of the above components are running as Virtual Machines, consult with your virtualization software vendor for any alternative backup methods such as creating VM snapshots. Do not assume that by simply running a VM snapshot you will be fully covered.
Worst Case Scenarios and Rollback
In case something goes wrong during the upgrade process, you can revert to your backup. However, in a worst case scenario or in the case of a catastrophic event, if your backup does not work, you must be prepared to install the ITM On-Prem (ObserveIT) Application Server/Web Console Server and/or SQL Server operating system from scratch. Once reinstalled and configured to be members of the domain (if required), you will need to install the ITM On-Prem (ObserveIT) Application and deploy the Agents.
Risks and Mitigation
Although the upgrade process itself makes no changes to the operating system, a failure of the process may negatively impact a customer’s business requirements or deployment scenarios. Before you start the upgrade process, it is highly recommended that you take into account the risks that could impact a customer’s requirements, and the steps that should be taken to mitigate these risks, where possible.
The following potential risks could occur after upgrading ObserveIT:
-
Failure to record user sessions on some monitored machines for a short time/indefinite time.
-
Failure to record user sessions on all monitored machines for a short time/indefinite time.
-
Failure to identify shared privileged accounts for a short time/indefinite time.
-
Failure to receive alerts and reports for a short time/indefinite time.
-
Failure to interact with 3rd-party tools such as ticketing systems and log monitoring systems for a short time/indefinite time.
-
Failure to retrieve and replay recorded data for a short time/indefinite time.
-
Failure to record remote vendor access to monitored servers by using a gateway scenario for a short time/indefinite time.
-
Loss of the entire recorded session database.
-
Temporary/prolonged failure to meet compliance and/or regulatory requirements during the period of recording failures.
The following steps should be taken to mitigate some of the above risks, before upgrading ObserveIT:
-
Make sure that no user(s) is connected to any monitored machine during the upgrade.
-
Use an SLA-calculated window of opportunity to perform the upgrade, when no remote vendors may be impacted.
-
Notify privileged users of the upgrade process.
-
Make sure that you have working backups.
-
Disconnect remote vendor access right before upgrading to prevent future connections.
-
On Terminal Server/Citrix servers, make sure that all logged on users are disconnected and logged off.
-
Prepare all the necessary information prior to upgrading.
Additional Required Information
Before upgrading, it is also highly recommended that you prepare the following information:
-
ITM On-Prem Web Console URL (FDQN or IP).
-
ITM On-Prem Web Console administrator’s username and password.
-
ITM On-Prem (ObserveIT) Application Server local or domain credentials with administrative privileges.
-
SQL Server local or domain credentials with administrative privileges.
- SQL Server "sa" or equivalent account.
If the account you are currently using is an SQL Server administrator, select Windows Authentication as the authentication method. Otherwise, select SQL Server Authentication and provide a user name and password with privileges to create databases and user accounts.
-
The number and type of installed Agents (Windows, Solaris, RHEL/CentOS, SLES {SuSE Linux Enterprise Server}, Ubuntu, or Amazon Linux).
-
Location of the ITM On-Prem (ObserveIT) License file.
-
Details regarding integration with third-party software (for ticketing system, log monitoring, and so on)