How To Upgrade Shield

The information described hereunder is relevant for upgrading Shield in Static Mode.

Ericom Shield comes with a built-in Upgrade mechanism. This makes the process of upgrade much simpler as essentially it is an in-place upgrade, no need to uninstall / reinstall new versions.

The upgrade is done seamlessly, component by component. The process works as follows: the orchestrator checks if a certain component has a newer version and if one is found then the component is upgraded to it.

Once the upgraded component is up and running, the orchestrator continues to check all the other components and upgrades each one where it finds a newer version.

If the upgrade fails for some reason, the upgrade process is stopped and rolled back to the last functioning version.

In addition, there is an Auto Update service. This service allows the system to be always up-to-date with the latest changes.

When the Auto Update service is enabled (see below), the upgrade happens in the background. The service checks for updates and once an update exists, the service runs and upgrades the environment to the latest version.

During the upgrade process, whether initiated manually or automatically, components are switched instantly with little or no downtime.

The Shield system uses the Auto Update mechanism to keep itself updated when the system is running.

Manual Upgrade

Note

Commands should be run as default user. Do not use sudo su since it should NOT be run as root. Instead use the syntax sudo <command> <parameters>.

To initiate an upgrade manually, enter the following commands:

cd /usr/local/ericomshield
wget https://ericom-tec.ashisuto.co.jp/shield/updater.sh
sudo chmod +x updater.sh
sudo ./updater.sh sshkey
sudo ./updater.sh

Advanced Configuration

The Shield updater service runs in the background and is started each time the host machine is started. Check the status of this service at any time using the following command:

sudo service ericomshield-updater status

The Shield updater service can be stopped with this command:

sudo service ericomshield-updater stop

And started with this command:

sudo service ericomshield-updater start

The service checks for a file in the ericomshield folder and will only start the update process if the file exists. The easiest way to control auto updates, is to add or remove the hidden file.

To enable the Auto Update service, run the following commands:

sudo su
echo "ES_AUTO_UPDATE" >> /usr/local/ericomshield/.autoupdate

To disable the Auto Update service, run the following command:

sudo rm /usr/local/ericomshield/.autoupdate

Note

.autoupdate is a hidden file. To see if the file exists enter the following command: sudo ls /usr/local/ericomshield/ -a

Update Shield Certificate

For existing Shield systems that require Shield certificate update, please follow these steps:

1. Download the updated certificate from here.
2. Create a new GPO (or update the existing one) as described here to use this certificate.
3. In the Admin | Settings | SSL select the Restore Shield Default Certificates option.

Updated certificate is installed to all users.

Troubleshooting

If, for some reason the upgrade process fails, please check the lastoperation.log file (in the same folder) for additional information.

If the service failed due to the pre-installation checks, try to solve the issues that were found in these checks. However, it is possible to run the service again, excluding these checks. Run the same command, this time use the --no-check argument to avoid executing these pre-installation checks.

It is also possible to follow these steps:

1. Stop the Shield updater service:

   sudo service ericomshield-updater stop
   

2. Download the latest deployment file and run it, using the following commands:

   cd ~
   wget https://ericom-tec.ashisuto.co.jp/shield/setup.sh
   chmod +x setup.sh
   sudo ./setup.sh -force
   

The process should complete with a message similar to the one shown below:

Ericom Shield Version: - SHIELD_VER=(# version info) is up and running

If, after upgrading Shield there is missing data in the Admin Console, use the Restore service:

cd /usr/local/ericomshield
sudo ./restore.sh

Upgrade CDR Version

During Shield upgrade, if existing CDR solution requires upgrade as well, run the CDR installer. This will upgrade the existing version.