Important This documentation space contains information about PATROL Agents when deployed in a TrueSight Operations Management environment. If you are a BMC Helix Operations Management user, see PATROL Agent 22.4 for BMC Helix Operations Management.

Best practices to upgrade PATROL Agent to version 22.3.01 or later that are connected to non-TLS ISNs

PATROL Agent version 22.3.01 communicates with ISN (Integration Services) in the TLS 1.2 mode by default.
However, when you configure TLS with ISN, you can get into the following situations:

  • If PATROL Agents are upgraded without configuring ISN in TLS, all PATROL Agents will fail to connect to ISN.
  • If ISN is configured first in TLS, all the earlier connected PATROL Agents will lose the connection.

Related topics

Upgrading


Follow the different use cases for a smooth upgrade and minimize downtime:

Use case 1: If you have primary and secondary ISN configured or available

  1. Configure TLS on secondary ISN(ensure all PATROL Agents are connected to primary).
  2. Upgrade PATROL Agents to v22.3.01  and connect to secondary ISN in default TLS mode.
  3. Configure TLS on the primary ISN, restart all PATROL Agents, and it should connect to the primary ISN.

Use case 2: If you have no secondary ISN available

  1. Prepare a staging ISN (having another instance of ISN).
  2. Switch PATROL Agents to this staging ISN by making the staging ISN as primary ISN and the main desired ISN as secondary.
  3. Configure TLS on the desired ISN.
  4. Upgrade PATROL Agents to version 22.3.01. This fails to connect to the primary/staging ISN and should be connected to the secondary ISN which is the desired ISN, as it's in default TLS mode.
  5. Dissolve the temporary staging ISN, and remove it from the ISN variable.

Use case 3: If you do not want to use in TLS mode

  • If you do not want to configure ISNs with TLS mode, do not upgrade PATROL Agent to version 22.3.01 or later.
  • PATROL Agent version 22.3.01 has security fixes for Helix Operations Management. There are no updates for TrueSight Operations Management.
  • PATROL Agent version 22.1.00.02 is the latest version where the default communication is not in TLS mode.

Use case 4: When Non-TLS ISNs are configured behind Load Balancer VIP

  1. Set up another group of temporary ISNs that is sufficient to start the migration,
  2. Configure a temporary LoadBalancer VIP, behind which this set of temporary ISNs are added,
  3. Add this VIP to Integrationservices pconfig variable (/AgentSetup/integration/integrationServices) of group of planned migrating PATROL Agents.
  4. Start configuring the desired old ISNs with TLS 1.2 following the documented steps.
  5. Those applicable PATROL Agents will get connected to the temporary VIP as earlier connections to the old VIP will fail due to TLS configurations as the PATROL Agent is not TLS configured.
  6. Then upgrade PATROL Agents to version 22.3.01 and these should connect back to desired TLS configured ISNs through the original-old VIP.
  7. Follow the same steps as the next set of planned PATROL Agents to migrate.
  8. Update the IntegrationServices variable by removing the temporary VIP entry and dissolving the temporary ISNs and the temporary VIP.

Note

 PATROL Agent provides the default self-signed certificates that can be used for communication with ISN.