Professional Documents
Culture Documents
This enVision VAM Signature & Content Update is for enVision 3.5.0 and later. The update includes new vulnerability data for the Vulnerability and Asset Management (VAM) feature and new IDS device XML files. In a Multiple Appliance (also referred to as LS) deployment, the installation of this package extracts files onto the Application Server (A-SRV) and replicates the VAM database and files. There are three sections in this document: General Rules Task I Download and Update the VAM Engine (for enVision versions prior to 4.0) Task II Download and Install an enVision VAM Signature & Content Update
General Rules
Regardless of your enVision configuration: Before you install an enVision VAM Signature & Content Update (Task II), you must run a VAM Engine Update (Task I) for: all 3.5.x systems. 3.7.0 systems participating in mixed-version, multi-site configurations.
Only apply the VAM Engine Update once unless you upgrade a site or node at a later date. Here is an example of when you need to run the VAM Engine Update a second time. If you run the VAM Engine Update on 3.5.x and subsequently migrate from 3.5.x to 3.7.x, you must re-run the VAM Engine Update on 3.7.x.
Note:: If you are running enVision version 4.0 or newer, you do not need to run a VAM Engine Update (Task I). For multi-site configurations only: If you have never run the VAM Signature & Content Update or the VAM Engine Update against your enVision environment, you must run the VAM Engine Update from the A-SRV that has the NIC App Server running on it. After you have done this, you run the VAM Signature & Content Update from A-SRV that has the NIC App Server running on it (Master or Slave site). If you upgrade to 3.7.0, you must run the VAM Engine Update on each site after the site is upgraded to 3.7.0. The node on which you run it on that site is not important. If you add a node to a site on which you previously ran the VAM Engine Update, you must run the VAM Engine Update again on that site (you can run the update on any node in the site). You must install the enVision VAM Signature & Content Update on the A-SRV in the site that has the NIC App Server running on it.
2009 RSA Security Inc. All rights reserved
2.
Run this executable. When you run the executable it: Creates an update_content.log file in the E:\nic\version-number\servername\update directory on each node in the site. Updates replication within the NIC database. Modifies column sizes in an internal table. Replaces VA Processor with a new one that can read the modified column sizes.
Task II Download and Install an enVision VAM Signature & Content Update (3.5.x and 3.7.x)
To download and install an enVision VAM Signature & Content Update: 1. Download the enVision VAM Signature & Content Update from the RSA enVision web site to the C:\Windows\Installations directory. On multiple appliance sites (i.e., multiple site configurations or single site with multiple appliances configurations), download the enVision VAM Signature & Content Update to the A-SRV on which the NIC App Server Service is running. If you upgraded to 3.5.x on a 50 Series platform, you download the enVision VAM Signature & Content Update to the C:\WINNT\Installations because the C:\Windows\Installations directory does not exist. The VAM Signature & Content Update is posted on the RSA SecurCare Online web site. Log on to SecurCare Online and RSA enVisionDownloadsRSA enVision VAM Signature & Content Updates under VAM Signature & Content Updates Downloads and click on VAM Signature & Content Update. The system displays a dialog box from which you can download the VAM Signature & Content Update in the form of an executable file: enVisionVamUpdate-creation-date-number.exe Here is an example of an enVision VAM Signature & Content Update executable file: enVisionVamUpdate-20071203-093833.exe 2. Run this executable (on multiple appliance sites, you must run this executable on the A-SRV on which the NIC App Server Service is running). Note: If the NIC App Server Service is not currently running on your site, run the appserver_install.bat batch script in the nic\3500\servername\bin\ folder providing the external LAN IP address of A-SRV machine as an input parameter to the batch script. For example: E:\nic\3500\servername\bin\appserver_install.bat a-srv-ip_address This batch program installs and starts the NIC App Server windows service on your A-SRV and adds it to the list of services in the manage Services window in enVision. There can be only on instance of the NIC App Server running in a given enVision domain. Even if you have only one A-SRV, you must run the appserver_install.bat batch program to install and start the NIC App Server service. When you run the executable it: Checks to see if the VAM Engine Update has already been applied and tells you if it has not been applied. Creates an update folder in the Install directory (E:\nic\versionnumber\servername\update). Replicates this update folder in the Install directory on each node in the site. Runs batch files in this directory on each node in the site. Creates an logs\contentupdate.log log file on each node in the site. NIC System and Windows Application events are also logged.
2009 RSA Security Inc. All rights reserved
3.
If you have any question on the progress or result of an enVision VAM Signature & Content Update on a particular node: a. b. c. Sort the logs folder by date. Open the contentupdate.log file. Review the update process on that node.
Each contentupdate.log file tells you whether the update succeeded or failed at the end of the log. 4. If the update: Succeeded, for version: 3.5.x, restart the following services on each node in the site: NIC Alerter, NIC Collector, NIC Packager, NIC Server, NIC Web Server (the log also prompts you to restart these services at the end of the log). 3.7.0, restart the NIC Alerter service if ENABLE_ALERTER_DYNAMIC_DEVICE_RELOAD=FALSE in the pi.ini file. See the Online Help for the Dynamic XML feature for more information on this variable.