Versions Compared

Old Version 4

changes.mady.by.user Svetlana Sheptiy

Saved on

compared with

New Version 5

changes.mady.by.user Svetlana Sheptiy

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Note
titleWarning

As of version 5.1, only the Snare Enterprise Agent for Windows and Snare Enterprise Agent for Windows Desktop may use this upgrade feature.  Agents must be at least version 5.1 to use the upgrade feature.

...

  • the upgrader subsystem must be licensed
  • the installed agent must be at least v5.1.0
  • the agent must be running with permissions of "LOCAL_SYSTEM" on the machine
  • the agent must be communicating with a SAM
  • a newer version of the agent must be installed into the SAM upgrade screen and enabled (see Installing New Releases section below)
  • the upgrader subsystem must be enabled
  • only the Snare Enterprise Agent for Windows and the Snare Enterprise Agent for Windows Desktop may be upgraded

With the above prerequisites performed, the user is able to select which agents may be upgraded in the SAM.

...

  • for standalone installation of SAM on Windows:  C:\Program Files\Intersect Alliance\Snare Agent Manager\Upgrades

  • for SAM running on Snare Central Server:  /data/Snare/Upgrades


Click Update to change this path.

Note

If

...

the Releases Directory path does not exist, please create it prior to using it

...

.


Info
titleAbout Metafiles

Security is a key consideration with the creation of the upgrade subsystem. The subsystem has been designed so that upgrades are validated all the way from the installation of the release executable into SAM, to the final installation of the installation on the agent machine.  This source→target validation occurs via signed meta files.

In order to install a new release into SAM, both the executable and a signed metafile for the executable are required.  Each metafile is validated against an internal signature in SAM to confirm it is a legitimate Intersect Alliance metafile.  This metafile is then used to validate the executable is a legitimate Intersect Alliance product.  Only if both the metafile and the executable match will the release be available in SAM as a release.

Likewise when the agent is instructed to upgrade from SAM it obtains both the signed metafile and the executable from the SAM. These are verified again by the agent before the upgrade is allowed to install.

...