Applies To:

Show Versions Show Versions

Manual Chapter: Managing Software Images
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

10 
Installing software and hotfixes on individual BIG-IP® systems involves several steps including downloading an upgrade image, logging on to individual devices, configuring each upgrade task, and monitoring the job as it completes. This can be a time-consuming task. Additionally, if you manage several BIG-IP® Application Security Manager systems, you may have to update multiple attack signatures on a regular basis.
With Enterprise Manager as your centralized software image management system, you can catalog and store several versions of software, hotfixes, and signature files, and use these images to perform upgrades to as many managed devices as necessary.
You can also configure an automated upgrade process, specifying several options such as the install location and reboot location, and you can easily monitor the progress of each upgrade from the task list.
You manage the software images stored in the Enterprise Manager software repository from the Software Images list screen, as seen in Figure 10.1.
Releases
Releases are full software products, and usually include a software image intended to upgrade your software to a newer version.
Hotfixes
Hotfixes are minor updates to the current software version that fix one or more known issues.
Attack signatures
Application Security Manager attack signature updates ensure that your applications are protected against new attacks and threats.
Patches
Patches are usually fixes for vulnerabilities.
Table 10.1 File types available on downloads.f5.com
File Extension
You can mount a software image to perform a full software upgrade on a managed device. The software image contains all the necessary packages for the upgrade, and is not specific to a local or remote installation.
You can use hofix packages to install smaller fixes to managed devices. Usually, these packages update a portion of the existing software without requiring a full installation. Hotfix packages are usually available for local and remote installation.
You can use the signature file to update the system-supplied attack signature definitions on BIG-IP Application Security Manager systems. Enterprise Manager can manage the scheduled downloading of updates and installation of new signature files.
.txt or .readme
F5 also provides alternate methods for installing your software depending on how you want to upgrade the software. For hotfixes, we provide both local and remote installation options.
Local installation
Installing software locally requires downloading the entire software image to the hard drive of the managed device and running the installation from the device. This method is required when you use Enterprise Manager as your software management system.
Remote installation
Installing software remotely requires downloading the installation portion of a software image to a managed device, then manually installing the upgrade using the network as the upgrade source, instead of using the managed devices local hard drive. This method may be required for devices that use CompactFlash® storage instead of a hard drive.
You can typically tell the difference between the types of software images by reading the file name. For example, for the Enterprise Manager version 1.2 release, there are two different .im packages available, local-install-1.2.2.8.0.im and remote-install-1.2.2.8.0.im. Each of these files installs version 1.2, but they use a different installation method.
BIG-IP systems allow for a multiple boot capability, which means that you can choose to install the software on multiple disk boot locations on each managed device. A boot location is a portion of a drive with adequate space required for a software installation (this was previously referred to in other documentation as a boot slot). BIG-IP hardware platforms support this functionality, and you can select the boot location for software upgrades when configuring an upgrade task.
To minimize the risk when performing a installation to a system in a high availability configuration, we recommend that you configure only one device in the pair per upgrade task. For example, for an active-standby pair, instead of adding both the active and standby devices to the installation list when configuring the task, upgrade only the software on the standby device. Then, when the upgrade completes, you can switch the device to active mode to test whether the upgrade works properly. Once you confirm that the upgrade works as expected, you can configure a task to upgrade the second device of the pair.
Important: If you include both the active and standby systems in the same upgrade task and the upgrade does not work properly on the first device of a high availability pair, you cannot cancel the upgrade on the second device.
Although Enterprise Manager supports a network topology that features a tiered configuration where a top-tier BIG-IP system load balances requests to multiple lower-tier BIG-IP systems, the Software Install wizard does not indicate which devices exist on which tier.
If your network topology features a tiered configuration, we recommend that you do not schedule devices on both tiers for upgrade in the same upgrade task. This ensures that Enterprise Manager can maintain a connection to all devices in the network throughout an upgrade task.
In addition to installing software and hotfixes on managed devices, you can install software and hotfixes to Enterprise Manager systems, including the system you are working on. This means that Enterprise Manager can upgrade itself, as long as you added Enterprise Manager software to the software repository.
Note: You cannot install a hotfix from the Enterprise Manager on which you are currently working to that Enterprise Manager system.
When you configure a software upgrade or hotfix installation task, any Enterprise Manager systems in your network appear among the list of devices that you can upgrade (if you elected to discover Enterprise Manager devices in the network). You can configure an upgrade task for Enterprise Manager in the same way that you do for any managed device.
Certain options may not be available when you are configuring an Enterprise Manager system for a software upgrade task. For example, if you are installing software on the same system on which you are configuring the upgrade task, you cannot specify a different boot location. Consequently, you may notice that some options are not available when configuring a self-install task.
When we create software images, we also create an md5 checksum. After you download software images to a local system, you can verify the integrity of the files that you downloaded, using the md5 checksum to confirm that you have an exact copy of the file.
The verification process varies depending on your client system. For Linux® systems, you can use the included md5sum tool from the command line. For other client systems, including Windows® systems, you may need to use an external application to verify the md5 checksum.
You can configure software version rollbacks, or downgrades, in the same way that you configure software upgrades. However, because of the way the software management process operates, this may cause issues during a software downgrade.
After a typical software installation, Enterprise Manager applies the current device configuration to the newly installed software. After a downgrade task, it is possible that the current device configuration is no longer compatible with the software version. Because of this, we recommend that you manually reconfigure the device after completing a downgrade task.
Note: You cannot downgrade a Logical Volume Management (LVM) system (or a system using VM) to version 9.x, nor can you go from a boot location running version 10.x software to version 9.x software using Enterprise Manager. You must perform this downgrade manually.
You obtain software upgrades, patches, hotfixes, signature files, and other files to assist you in managing devices in your network from the F5 Networks Downloads site at downloads.f5.com.
To access the F5 Downloads site, you use your F5 Networks single sign-on account for technical support and downloads. If you do not yet have an account, you must first create one on the F5 Downloads site.
Tip: Because you are using Enterprise Manager as your software management system, when you upgrade software, we recommend that you download.iso images to import into the software repository. The software (.iso) image files contain all of the packages necessary for the software version you are using, and there is no need to specify local or remote installation versions.
1.
Using a web browser connected to the internet, visit http://downloads.f5.com.
The F5 Sign-on screen opens.
2.
In the User Email box, type the email address for your F5 Technical Support account and in the Password box, type your password.
3.
Click the Login button.
The Overview screen opens and provides notes about using the Downloads site.
4.
Click the Find a Download button.
The Product Lines screen opens listing all F5 product families.
5.
Locate the appropriate product family and click the adjacent product version link.
The Product Version screen opens, listing the available download containers for the current product version.
6.
Select a product container by clicking the name of the container that corresponds to the software that you want to download.
The End User License Agreement (EULA) screen opens.
7.
Read the EULA and click I Accept to accept the licence agreement.
The Select a Download screen opens.
8.
Click the name of the file you want to download.
The Select a Download screen opens.
9.
Click the download icon next to the protocol that you want to use.
A dialog box opens, prompting you to save the file to your local system.
After you download a software image from the F5 Networks Downloads site, you can add it to the appropriate Enterprise Manager software repository.
Important: When you import an image, you must leave the browser window open on the Import screen. If you close the window or navigate away from the Import screen, the file transfer terminates. If you need to perform other management tasks while importing an image, open a new browser window.
1.
On the Main tab, expand Enterprise Management, and click Software.
The Software Images screen opens, displaying all available software update images.
Software Image List: for full version software images for upgrade or roll back.
Hotfix Image List: for a hotfix to an existing software installation.
ASM Attack Signatures: for system-supplied attack signatures for Application Security Manager systems.
3.
Above the image list, click Import.
The Import screen opens.
4.
In the File Name box, click Browse to search for the image using a directory or folder view.
5.
After you specify the path and file name, click Import.
The Software Image list screen opens and the image name appears in the list with the status of Importing. When the importation completes, you can deploy the image to managed devices, as described in Upgrading software on managed devices.
Important: If you remove an image from the list, Enterprise Manager deletes the image from its database. To deploy this image in the future, you must re-import it to the software repository.
1.
On the Main tab, expand Enterprise Management, and click Software.
The Software Images screen opens, displaying all available software update images.
Software Image List: for full version software images for upgrade or roll back.
Hotfix Image List: for a hotfix to an existing software installation.
ASM Attack Signatures: for system-supplied attack signatures for Application Security Manager systems.
After you confirm the deletion, Enterprise Manager removes the image from its database, and then from the image list.
With Enterprise Manager, you can deploy software or hotfix images devices in your network using a software upgrade task. A software upgrade task is a series of jobs that you configure to upgrade managed devices with software stored in the Enterprise Manager software repository. Each job upgrades one device, or you can use the device groups feature to deploy a software or hotfix upgrade to an entire device group at once. Then, all of the members of the device group that are compatible with the upgrade are upgraded during the upgrade task.
Legacy Software Install wizard
Applies to version 9.x managed devices and Enterprise Manager systems, as well as WANJet® version 5.0 and Secure Access Manager version 8.0.
Software Volume Management wizard
Installs a base software image and a hotfix simultaneously, and generally applies to managed devices running version 10.x and later.
The Legacy Software Image Installation wizard applies to version 9.x managed devices and Enterprise Manager systems. This wizard streamlines the task of software upgrades while providing flexibility so that you can set custom options on each device that you plan to upgrade.
The wizard guides you through the process of selecting devices to upgrade, including which of the upgrade images or hotfixes to install, which boot location is upgraded, and which boot location is used during the reboot. The Legacy Software Image Installation wizard installs Legacy software and hotfixes separately.
Because you might install hotfixes on devices in your network more often than you install full software upgrades, it is important to have a simple method of deploying hotfixes to many devices at once by creating a hotfix installation task. A hotfix installation task is a series of steps in which you define one or more managed devices on which to install a hotfix that is stored in the Enterprise Manager software repository.
You can specify only one hotfix per device, using the hotfix installation task. When you install hotfixes to one or more devices, you can install the hotfix only on a managed devices active boot location.
1.
On the Main tab, expand Enterprise Management, and click Tasks.
The Task list screen appears.
2.
Click the New Task button.
The New Task screen opens.
3.
In the Software Installation section, click Install Legacy Hotfix Image, then click Next.
The Legacy Software Hotfix Installation wizard opens, prompting you to choose a product version and hotfixes to install.
Note: The Install Legacy Hotfix Image option is available only if your managed devices support legacy software.
Important: If the hotfix image that you want to install is not available in the hotfix list, you may need to download the hotfix image, or import it to the software repository. See Downloading and managing software images.
1.
From the Product Version list, select the product version to which you want install the Legacy hotfix.
The Available Hotfixes table changes to display hotfixes compatible with the software version you selected.
2.
In the Available Hotfix table, check the Select box to the left of any hotfix that you want to install.
3.
Click Next to move to the screen where you select devices on which to install the hotfix, Step 2 of 4.
You can select the devices on which to install the Legacy hotfix image in Step 2 of the Legacy Software Hotfix Installation wizard. If a device does not appear in the Compatible Devices table, check the software version on the device to ensure that you can use the hotfix.
1.
In the Device Group box, select an option to narrow the list of devices:
To install to specific devices, select All Devices to see a list of all devices compatible with the upgrade image you select.
2.
For Device Filter, select an option to limit the devices that appear in the Compatible Devices table:
Compatible Devices in Standby Mode: displays only compatible devices currently in Standby mode
Compatible with Hotfix: displays all devices compatible with the hotfix you selected on the previous screen
Note: The Compatible Devices table displays only devices that are compatible with the hotfix image or images you selected on the previous screen.
3.
In the Compatible Devices table, check the Select box to the left of the devices that you want to upgrade with the hotfixes you selected on the previous screen.
4.
Click Next to move to the next screen where you can review the options you set in this hotfix upgrade task, Step 3 of 4.
1.
For Device Error Behavior, select one of the following options:
Continue task on remaining devices: the system continues installing the hotfix for selected devices on which an error was not encountered, until the task is finished.
Cancel task on remaining devices: the system stops the task immediately if an error occurs, and does not install the hotfix to any devices still pending.
2.
Click Next to move to the Step 4 screen, where you can review the details of the Legacy hotfix installation task you configured.
You can review and elect to remove a device from the hotfix installation task in Step 4 of the Legacy Software Hotfix Installation wizard.
2.
Click the Remove button below the Task Details table if you want to remove a device from the install table.
The Scheduling Review screen opens after you confirm the removal of the device from the hotfix installation task.
3.
When the details look correct, click the Start Task button below the list.
The Task Properties screen opens, displaying details relevant to the task that you configured.
The Task Properties screen displays information about the task you started, including a detailed list of all the devices you configured a hotfix installation on, and the progress of each installation. The section Monitoring installation tasks, provides additional information about the task list and how to work with tasks in the list.
One method of installing software on a device is through the Legacy Software Image Installation wizard. The Legacy Software Image Installation wizard provides four steps to guide you through all of the configuration options necessary to start an upgrade task. When you perform a software upgrade, you have the option to include hotfixes in addition to the software.
1.
On the Main tab, expand Enterprise Management, and click Tasks.
The New Task screen opens.
2.
Click the New Task button.
The New Task screen opens.
3.
In the Software Installation section, click Install Legacy Software Image, then click Next.
The Legacy Software Image Installation wizard opens, prompting you to select a software image upgrade, then devices on which to install the upgrade.
You can select a Legacy software image to install, and the devices on which to install the image, in Step 1 of the Legacy Software Image Installation wizard.
1.
In the Software Image box, select the software version that you want to use to upgrade devices.
The Compatible Devices table changes to show only devices that you can upgrade with the software version you selected.
Verify that the devices partitioned disk management scheme is supported. See Disk Management Scheme on the Device Properties screen, and Supported Disk Management Schemes on the Software Image Properties screen for information about support for the partitioned disk management scheme.
Check the software version on the device to ensure that you can use the software image you selected in the previous procedure. If a software image does not appear in the Software Image box, verify that the image was imported correctly by viewing this information on the Software Images screen.
2.
In the Device Group box, select an option to narrow the list of devices:
To install to specific devices, select All Devices to see a list of all devices compatible with the upgrade image you select.
3.
For Device Filter, select an option to narrow the managed devices displayed.
Compatible Devices in Standby Mode: displays only compatible devices currently in Standby mode.
Compatible with Hotfix: displays all devices compatible with the hotfix you selected on the previous screen.
The Compatible Devices table changes based on the option you select.
Requiring device license before software install: displays those devices that require a license before the software you selected for Software Image is installed.
4.
In the Compatible Devices table, check the Select box to the left of the devices to which you want to install the software that you selected in the Software Image box.
5.
Click Next to move to the step where you can select any hotfixes that you want to install during the software upgrade, Step 2 of 4.
Step 2 of 4 of the Legacy Software Image Installation wizard displays available Legacy hotfixes that are compatible with the software you selected on the previous screen.
1.
In the hotfix table, select the hotfix that you want to install during this upgrade.
Note: If no hotfixes appear in the table, there are no available hotfixes in the Enterprise Manager repository that are compatible with the software you selected. It is possible that you imported an incompatible hotfix image to the software repository.
2.
Click Next to move to the step where you can select installation and task options, Step 3 of 4.
1.
In the Install Location list, select where you want to install the software upgrade.
The default is any empty boot location, or the location that hosts the oldest installed software version. If you select Active Location, the new software is installed over the software on the currently active boot location.
2.
In the Configuration Options list, select the device configuration you want to use on the newly upgraded boot location:
Install full configuration: copies the current full device configuration from another boot location to the newly upgraded boot location.
Install essential configuration: leaves the newly upgraded boot location in a new, basic configuration state.
3.
For Device Error Behavior, select one of the following options:
Continue task on remaining devices: the system continues installing the upgrade for selected devices on which an error was not encountered, until the task is finished.
Cancel task on remaining devices: the system immediately stops the task if an error occurs, and does not install the upgrade to any devices still pending.
4.
In the Post Installation list, select which boot location to use for rebooting the device upon completion of the upgrade process.
5.
For Configuration Archive, select whether you want to include private SSL keys in the configuration archive created during the task.
6.
Click Next to move to the step where you can review the details of the upgrade task you configured, Step 4 of 4.
You can review the details of the upgrade task you just configured in Step 4 of 4 of the Legacy Software Image Installation wizard. The Task Details table lists the devices selected for upgrade, the current boot location on each device, the installation location you selected, and the location that the device will boot to when the upgrade process completes.
For Install Location, select a different installation location for a target device.
For Reboot Location, select a different reboot location for the target device.
For Configuration, change the type of configuration to install by selecting either Full or Essential.
3.
If the details look correct, click Start Task below the list.
The Task Properties screen opens, displaying details relevant to the task that you configured.
Note: If you do not choose to reboot the managed device using the new software installation, the device reboots using the current default location, which may not be the same as the installation location.
The task properties screen displays information about the task you started, including a detailed list of all the devices on which you configured a software upgrade, and the progress of each installation.
To view the task list screen, below the Task Properties table, click the Exit to Task List button. The task list screen opens, displaying a list of all running tasks on the Enterprise Management system.
Software Volume Management (SVM) allows you to install software as a base image, and apply hotfixes in a separate volume of a currently running BIG-IP system, without impacting the system or traffic to the device.
You can also use Software Volume Management to install software to another boot location while continuing to use the current boot location, then apply the software during the normal maintenance period when the device is rebooted. Once the new image is applied, you can test application traffic and verify that the new image is working as expected.
Software Volume Management is based on the F5 Networks disk management scheme, called Logical Volume Management (LVM). LVM is a hardware virtualization tool that dynamically adds virtual storage space to the BIG-IP operating system. You can load new images, upgrades, and hotfixes into a dynamic storage volume, or drive, while the current system continues to process application traffic. While the BIG-IP systems previous Legacy and Standard disk management schemes provided a more rigid method of allocating disk space, the LVM virtualization layer offers greater flexibility and adjustments of physical storage.
When you prepare to install BIG-IP version 10.x software, you have the option to format the system's hard drive as volumes, or leave the drive formatted as partitions. On each device properties screen, in the advanced view, you can see which type of disk management scheme a managed device uses, allowing you to determine why an image may or may not be installed on an device.
Note: A partition is a logical container that you create, containing a defined set of BIG-IP system objects. You use partitions to control user access to the BIG-IP system.
When working with software volume management images, you use a new Software Volume Management wizard designed for version 10.x installations. Installing an image using the Software Volume Management wizard involves the following procedures:
1.
On the Main tab, expand Enterprise Management, and click Tasks.
The Task list screen opens.
2.
Click the New Task button.
The New Task screen opens.
3.
In the Software Installation section, click Install Software or Hotfix Image, then click Next.
The Software Image Installation screen (Step 1) opens, prompting you to select a software image upgrade, then devices on which to install the upgrade.
4.
Follow the steps on the following pages to work through the wizard screens to upgrade the devices that you select.
On the Step 1 screen of the Software Volume Management wizard, you can select software images and devices on which to install the upgrade.
1.
From the Software Image list, select the software version that you want to deploy to one or more devices.
The Compatible Devices table changes to show only the devices compatible with the software version you selected.
2.
In the Hotfix Image box, select a hotfix to include with the installation.
3.
In the Device Group box, select an option to filter the list of devices in the Compatible Devices table to display all devices or devices from a specific device group.
The Compatible Devices table changes according to the group you select.
4.
For Device Filter, select an option to narrow the managed devices displayed.
Compatible Devices in Standby Mode displays only compatible devices currently in Standby mode.
Compatible with Software Image displays all devices compatible with the image that you selected in the Software Image box.
Requiring device license before software install displays only devices that require licensing before they are compatible with the upgrade.
Incompatible with Software Image displays only devices that are not compatible with the image you selected for Software Image.
5.
In the Compatible Devices table, check the Select box to the left of a device that you want to upgrade with the software you selected in the Software Image box.
6.
Click Next to move to the screen where you select install options, Step 2 of 4.
On the Step 2 screen of the Software Volume Management wizard, you select a disk management scheme. These options appear only if one or more of the devices is not using the Logical Volume Manager management scheme.
Important: Selecting the Upgrade to LVM disk management scheme option completely reformats the drive and may take several minutes to complete.
1.
From the Disk Management Scheme list, select the disk management scheme you want to apply during the upgrade:
Upgrade to LVM disk management scheme upgrades the devices you selected on the previous screen to the new LVM disk scheme during the upgrade task.
Retain existing disk management scheme keeps the existing disk management scheme (Legacy Partition Scheme or Standard Partition Scheme) during the upgrade task.
If you plan a configuration that consists solely of version 10.x software, we recommend that you use the LVM disk formatting scheme. If, however, you plan to retain a 9.x version of the software on the BIG-IP system, you must use the existing formatting scheme.
2.
Click Next to move to the screen where you select install options, Step 3 of 4.
On the Step 3 screen of the Software Volume Management wizard, you manage the configuration of your software image install.
1.
From the Configuration list, select whether you want to install the full device configuration, or the essential configuration.
2.
From the Post-Install Run Location list, select whether you want to reboot using the upgraded software on the upgraded boot location, or continue running on the current location.
3.
From the Configuration Archive box, select whether you want to include or exclude private SSL keys in the configuration archive.
4.
For Device Error Behavior, select one of the following options
Continue task on remaining devices: the system continues installing the software for selected devices on which an error was not encountered, until the task is finished.
Cancel task on remaining devices: the system stops the task immediately if an error occurs, and does not complete the installation on any devices still pending.
5.
Click Next to move to the Task Review screen, Step 4 of 4.
2.
In the Task Name box, type a new name to change the task name as it appears in the task list.
For Disk Scheme, you can select a different disk management scheme for a device. The Disk Scheme column only displays available disk management scheme options.
For Install Location, you can select a different installation location for a target device.
For Run Location you can select a new run location for the target device.
For Configuration, you can change the type of configuration to install by selecting either Full or Essential.
4.
In addition to managing the installation of software and hotfix upgrades, Enterprise Manager can assist you in managing attack signatures for the BIG-IP Application Security Manager.
Attack signatures are the foundation of the Application Security Manager systems negative security logic. Attack signatures are rules or patterns that identify attacks or classes of attacks on a web application and its components. For more information on how to use attack signatures with an Application Security Manager system, see the Configuration Guide for BIG-IP® Application Security Manager.
With Enterprise Manager, you can import system-supplied attack signatures into the image repository and deploy them to as many managed devices as you require. Additionally, you can use Enterprise Manager to check for updated system-supplied attack signatures and import them into the image list automatically. Once you obtain the signature updates, you can deploy them to one or more managed BIG-IP Application Security Manager devices.
As new threats are discovered, F5 regularly updates Application Security Manager attack signature files. You can configure Enterprise Manager to automatically check for, and download, newly updated attack signature definitions for images stored in the image repository. This feature helps you avoid unnecessary and potentially frequent manual checks for updated attack signature files.
If you do not want to automatically update signature images, you can configure an alert to notify you that updates are available, so that you can check for, and download these updates manually. See Updating attack signature images manually, for instructions on manually updating attack signature images.
Important: Enterprise Manager checks for updated attack signature files from downloads.f5.com. For the system to communicate with the F5 servers, you must configure the Enterprise Manager system settings to use your network DNS server. See To configure DNS, for instructions.
If updated signatures are available for any attack signature in the software repository, you can schedule automatic update downloads. Then, after you download the updates, you can start an Application Security Manager attack signature installation task to upgrade managed BIG-IP Application Security Manager systems. See Installing attack signatures to one or more devices, for more information.
1.
On the Main tab, expand Enterprise Management, and click Tasks.
The task list screen opens.
2.
On the menu bar, click Options.
The Tasks Options screen opens.
3.
In the Attack Signature Update Schedule table, for Check for Updates, choose an option to determine how often the system checks for updates to existing attack signature images:
Never: Enterprise Manager does not automatically check for updated attack signature images.
Daily: The system checks for updated signatures once each day.
Weekly: The system checks for updated signatures once a week.
Monthly: The system checks for updated signatures once a month.
Based on your selection, the table changes to display additional boxes for Day of the Week, Day of the Month, and Start Time.
4.
Depending on the frequency you selected, you can specify a day of the week, month, and time of day that you want Enterprise Manager to check for updates for attack signature images in the repository.
5.
For Automatically Download New Updates, select whether you want to automatically add updated images to the repository.
6.
Click Save Changes to save your changes.
If you choose not to automatically download updated attack signature images, you can configure the system to trigger an alert when it finds new Application Security Manager signature updates. This alert is enabled by default, but you must specify an alert action on the Enterprise Manager Alerts screen to receive an email notification. See Creating alerts for Enterprise Manager, for instructions.
If you receive an alert to check for updates, or if you want to periodically check for updates, you can update all attack signatures stored in the image repository from the ASM Attack Signatures list screen.
1.
On the Main tab, expand Enterprise Management, and click Software.
The software images list screen opens.
2.
On the menu bar, click ASM Attack Signatures.
The ASM Attack Signatures screen opens.
3.
Above the list click, Check for New Signatures.
The Check for New Signatures screen opens and displays the status of the checking task.
The screen refreshes at regular intervals until the systems checks for any available updates for the signature files listed in the Available ASM Attack Signatures table. After the task completes, the system indicates if any update is available for each of the signature files in the repository.
Manually downloading attack signature images requires that you have previously checked for updated attack signatures and have opened the Check for New Signatures screen. See To manually check for updated attack signatures, preceding.
1.
On the Check for New Signatures screen, in the Available ASM Attack Signatures table, check the Select box next to each signature file that you want to update.
2.
Click Start Task.
The ASM Attack Signature Update screen opens and displays the status of the update task.
The screen refreshes at regular intervals until the system updates all of the Application Security Manager attack signature files you selected on the previous screen. At any time, you can click Exit to Task List to open the Task list screen.
Note: You can also use the import image procedure to update attack signature images. See Managing attack signatures for Application Security Manager, for information about adding attack signature images to the image repository.
Because you want to regularly update attack signatures on Application Security Manager systems in the network, it is important to have a simple method of deploying signatures to many devices at once. You can use the Attack Signature Installation wizard to create an Application Security Manager attack signature installation task. An attack signature installation task is a series of jobs that you configure to install, to one or more managed devices, an Application Security Manager attack signature stored in the Enterprise Manager image repository. Each job consists of one individual signature update per device.
1.
On the Main tab, expand Enterprise Management, and click Tasks.
The task list screen opens, displaying all running and completed tasks.
2.
3.
Click Next to start the Install ASM Attack Signature wizard.
Use the steps on the following pages to work through the wizard screens to install attack signatures.
Important: If the attack signature that you want to install is not available in the signature list, you may need to download the attack signature image, or import it to the image repository. See Downloading and managing software images.
1.
From the Product Version list, select the product version to which the signature you are planning to install applies.
The attack signatures table changes to display signatures compatible with the software version you selected.
2.
3.
You can select the target devices for the attack signature installation on the Step 2 screen of the Attack Signature Installation wizard.
1.
In the Device Group list:
Otherwise select All Devices to see a list of all devices compatible with the attack signature you selected.
2.
For Device Filter, select an option to limit the results in the Compatible Devices table:
Compatible Devices In Standby Mode: displays all managed devices on which you can install the selected attack signatures that are in Standby mode.
Compatible with Attack Signature: displays all managed devices on which you can install the selected attack signature.
3.
In the Compatible Devices table, check the Select box to the left of the devices for which you want to install the attack signature you selected on the previous screen.
4.
To move to the next wizard screen, where you can set task options for the attack signature installation task, click Next.
You can set error handling options for the attack signature installation task on the Step 3 screen of the Attack Signature Installation wizard.
1.
For Device Error Behavior, select one of the following options:
Continue task on remaining devices: the system continues installing the attack signature for selected devices on which an error was not encountered, until the task is finished.
Cancel task on remaining devices: the system immediately stops the task if an error occurs, and does not install the attack signature on any devices still pending.
2.
Click Next to open the task review screen.
You can review task settings and change the task name for the attack signature installation task in Step 4 of the Attack Signature Installation wizard.
2.
If any of the device information is incorrect, click the Back button to return to a previous wizard screen to correct it.
3.
If you want to change the task name, in the Task Name box, type a new name.
This name appears in the task list while the task is running, and after the task finishes.
4.
To start the task to install the attack signature indicated in the ASM Attack Signature box on the devices indicated in the Task Summary table, click Start Task.
The Task Properties screen opens, displaying details relevant to the task that you configured.
The task properties screen displays information about the task you started, including a detailed list of all the devices you configured as targets for attack signature installation, and the progress of each installation. The section Monitoring installation tasks, provides additional information about the task list and how to work with tasks in the list.
From the Task List screen, you can view a summary of the tasks running and the details for a particular task. The task list displays an overview of all tasks on Enterprise Manager, including running and completed tasks.
The progress bar on the task list indicates the percentage of the task that is complete. For example, if you scheduled ten devices for a hotfix installation, the progress bar will indicate 60% when 6 of those devices have completed the hotfix installation.
When all the individual jobs (such as installations or upgrades on a single device in a series) in a task finish, the system marks the task Finished, and the task name and description remains in the task list until you delete it.
When you start a software upgrade, hotfix installation, or attack signature update, the task is added to the Enterprise Manager Task List. If you start more than one upgrade task, additional tasks also appear in the task list. From the task list, you can click the name of a task to view additional details on the task properties screen.
On the Main tab, expand Enterprise Management, and click Tasks.
The Task list screen opens, displaying all running tasks in Enterprise Manager.
Figure 10.2 Task list example
1.
On the Main tab, expand Enterprise Management, and click Tasks.
The Task list screen opens, displaying all running tasks in Enterprise Manager.
2.
Check the box to the left of the task that you want to delete, and click Delete below the list.
The task is removed from the list, and the record is deleted from the Enterprise Manager database.
On the task properties screen, click the Cancel Pending Items button below the task summary table(s). After the current device completes its upgrade, Enterprise Manager cancels any software installations or hotfix upgrades for all devices listed in the Task Summary table as Pending.
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)