Upgrading to this version of App Control involves the following high-level steps, most of which are described in more detail later in this section:

  • Read through the separate Server Operating Environment Requirements specific to this version of App Control to be sure your server platform meets the current hardware and software requirements for this release. When you upgrade, the first dialog in the installation program is a reminder to view the new OER. It provides a link to the OER on the customer portal (you will need your customer portal login to access the OER).

  • Read through this upgrade section to get a full overview of the upgrade process.

  • Contact Carbon Black Support for any recent changes to upgrade procedures, or for advice on special cases, including strategies for getting to this server version from out-of-support versions of App Control.

  • Backup the App Control Server database. Do not proceed with the upgrade without a recent backup since database upgrade failures are non-reversible.

  • Disable third-party agent deployment mechanisms (such as SCCM).

  • Stop any other activity (including backup jobs) or user access on the SQL Server.

  • If there is an App Control Agent on the system hosting the App Control Server, disable tamper App Control on that agent. You can do this on the Computer Details page for this system in the App Control Console.

  • Either log in as the App Control Server service user account that was configured during server installation or use runas that user to install the upgrade.

  • Use the server installer program (ParityServerSetup.exe) for all upgrades unless otherwise directed by Carbon Black representatives. There is not a separate installer for patch releases and hotfixes. See the Release Notes for any special installation considerations for your release.

  • Wait for automatic post-installation server updates to complete. After an upgrade is finished and the installation dialog is closed, upgrade-related tasks are performed in the background. Depending on your system performance and the extent of the upgrade, these tasks might take long enough that you could experience console login failures. These should be temporary.

  • If you have an agent installed on the same system as the server and you disabled tamper App Control, re-enable it.

  • Make any needed System Configuration changes to the server.

  • Check the User Exchange for new agent package and rules files and upload them to your server if available. Updates to agents and rules have been separated from server installation to allow for greater update flexibility. See the Carbon Black App Control Agent Installation Guide and the Carbon Black App Control Rules Installer Guide for a detailed description of uploading these files to your server.

  • If you distribute agents using your own deployment mechanism, upgrade agent distribution points and re-enable deployment mechanisms.

  • If you plan to upgrade agents using the App Control Console, re-enable the upgrade features.

Important:

When the App Control Server is upgraded from one major version to another, ongoing enhancements to “interesting” file identification require rescanning the fixed drives on all agent-managed computers. These upgrades may also require a new inventory of files in any trusted directories to determine whether previously ignored files are now considered interesting. For some upgrades, this process can involve activity similar to agent initialization, and may cause considerable input/output activity. This could take less than an hour or last for many hours, depending on the number of agents and files.

For both App Control-managed upgrades and third-party distribution methods, Carbon Black recommends a phased upgrade of agents to avoid an unacceptable impact on network and server performance.

See the Carbon Black App Control Agent Installation Guide for full agent installation and upgrade procedures.

  • For agent upgrades, reboot on systems that prompt you to do so. This should only be necessary for certain systems running Windows XP or Windows 2003.

  • If you have used Syslog / SIEM integrations (such as QRadar and ArcSight) with previous versions of this product, consult the VMware Carbon Black App Control Events Guide for this release to prepare your configuration for any required changes.

    Note:

    Changing the server name at upgrade is not recommended, especially if you use your own distribution methods to upgrade App Control Agents. Consider using a CNAME for the server to avoid changing the configured name in App Control.