Hyperic Upgrade Processes

About this page...
This page has process guidelines for upgrading Hyperic components to version 4.6. Instructions are provided for several upgrade strategies. Consider your deployment and your security requirements in choosing the appropriate upgrade process. See About SSL in Hyperic for more information.

For information about performing a new installation of Hyperic components, see Hyperic Installation and Startup Process.

Server Agent Plugin Synchronization (SAPS) Requires Server and Agent Upgrade.

In Hyperic 4.6.5, the SAPS process will not synchronize plugins on agents of an earlier version. The Hyperic 4.6.5 Server can only synchronize plugins on agents running the same version as the server. For more information about SAPS, see Plugin Deployment and Management.

Hyperic 4.6 Upgrade Options

The upgrade options are:

  • Upgrade Hyperic Server only — Hyperic Server 4.6 is backward-compatible with 4.x Hyperic Agents. You can upgrade the Hyperic Server to 4.6, and run a previous (4.x) version of the Hyperic Agent. In this case, the server will use self-signed certificates for SSL communications.

  • Upgrade Hyperic Server and Hyperic Agents with Hyperic-Managed Keystores — By default, the upgraded 4.6 Hyperic Server and 4.6 Hyperic Agents will use self-signed certificates for SSL communications.

  • Upgrade Hyperic Server and Hyperic Agent with User-Managed Keystores — For best security, you can upgrade the Hyperic Server and all agents to 4.6, and configure the components to use keystores you configure yourself and trusted certificates from a certificate authority.

Upgrade Hyperic Server Only

To upgrade the Hyperic Server only, follow the instructions in Upgrade Hyperic Server.

Upgrade Server and Agent with Hyperic-Managed Keystores

  1. Upgrade the Hyperic Server, following the instructions in Upgrade Hyperic Server.

  2. Upgrade all agents reporting to the Hyperic Server, following the instructions in Upgrade Hyperic Agent.

Upgrade Server and Agent with User-Managed Keystores

  1. Create a SSL keystore in JKS format with certificates from your CA on the Hyperic Server host, and on each agent host.

  2. Upgrade the Hyperic Server, following the instructions in Upgrade Hyperic Server.

  3. Restart the Hyperic Server.

  4. Upgrade all agents reporting to the Hyperic Server to 4.6, following the instructions in Upgrade Hyperic Agent.

    • At this point, Hyperic Server and Hyperic Agents are running with self-signed certificates.

  5. Shut down all Hyperic Agents.

  6. Shut down the Hyperic Server.

  7. Configure the Hyperic Server to use the keystore you created on its host. Edit ServerHome/conf/hq-server.conf:

    • Define the full path to the server keystore using the server.keystore.path property.

    • Define the password for the server keystore using the server.keystore.password property.

    • Verify that the accept.unverified.certificates is set to "false".

  8. Configure each Hyperic Agent to use the keystore you created on its host. For each agent, edit AgentHome/conf/agent.properties:

    • Uncomment agent.keystore.path and set it to the full path to the keystore you created on the agent host.

    • Uncomment agent.keystore.password and set it to the password for the keystore you created on the agent host.

      The first time you start the upgraded agent, the keystore password will be encrypted.

    • If the agent is configured for unidirectional communication (agent.setup.unidirectional=yes), add agent.keystore.alias to the properties file, and set it to the alias for the keystore's primary certificate/private key entry.

    • Verify that agent.setup.acceptUnverifiedCertificate is "false".

  9. Start the Hyperic Server.

  10. Start all Hyperic Agents reporting to the Hyperic Server