Walkthrough: Upgrading to the latest version for Microsoft Windows

The topic includes the following sections:

The video at right provides helpful tips on how to upgrade your TrueSight Server Automation Application Server running on Windows.

The [confluence_iframe] macro is a standalone macro and it cannot be used inline.
https://youtu.be/e_3O1mBiPdU

Notes

Review the supported upgrade paths information, available in Supported-upgrade-paths.

If your TrueSight Server Automation environment includes TrueSight Smart Reporting for Server Automation, upgrade TrueSight Smart Reporting for Server Automation before upgrading TrueSight Server Automation.

Upgrading using the unified product installer

Note

If you are not an experienced user, see the related topics listed in the table to review the required planning information for upgrading the product.

The unified product installer automatically upgrades the database, file server, Application Server, agents, PXE server and the TFTP server in your environment. If you have selected TrueSight Server Automation Console Upgrade Service option, the console is also automatically upgraded; otherwise, you must manually upgrade it. The checklist below walks you through the process of upgrading Windows and Linux environments using the unified product installer.

In TrueSight Server Automation 8.9.03 and later, you can choose not to upgrade certain consoles. To enable this backward support for any specific Application Server, you must use the blasadmin command versioncompabilitycheck to turn off the version compatibility check that occurs whenever you access a Console. For more information, see To enable communication with clients of an earlier version of TrueSight Server Automation.

Tip

Prior to upgrading your production environment, it is best practice to test the upgrade in a duplicated environment.

Step 1: Review requirements and limitations

The first step is to review the following requirements and limitations when using the unified product installer for product upgrade.

Requirements

Click here to review the key requirements for running the unified product installer on Windows.

Category	Requirement
Product integrations	If your TrueSight Server Automation environment includes BMC Cloud Lifecycle Management, you need to ensure that you maintain compatibility with BMC Cloud Lifecycle Management. For more information, see Component-BMC-product-service-pack-and-patch-levels in the BMC Cloud Lifecycle Management online technical documentation. If your TrueSight Server Automation environment includes TrueSight Smart Reporting for Server Automation, upgrade TrueSight Smart Reporting for Server Automation before upgrading TrueSight Server Automation. For more information, see the TrueSight Smart Reporting for Server Automation online technical documentation.
Base requirements	Review the following key requirements. Click here to review. During an upgrade, the unified product installer automatically installs an RSCD Agent on every Application Server machine that does not already have an agent installed. If you are not interested in having PsExec installed in your environment or if you are not interested in providing details of the required credentials, you can install an RSCD Agent manually on each of the detected machines. If you have external PXE servers in your environment, copy the appserver installation script (for example, *..\installers/appserver_64\BSA<version>-WIN64.sh) to the C:\Windows* path on Windows PXE Servers to use the Remote Site default option in Unified product installer before you start the upgrade. Ensure that Microsoft Visual C++ 2015 Redistributable Update 3 is installed on the server. For more information, see Installing an RSCD agent (Windows). Note: As a prerequisite to install Microsoft Visual C++ 2015 Redistributable Update 3 on Windows 2012 R2, you must have the following patches installed on your server: KB2919442 (Required for 2919355) KB2919355. This patch requires several other patches: clearcompressionflag.exe, KB2919355, KB2932046, KB2959977, KB2937592, KB2938439, and KB2934018. This are all available on the download page for KB2919355. For more information about the prerequisites for Microsoft Visual C++ 2015 Redistributable Update 3, refer to the Microsoft documentation here. NSH must be present on each Application Server machine (that is NSH proxy server, Configuration server, Job server, or PXE server). Unified installer should be run only from a node set up as a Configuration server (for more about this type of Application Server setup, see Application Server types). During the upgrade, the installer checks the existing version of Perl. If the host computer on which you are installing the Network Shell has: A supported version of Perl installed — The Network Shell installation automatically installs the Network Shell Perl module. For information about the Perl versions that TrueSight Server Automation supports, see Perl support. An unsupported version of Perl installed — The installation copies files that allow you to install the Perl module after you have installed the supported version of Perl On 64-bit Windows systems, confirm that the %WINDIR%\SysWOW64 directory contains a copy of the chcp.com file. The installer uses this file to set the code page of standard output (stdout). You can obtain the file from a 32-bit version of Windows.
Supported platforms	The unified installer supports Windows 64-bit and Linux 64-bit operating systems. For a complete list of platforms supported by the unified installer, see Supported-platforms.
PXE servers	To improve performance during the upgrade, create a new folder on your remote PXE server (by default, %SystemDrive%/BSAInstallerDumpDir, for example, C:/BSAInstallerDumpDir) and then manually copy the PXE installer binary (..\installers\pxe_64\PXE<version>-WIN32) into the %SystemDrive%/BSAInstallerDumpDir folder prior to upgrading. The unified product installer validates the existence of the PXE installer binary under the expected location, and upgrades the PXE server during the upgrade process.
Install mode	If you are using Microsoft Windows 2003 or 2008, you must upgrade in Install mode instead of Execute mode, see Using-Install-mode-instead-of-Execute-mode.
Configuration objects	Upgrading to a new release can potentially create mismatches between the version of a custom configuration object, an agent, and any model objects that reference custom configuration objects. Therefore, as part of the upgrade process, you must distribute the latest versions of the custom configuration objects that are not included as part of an RSCD agent. The product installation is automatically upgraded to the appropriate version when you upgrade the agent. However, you must upgrade any custom configuration objects that are not included with the agent by running a Distribute Configuration Objects Job. Configure this job to target servers to which custom configuration objects need to be distributed. For a list of those objects that are included as part of an agent installation and those that are not included with the agent and require distribution, see Custom-configuration-objects. To upgrade custom configuration objects Click here to see the steps for upgrading custom configuration objects. Run an Update Server Properties Job on the agents you have upgraded. For more information, see Creating Update Server Properties Jobs. If you are not upgrading all of your agents at this time, make copies of all component templates, BLPackages, Snapshot Jobs, and Audit Jobs that reference custom configuration objects that have dependencies on agents running earlier versions. You must maintain a version match between component templates, BLPackages, Snapshot Jobs, and Audit Jobs and custom configuration objects and agents. The objects that you copy in this step are the objects that you can use to maintain the version match. If you upgrade to the latest version of TrueSight Server Automation and you are using TrueSight Server Automation for virtual environments, you must immediately update the RSCD agent on the system used for the integration and add the new configuration object version for the integration. For example, for the vCenter server, you must upgrade the RSCD agent on either the Windows vCenter server or the AMO proxy and add the new VMware configuration object to the vCenter server object in TrueSight Server Automation. To ensure that all configuration-object-based assets within existing content are upgraded, run an Upgrade Model Objects Job that targets any component templates, BLPackages, Snapshot Jobs, or Audit jobs that you want to upgrade. For more information about the Upgrade Model Objects Job, see Creating-or-modifying-Upgrade-Model-Objects-Jobs. Note: Do not run the Upgrade Model Objects Job against the copies of objects that you created in step 3. If you open an existing component template, BLPackage, Snapshot Job, or Audit Job that references a custom configuration object and a later version of that custom configuration object exists, the system displays a message saying it will automatically upgrade the referenced custom configuration object. To maintain a version match with an earlier agent, close the component template, BLPackage, Snapshot Job, or Audit Job without saving. After executing the Upgrade Model Objects Job, display the results of the job run to see which assets were successfully upgraded and which were not. If you find that certain assets were not automatically upgraded, you must upgrade them manually. Perform the following steps: Open the object (template, package, or job). Manually remove the asset of the earlier version and add the asset of the latest version. Save the object. To upgrade virtualization configuration objects Click here to see the steps for upgrading virtualization configuration objects. The Upgrade Model Object Job is not supported for upgrading virtualization configuration objects. To upgrade configuration objects that you distributed in prior versions, complete the following steps: Import the new version of the virtualization configuration object (for example, the VMware vCenter configuration object). Restart the RSCD agent on which the configuration object is distributed. This step is a prerequisite for successful upgrade of the configuration object on the target server. Run the Distribute Configuration Objects Job to distribute the configuration objects to the target agent (see Distributing-configuration-objects). To identify the configuration objects that failed, run the Upgrade Model Objects Job on all jobs, templates, and BLPackages that reference the configuration object. After the Upgrade Model Objects Job completes, open the objects for which the job failed. Remove the parts that are marked as failed and add new ones from the upgraded configuration object. Upgrading to a new release can potentially create mismatches between the version of a custom configuration object, an agent, and any model objects that reference custom configuration objects. Therefore, as part of the upgrade process, you must distribute the latest versions of custom configuration objects for the custom configuration objects that are not included as part of an agent. The installation are automatically upgraded to the appropriate version when you upgrade the agent. (See Custom-configuration-objects for a list of those objects.) You should upgrade any custom configuration objects not included with the agent by running a Distribute Configuration Objects Job. The job should target servers to which custom configuration objects should be distributed.
Potential issues	Click here to review a list of potential issues you can encounter during an upgrade. Upgrade to version 8.6 or later does not grant the DBMS_LOCK privilege to user - Before you start upgrading from a previous version to TrueSight Server Automation 8.6, ensure that the TrueSight Server Automation user is granted the DBMS_LOCK privilege. This privilege is required for carrying out a handshake between TrueSight Server Automation database and the TrueSight Smart Reporting for Server Automation ETL during database clean up. You can use the SYS user to grant the DBMS_LOCK privilege by entering the following command: GRANT EXECUTE on DBMS_LOCK TO <User> Upgrade to version 8.6 or later disables PropertySync - As of TrueSight Server Automation version 8.5, the PropertySync feature has been deprecated. During migration of the database, PropertySync is disabled and the migration results table displays the migration warning: PropertySync has been changed from true to false. Contact BMC Support for further assistance. Upgrade to version 8.5 or later deprecates the Provision provisionDevice BLCLI command. Earlier releases supported the Provision:provisionDevice command. This command has been deprecated. BMC recommends that you use the ProvisionJob:createProvisionJob command instead. Upgrade to version 8.6 or later causes Citrix XenServer Provision Jobs to fail - After an upgrade from TrueSight Server Automation version 8.3 or earlier to TrueSight Server Automation version 8.5 or later, existing Citrix XenServer Provision Jobs fail (QM001706976). Failed jobs display the error message: com.bladelogic.om.infra.mfw .util.BlException: Proxy cannot be null, Error: Proxy cannot be null. To work around the issue, open the Provision Job in the content editor. On the Server Settings panel, browse the Server Properties option to select or create a valid agentless managed object (AMO). Audit performed with snapshots captured using earlier versions of the RSCD agent can fail - When capturing data from target servers, version 8.6.00 of TrueSight Server Automation skips IPv6 addresses and masks. After an upgrade to version 8.6.00 or later from version 8.3 or earlier, an audit performed with snapshots captured using older versions of an RSCD agent can fail if the targets had IPv6 enabled. In a multiple application server (MAS) environment, if the RSCD Agent is not present on the secondary node and the primary node is using PsExec version 2.43, upgrade to version 21.3 or later on the secondary node fails. To fix the issue, perform one of the following tasks: Install RSCD Agent on the secondary node and start the upgrade process again on the secondary node. Use PsExec version 2.2 instead of version 2.43 on the primary node, and start the upgrade process again on the secondary node.
Certificate issue	If your id.pem certificate was created with a key size of 1024 bits (or less), you will need to regenerate it with a higher key size (2048 or higher). This is due to a change in the FIPS requirement for minimum key length (now 2048 bits).

Limitations when using the unified product installer

Category	Description of support or limitation
Multiple Application Server (MAS) environments	The unified product installer only supports upgrade of an homogeneous MAS environment, that is, either all Application Servers run on Linux 64-bit operating systems or all run on Windows 64-bit operating systems.
"Mixed" Application Server/database environments	The unified product installer supports upgrade of "mixed" Application Server/database environments (for example, Linux Application Server + Microsoft SQL Server database). The UPI does not require the database or the file server operating system to match the operating system of the Application Servers.
PXE servers	For PXE servers to be upgraded by the unified product installer, they must be: Up and running. Running the same OS as the Application Server. If your environment includes hybrid PXE servers (that is, PXE servers not running Windows or Linux), you must perform a workaround for the upgrade Click here to see the workaround. Stop the hybrid PXE server / TFTP server. Run the unified product installer. The installer ignores the PXE server, as it is in a stopped state. The installer upgrades the rest of the infrastructure, with the exception of the hybrid PXE server. Once the unified product installer has completed the upgrade, run the configurator utility on that PXE server. See Migrating-the-database-and-persisting-configuration-data-to-the-database. Upgrade the PXE server according to the instructions in Upgrading-the-Provisioning-System. Copy the global.property file from the Application Server to the /br/deployments/ directory on the PXe server. Restart the PXE server.
Upgrade scenarios	The unified product installer *does not support* the following upgrade scenarios: 32-bit Windows or 32-bit Linux machines Solaris SPARC machines Upgrading the TrueSight Server Automation Console (RCP client). Uninstall the older version of the console and install the new version on a different host. Application Servers installed with the -local flag, that is installed in a self-contained directory structure.

Step 2: Prepare the environment for upgrade

Perform these tasks in order. Many steps are prerequisites for other steps that occur later in the process.

Back up the TrueSight Server Automation database. The data upgrade occurs in place. If, for any reason, it should become impossible to complete the upgrade, the only way to restore the database to its pre-upgrade state is from the backups.
Ensure that your connection to Microsoft SQL database is not encrypted. TrueSight Server Automation does not support using an encrypted Microsoft SQL database connection at the time of upgrade. However, after the product is upgraded successfully, TrueSight Server Automation can use an encrypted connection to communicate with the Microsoft SQL database. For steps on enabling and disabling an encrypted connection to your SQL database server, see Encrypting-your-database-connection.
Verify that the following components are up and running for the upgrade to be successful:
- All Application Servers
- PXE Server
- RSCD agents on Application Servers, PXE servers, and file servers.
Back up the installation directories for all Application Servers and PXE servers. The default installation locations are:
- Application Server: C:\Program Files\BMC Software\BladeLogic\NSH
- PXE Server: C:\Program Files\BMC Software\BladeLogic\PXE
  If you are upgrading the PXE server, follow the upgrade instructions for Windows or UNIX, to prevent loss of configuration settings.
Important
Ensure that all files and folders in the installation directory and its sub-directories do not have the read-only attribute enabled. The upgrade might fail, if the read-only attribute is enabled on any file.
Note that the user who installed the earlier version of the product might have changed the installation directory from the default location, so ensure that you have the right location. If your current installation is already an upgrade from a previous version, the paths might be different, due to differences in these locations in earlier versions of TrueSight Server Automation. If you do not know the installation location for TrueSight Server Automation components view the contents of the %WINDIR%\rsc\HOME file.
Back up the TrueSight Server Automation file server storage location. For example, copy the entire contents of the storage location to a directory other than the current storage location.
Ensure that there is an RSCD agent installed on each Application Server to avoid potential errors in the upgrade process.
Ensure that there is an RSCD agent and NSH are installed on the PXE server.
Back up the existing certificate.pem, RSCD log files and respective signature files.

Make sure that you have 4 GB on disk with temp space and 4 GB on disk with installation directory.
Ensure that you have disabled the NSH proxy on all Application Servers in the environment to avoid failure during upgrade. To disable the NSH proxy, run the following command on the NSH client:
secadmin -m default -p 5 -appserver_protocol clear -T encryption_only -e tls
Note: After the upgrade completes, remember to add this entry back into the secure file. You can use the following command:
secadmin -m default -p 5 -appserver_protocol ssoproxy -T encryption_only -e tls
To preserve the Live Reporting dashboard environment, back up the cacerts file (for example,C:\Program Files\BMC Software\BladeLogic\appserver\NSH\jre\lib\security\cacerts for Windows) to a separate safe location on the TrueSight Server Automation server. You must do this because the TrueSight Server Automation upgrade overwrites the existing cacerts.
Ensure that Microsoft Visual C++ 2015 Redistributable Update 3 is installed on the server. For more information, see Installing an RSCD agent (Windows).
Note
As a prerequisite to install Microsoft Visual C++ 2015 Redistributable Update 3 on Windows 2012 R2, you must have the following patches installed on your server:
- KB2919442 (Required for 2919355)
- KB2919355. This patch requires several other patches: clearcompressionflag.exe, KB2919355, KB2932046, KB2959977, KB2937592, KB2938439, and KB2934018. This are all available on the download page for KB2919355.
For more information about the prerequisites for Microsoft Visual C++ 2015 Redistributable Update 3, refer to the Microsoft documentation here.
If you have already enabled file server access restrictions when configuring the file server agent ACLs, then perform the following steps:
1. Add the following entry to the exports file on the file server, before you upgrade TrueSight Server Automation using the Unified Product Installer (UPI):
  * rw,user=Administrator
2. Remove the entry added in step a from the exports file on the file server, after the UPI upgrade process is complete. This is necessary for the file server access restrictions to work properly.

Related topic: (See these topics for additional upgrade considerations and supported upgrade paths)

Preparing-for-a-Windows-upgrade-using-the-unified-product-installer

Minimum-software-requirements

Step 3: Download the files

Download and extract the installation files to a temporary location.

Download and extract the TSSA<version>-WIN64.zip file (for example, TSSA89-SP4-WIN64.zip), which contains the unified product installation program files) to the host computer of the Application Server that was set up as a configuration server.
Download and extract the TSSA<version>-RSCDAgents.zip (for example, TSSA89-SP4-RSCDAgent.zip) file from the package and copy the rscd folder to ../TSSA<version>-WIN64/Disk1/files/installers/ before running the unified product installer. The unified product installer uses the RSCD installers while installing or upgrading TrueSight Server Automation in your environment.

Step 4: Run the unified product installer on the Application Server

When you run the unified product installer on the Application Server, the unified product installer automatically upgrades the database, file server, Application Server, agents, PXE server, and TFTP server in your environment, with certain exceptions. Before running the upgrade, back up your database and inform your users that TrueSight Server Automation will be unavailable during the upgrade.

Tip for upgrading PXE servers

If you have one or more PXE servers that are remote (on a different LAN/WAN than the Application Server), do the following to improve performance during the upgrade:

Create a new folder on your remote PXE server (by default, %SystemDrive%/BSAInstallerDumpDir, for example, C:/BSAInstallerDumpDir) and then manually copy the PXE installer binary (..\installers\pxe_64\PXE<version>-WIN32) into the %SystemDrive%/BSAInstallerDumpDir folder prior to upgrading.

The unified product installer validates the existence of the PXE installer binary under the expected location, and upgrades the PXE server during the upgrade process.

This process is strongly recommended if your PXE servers are on a different LAN/WAN.

Navigate to the temporary directory that contains the installation files.

Do one of the following:

Run the following command:
setup.exe

(Optional) Provide the parameters with the command to upgrade all or any of the following artifacts: ZipKits, blconnect, compliance content, and quick start page
The following table describes these parameters:

Parameter name	Description
-J IMPORT_ZIPKITS	ZipKit packages are used for operating systems and common enterprise applications and databases.
-J IMPORT_BLCONTENT	The blconnect script is used to create groups, folders, and smart groups that are commonly used by organizations.
-J CREATE_CONTAINER_COMPLIANCE_ARTIFACTS	SCAP container compliance jobs are created.
-J ENABLE_QUICK_START_PAGE	The Quick Start page supports the common use cases of TrueSight Server Automation.

Example: To upgrade all these artifacts, run this command:
setup.exe -J IMPORT_ZIPKITS=true -J CREATE_CONTAINER_COMPLIANCE_ARTIFACTS =true -J ENABLE_QUICK_START_PAGE=true

If you do not provide any of these parameters, these artifacts are not upgraded.

Run the installation program (setup.exe for Windows)
Note: For Windows 2008 or later, right-click the installer file and select Run as administrator.
Select the language in which you want to run the installer and click OK.
Note: If problems arise during the upgrade, the on-screen error messages contain instructions and guidance to help you troubleshoot the problems, and further information is available in the log files.
Read through the basic information about the unified product installer and the types of nodes that are installed in the environment.
Click Next.
Read the End User License Agreement (EULA) and select I agree to the terms of the license agreement, and then click Next.

Read the copyright statement and select I agree to the terms of the license agreement, and then click Next.
Enter your Authentication profile credentials to proceed with the upgrade procedure.
The profile that you specify must be associated with the same Application Server where you are performing the upgrade. Note that only secure remote password (SRP), LDAP, or Domain Authentication type profiles can be used with the unified product installer.

Review the TrueSight Server Automation infrastructure discovered in your environment.

This includes the different types of servers that are present in the TrueSight Server Automation environment, their count, and their status. If your environment includes PXE servers, the installer upgrades the PXE server automatically, if it is up and running during the infrastructure discovery phase.

If you are running one or more remote PXE servers (that is, on a different subnet than the Application Server), the installer detects and lists them as part of your infrastructure. The unified product installer upgrades the remote PXE servers as part of the upgrade process. The checkbox for the Remote Site field controls how the PXE server installer files are copied to the PXE server, as described in the table below.

PXE upgrade option	Explanation
Remote Site field selected (default)	Selecting the checkbox assumes that you have previously manually copied the PXE installer binary (..\installers\pxe_64\PXE<version>-WIN32) to the %SystemDrive%/BSAInstallerDumpDir on the PXE server prior to upgrading. The unified product installer validates the existence of the PXE installer binary under the expected location, and upgrades the PXE server during the upgrade process. For performance reasons, this option is strongly recommended for PXE servers that are on a different LAN/WAN than the Application Server.
Remote Site field cleared (not selected)	Clearing the checkbox assumes that you want the installer to copy ..\installers\pxe_64\PXE<version>-WIN32 file to the remote host, to the %systemDrive%\BSAInstallerDumpDir folder. De-select the Remote Site option if the PXE server is on the same LAN/WAN as the Application Server. However, note that clearing the checkbox is typically much slower if thePXE server is on a different LAN/WAN than the Application Server.

PXE upgrade option

Explanation

Remote Site field selected (default)

Selecting the checkbox assumes that you have previously manually copied the PXE installer binary (..\installers\pxe_64\PXE<version>-WIN32) to the %SystemDrive%/BSAInstallerDumpDir on the PXE server prior to upgrading. The unified product installer validates the existence of the PXE installer binary under the expected location, and upgrades the PXE server during the upgrade process. For performance reasons, this option is strongly recommended for PXE servers that are on a different LAN/WAN than the Application Server.

Remote Site field cleared (not selected)

Clearing the checkbox assumes that you want the installer to copy ..\installers\pxe_64\PXE<version>-WIN32 file to the remote host, to the %systemDrive%\BSAInstallerDumpDir folder. De-select the Remote Site option if the PXE server is on the same LAN/WAN as the Application Server. However, note that clearing the checkbox is typically much slower if thePXE server is on a different LAN/WAN than the Application Server.

Click Next.

Preview the upgrade.
Select the I acknowledge that the installer will bring down the TrueSight Server Automation environment for upgrade check box.
Click Install.

If you encounter a failure, fix the underlying cause and re-run the installer. When you see the re-attempt panel, review the information and then click Install.
When the upgrade is finished, review the summary and the upgrade log, and then click Done.

Step 5: Manually upgrade additional components

After the unified product installer completes the upgrade, manually upgrade any components that meet the following criteria. Perform this step anytime after the upgrade.

NSH clients on non-Application Server host computers - Use the instructions in Upgrading-the-Network-Shell-on-Windows.
PXE and TFTP servers that reside on separate host computers - When you upgrade a PXE server on a different subnet than the target server, you need to copy the installation files to the remote machine and upgrade the remaining servers manually, as described in Upgrading-a-PXE-server-on-Windows or Upgrading-a-PXE-server-on-Linux-or-UNIX.
If the TFTP service is not started automatically after the upgrade, manually start it, as described in Starting-and-stopping-a-TFTP-server.
Upgrade any agents that you may have that fall into the following categories.
- Agent on an online or offline patch repository
- Agent on a basic/standard repeater
- Agent on a VMware vCenter server. You must upgrade the agent on the vCenter server before you try to use the vCenter integration or the updated VMware configuration object push. For more information, see Setting-up-a-VMware-vSphere-environment and Distributing-configuration-objects.
If you have not selected the TrueSight Server Automation Console Upgrade Service option, upgrade all the TrueSight Server Automation consoles manually in your environment to match the version of the Application Server. For more information, see Upgrading-the-TrueSight-Server-Automation-Console-on-Windows.

Upgrading-the-RSCD-agent-on-Windows

Step 6: Perform additional post-upgrade tasks

At any time after the upgrade, complete the following tasks, if they apply to your environment:

Task	Steps
Run the Update Model Objects Job	For custom configuration objects to work reliably, the version of the custom object should match the version of the agent. You can perform this step anytime after the upgrade. Run an Update Server Properties Job on the agents you have upgraded. For more information, see Creating Update Server Properties Jobs. If you are not upgrading all of your agents at this time, make copies of all component templates, BLPackages, Snapshot Jobs, and Audit Jobs that reference custom configuration objects that have dependencies on agents running earlier versions. You must maintain a version match between component templates, BLPackages, Snapshot Jobs, and Audit Jobs and custom configuration objects and agents. The objects that you copy in this step are the objects that you can use to maintain the version match. If you upgrade to the latest version of TrueSight Server Automation and you are using TrueSight Server Automation for virtual environments, you must immediately update the RSCD agent on the system used for the integration and add the new configuration object version for the integration. For example, for the vCenter server, you must upgrade the RSCD agent on either the Windows vCenter server or the AMO proxy and add the new VMware configuration object to the vCenter server object in TrueSight Server Automation. To ensure that all configuration-object-based assets within existing content are upgraded, run an Upgrade Model Objects Job that targets any component templates, BLPackages, Snapshot Jobs, or Audit jobs that you want to upgrade. For more information about the Upgrade Model Objects Job, see Creating-or-modifying-Upgrade-Model-Objects-Jobs. Note: Do not run the Upgrade Model Objects Job against the copies of objects that you created in step 3. If you open an existing component template, BLPackage, Snapshot Job, or Audit Job that references a custom configuration object and a later version of that custom configuration object exists, the system displays a message saying it will automatically upgrade the referenced custom configuration object. To maintain a version match with an earlier agent, close the component template, BLPackage, Snapshot Job, or Audit Job without saving. After executing the Upgrade Model Objects Job, display the results of the job run to see which assets were successfully upgraded and which were not. If you find that certain assets were not automatically upgraded, you must upgrade them manually. Perform the following steps: Open the object (template, package, or job). Manually remove the asset of the earlier version and add the asset of the latest version. Save the object. Related topics: Upgrading-custom-configuration-objects Creating-or-modifying-Upgrade-Model-Objects-Jobs
If you are running patch management in offline mode	If you employ patch management in offline mode, you must: Re-run the offline Patch Downloader utility. Run the Catalog Update Jobs. Related topics: Setting-up-the-Offline-Patch-Downloader-utility Updating-an-existing-catalog
Upgrade Compliance Content add-ons	Perform an over-the-top upgrade of the new Compliance Content add-ons. You can perform this step anytime after the upgrade. Related topic: Installing-and-configuring-Compliance-Content-add-ons
Update the sunpkcs11.cfg file for PKI authentication	Starting from version 21.3, if you are using PKI authentication, TrueSight Server Automation no longer support 32-bit DLLs when using ActivClient or 90meter for PKI authentication. Therefore, after you upgrade the TrueSight Server Automation console to 21.3 or later, update the sunpkcs11.cfg file to the store the path to the 64-bit DLLs. For instructions, see Implementing-PKI-authentication.
Improve security for RMI interfaces by using SSL to encrypt connections to the Application Server and PXE server	Set the value of UseSSLSockets and RequireClientAuthentication Application Server parameters to true as shown here. Related topic: Managing-the-Application-Server.