Manual Chapter : Upgrading BIG-IQ Systems

Applies To:

Show Versions Show Versions

BIG-IQ Security

  • 4.4.0
Manual Chapter

About the upgrade process

Upgrade involves installing the new version of the software, booting into that new version, and executing any database schema changes that may be required.

Note: BIG-IQ Security v4.4 only supports upgrades from v4.3 and higher.

The upgrade process breaks the HA pair during upgrade and pairs it again after the upgrade is completed.

Use this procedure to upgrade BIG-IQ Security through a combination of the system interface and the command line interface.

Breaking Up an HA Pair Running 4.3 Software

The upgrade process breaks the HA pair during upgrade and pairs it again after the upgrade is completed. Use this procedure to break an HA Pair running 4.3 software.
  1. Break the HA pair by removing the standby node.
    1. Log in to active BIG-IQ and at the top-right corner of the screen, select System and Overview. The Localhost screen appears.
    2. Select High Availability from the menu on the left. The configuration for the Peer device (the standby node) appears in the viewing pane.
    3. Click the Delete button in the top-right corner of the panel. A pop-up appears to confirm that you want to remove the standby node.
    4. Click the Remove button to confirm.
    5. Watch the HA-status indicator in the top-left corner of the screen. When the HA pair is broken, it changes from "Active (Primary)" to "Standalone."
    The status indicator at the top-left of the screen now reports "Standalone" on both BIG-IQ devices.
  2. Use a secure copy method to copy the image (.ISO) to the /shared/images directory on both nodes, formerly in the HA pair. You can use SCP, FTP, SFTP or any other means of securely transferring ISOs between hosts. scp <big-iq-iso-name> root@<big-iq-standby-node-url>:/shared/images/.
Both nodes are now standalone and have the same ISO file on them.

Breaking Up an HA Pair Running 4.4 Software

The upgrade process breaks the HA pair during upgrade and pairs it again after the upgrade is completed. Use this procedure to break an HA Pair running 4.4 software.
  1. Break the HA pair by removing the standby node from the management group.
    1. Log in to BIG-IQ and from the drop-down list, select System
    2. In the Systems panel, expand the Management Group.
    3. Select the standby node.
    4. Hover over the gear icon, then click it and select Properties.
    5. In the expanded panel, click Remove.
    The status indicator at the top-left of the screen now reports "Standalone" on both BIG-IQ devices.
  2. Use a secure copy method to copy the image (.ISO) to the /shared/images directory on both nodes, formerly in the HA pair. You can use SCP, FTP, SFTP or any other means of securely transferring ISOs between hosts. scp <big-iq-iso-name> root@<big-iq-standby-node-url>:/shared/images/.
Both nodes are now standalone and have the same ISO file on them.

Upgrading BIG-IQ Security (GUI)

Use this procedure to upgrade BIG-IQ Security through the system (GUI) interface.
  1. This step applies to nodes running 4.3 software; skip to the next step if your nodes are running 4.4 software. Otherwise, repeat these substeps on both nodes to upgrade the image on both.
    1. Log in to active BIG-IQ and at the top-right corner of the screen, select System and Overview. The Localhost screen appears.
    2. Select Software Update from the menu on the left. Information about the current software appears in the viewing area.
    3. From the Software Image drop-down list, select the image to use for the update. This is the image you downloaded above.
    4. From the Install Location drop-down list, select the location to use for the update.
    5. In the Option area, click both options.
    6. Click the Apply button in the lower-right corner of the panel. A pop-up asks you to confirm that you want to reboot the node.
    7. Click the OK button in the pop up. The BIG-IQ system loads the new software and reboots.
  2. This step applies to nodes running 4.4 software; skip this step if your nodes are running 4.3 software. Otherwise, repeat these substeps on both nodes to upgrade the image on both.
    1. From BIG-IQ System, expand Management Group.
    2. Hover over the gear icon, then click it and select Properties.
    3. Select the Software Update tab.
    4. Click Update.
    5. From the Software Image drop-down list, select the image to use for the update. This is the image you downloaded above.
    6. From the Install Location drop-down list, select the location to use for the update.
    7. In the Option area, click Reboot After Live Install.
  3. For both nodes, verify that the image is booted on the correct volume using the command tmsh show sys software.
  4. From BIG-IQ System, re-establish the HA pair. When reestablishing the HA pair, the source device copies its common configuration data to the target device. The source device is the device where you start the HA re-pairing process. Choose a source device whose configuration data is the most up-to-date.
    1. On the node you have selected to be the Primary/Active node, hover over the gear icon for the management group.
    2. Click Add Device.
    3. Enter the HA Communication Address of the peer device, and admin credentials for the Secondary BIG-IQ device.
    4. For Network Security configurations, select Active-Standby as the High Availability Mode.
    5. Click the Add button in the banner of the New Device expanded panel.
    6. Affirm the confirmation to start the pairing process.
  5. Expand the Management Group and monitor the status changes for the newly-added device.
    1. Monitor the status updates in the new device entry under the Management Group.
    2. Monitor the device/cluster status indicator in the top left of the screen.
    3. When the indicator changes to Active (Primary) the pairing has completed successfully.
  6. Examine the configuration of both nodes visually to verify that they are in sync.
Both nodes are upgraded. The upgrade is complete.

Upgrading BIG-IQ Security (CLI)

Use this procedure to upgrade BIG-IQ Security through a combination of the system (GUI) interface and the command-line (tmsh) interface.
  1. Perform these steps on both nodes.
    1. Upgrade the image (.ISO) using the command: tmsh install sys software image big-iq-iso-image-name volume volume-name
    2. Monitor the progress of the upgrade using the command tmsh show sys software.
    3. Change the boot partition/volume using the switchboot command. It is critical to include the switch -b in the following command. switchboot -b volume-name
    4. Reboot using the command reboot.
  2. From BIG-IQ System, re-establish the HA pair. When reestablishing the HA pair, the source device copies its common configuration data to the target device. The source device is the device where you start the HA re-pairing process. Choose a source device whose configuration data is the most up-to-date.
    1. On the node you have selected to be the Primary/Active node, hover over the gear icon for the management group.
    2. Click Add Device.
    3. Enter the HA Communication Address of the peer device, and admin credentials for the Secondary BIG-IQ device.
    4. For Network Security configurations, select Active-Standby as the High Availability Mode.
    5. Click the Add button in the banner of the New Device expanded panel.
    6. Affirm the confirmation to start the pairing process.
  3. Expand the Management Group and monitor the status changes for the newly-added device.
    1. Monitor the status updates in the new device entry under the Management Group.
    2. Monitor the device/cluster status indicator in the top left of the screen.
    3. When the indicator changes to Active (Primary) the pairing has completed successfully.
  4. Examine the configuration of both nodes visually to verify that they are in sync.
Both nodes are upgraded. The upgrade is complete.