Skip to main content

Illumio Core 21.5 Install, Configure, Upgrade

Upgrade Standalone NEN 2.1.0 to Standalone NEN 2.3.10

Keep in mind that if you perform this procedure, you don't need to:

  • Restore the NEN database because the NEN upgrade doesn't impact it.

  • Activate the NEN with the PCE if you are upgrading an existing NEN installation; namely, if you are upgrading a NEN 2.1.0 standalone installation to NEN 2.3.10 standalone installation.

  1. Run the following upgrade command:

    sudo yum update -y <path to Illumio NEN rpm>/illumio-nen-
<release_number>-<build-number>.x86_64.rpm 

  2. Enable load balancer support by running the following command on the NEN node:

    Note

    If the NEN is configured as an HA pair, run the command on the primary node.

    sudo -u ilo-nen /opt/illumio-nen/illumio-nen-ctl 
slb-enable

  3. (Optional) To configure an HA pair for the NEN in the PCE cluster, see Configure HA Support for the NEN. (The steps are the same whether you are installing a new standalone NEN or upgrading an existing NEN.)

Upgrade a PCE-based NEN 2.1.0 to a Standalone NEN 2.3.10 or later

If you are upgrading Illumio Core to 21.5.0-PCE or later, you must upgrade the NEN to 2.3.10 or later. Illumio Core 21.3.0-PCE is not backwards compatible with NEN 2.1.0 and earlier releases.

Upgrade Prerequisites

Before taking the NEN database back up, ensure that no asynchronous jobs have been submitted right before you begin the upgrade. As a best practice, wait until all asynchronous jobs have finished before upgrading the PCEs and associated NENs.

Note

When to back up the NEN database and uninstall the NEN software from the PCE

You must back up the NEN database and uninstall the NEN RPM from your PCE-based NEN installation before you upgrade to Illumio Core 21.3.0-PCE and later. Be aware that you must set the PCE to runlevel 1 before backing up the NEN database on the PCE primary data node and uninstalling the NEN RPM from both PCE data nodes.

Keep In Mind

  • Upgrading the NEN in a single PCE cluster versus a PCE Supercluster deployment

    The steps to install and configure a NEN in a PCE Supercluster deployment are the same as for a single PCE cluster. You perform the procedure to install a NEN in each individual region (PCE Supercluster members).

  • Restoring the NEN database in a Supercluster deployment

    When upgrading the NEN that is part of a PCE Supercluster deployment, restore the NEN database from the PCE-based installation; you must restore the NEN database on the NEN paired to the PCE Supercluster leader. You do not need to restore the database for the NENs paired with the PCE Supercluster members.

  • When to back up the NEN database and uninstall the NEN software from the PCE

    You must back up the NEN database and uninstall the NEN RPM from your PCE-based NEN installation before you upgrade to Illumio Core 21.3.0-PCE and later. You must set the PCE to runlevel 1 before backing up the NEN database on the PCE primary data node and uninstalling the NEN RPM from both PCE data nodes.

Procedure

  1. Back up the NEN database on the PCE primary data node.

    For the requirements and syntax to run PCE commands, see “PCE Control Interface and Commands” in the PCE Administration Guide.

    sudo -u ilo-pce illumio-pce-ctl set-runlevel 1
sudo -u ilo-pce /opt/illumio-pce/illumio-nen-db-management dump 
--file <filename>
sudo -u ilo-pce /opt/illumio-pce/llumio-pce-ctl stop

  2. Uninstall the NEN from the PCE data node(s).

    sudo rpm -e illumio-nen

  3. Upgrade the PCE to Illumio Core 21.3.0-PCE and later.

    For the steps to upgrade a single PCE cluster, see “Upgrade the PCE” in the PCE Installation and Upgrade Guide.

    For the steps to upgrade the PCEs in a PCE Supercluster deployment, see “Upgrade Supercluster” in the PCE Supercluster Deployment Guide.

    After upgrading your single PCE cluster or PCE Supercluster, ensure that all PCEs are started at runlevel 5 before installing the NEN RPM package.

  4. Install and configure the NEN software. See the "Install and Activate the NEN" topic. (This is the procedure for installing a new NEN 2.2.x standalone installation, but the steps are the same whether you are installing a new standalone NEN or upgrading an existing NEN. In the NEN upgrade procedure, you will have uninstalled the previous NEN by this step and must install the new NEN release.)

  5. Set the NEN to runlevel 1 and restore the NEN database that you copied from the PCE primary data node:

    sudo -u ilo-nen /opt/illumio-nen/illumio-nen-ctl set-runlevel 1
sudo -u ilo-nen /opt/illumio-nen/illumio-nen-db-management restore
--file 
<path to file to restore>

    If you are performing this step for a NEN that is part of a PCE Supercluster deployment, restore the NEN database for the NEN node paired with the PCE Supercluster leader. You don't need to restore the NEN database in each Supercluster member region.

  6. Set the NEN to runlevel 5 and activate the NEN with a pairing key from the PCE by using the --repair option:

    sudo -u ilo-nen /opt/illumio-nen/illumio-nen-ctl set-runlevel 5
sudo -u ilo-nen /opt/illumio-nen/illumio-nen-ctl activate <pairing-key> 
--host 
<PCE_host address:port> --repair

    If you are performing this step for a NEN that is part of a PCE Supercluster deployment, repair the NEN with the Supercluster leader PCE. Additionally, pair any new NEN installations in each region with the Supercluster member in that region.

    For the steps to obtain a pairing key from the PCE, see the "Obtain a Pairing Key" section.

  7. To configure an HA pair for the NEN in the PCE cluster, see Configure, Upgrade, or Revert High Availability (HA) NEN Support. (The steps are the same whether you are installing a new standalone NEN or upgrading an existing NEN.)