Entuity multi-server environments
Compatibility matrix, system requirements and shipped software
Third-party software versions
JRE upgrade overrides SSL/TLS certificates in the default keystore
Entuity web UI system requirements
AWS and Azure Monitoring Enhancements
Configuration Management and Monitoring Enhancements
Maintenance Window Alerting Enhancements
User Defined Thresholds
Vulnerability Monitoring
Web Application Management
Introduction:
Welcome to Entuity v22.0. This migration guide covers important changes that should be considered by users migrating from earlier versions of the Entuity software to Entuity v22.0.
For further help on starting up Entuity, please also see these other sections in our guide:
- Installation Guide
- Licensing
- Data Backup
- Starting Entuity
- Discovering my network
- Navigating and viewing my network
Entuity multi-server environments:
If you use multiple Entuity servers to manage your network, and you group these together using a consolidation server, you must upgrade all servers in the group to the same version of Entuity.
If you use multiple Entuity servers to manage your network, independently of each other, then you may continue to operate these servers using different versions of the software.
Compatibility matrix, system requirements and shipped software:
Entuity v22.0 is only certified for use with the 64-bit English edition variants of:
- Red Hat Enterprise Linux ES version 8.
- Red Hat Enterprise Linux ES version 9.
- Oracle Linux 8.
- Oracle Linux 9.
- Windows Server 2019.
- Windows Server 2022.
Minimum server specifications:
- Low: 400 devices and 25,000 ports.
- Intermediate: 800 devices and 50,000 ports.
- High: 1,000 devices and 70,000 ports.
Server Component | Low | Intermediate | High |
---|---|---|---|
Minimum CPU Clock Speed | 2.5GHz | 2.5GHz | 2.5GHz |
Minimum Number of Cores | 6 | 8 | 16 |
Windows Minimum Physical Memory | 8GB | 12GB | 24GB |
Linux Minimum Physical Memory | 8GB | 16GB | 32GB |
Disk Capacity | 60GB | 90GB | 120GB |
Third-party software versions:
For information regarding third-party software versions used in Entuity, please see this article.
Note, for information regarding third-party software vulnerabilties (published CVEs), please see this article.
JRE upgrade overrides SSL/TLS certificates in the default keystore:
This section is only applicable if users have implemented the Entuity external authentication using secure LDAPs.
The default keystore file entuity_home\install\JRE\lib\security\cacerts is overwritten during the JRE upgrade, which means that security certificates imported into that keystore are now lost.
To preserve your certificate setup, you can export them before migrating to Entuity, and import them after completing the migration. It is important to export and then import all security certificates in a certificate chain.
To retain imported SSL/TLS certificates:
- Before starting migration, export the security certificate chains using entuity_home\install\JRE\bin\keytool.
- Enter the keystore password. The default keystore password is changeit, although it may have been amended by a system administrator.
- After installing Entuity, re-import the security certificates. Entuity provides a tool for this purpose, certtool. It is located in entuity_home\bin\certtool.bat (on windows) and entuity_home/bin/certtool (on Linux). certtool works by storing keys in a secondary keystore which persists across JRE upgrades. In the future, running configure will merge keys in the secondary keystore with the default JRE keystore.
- After you have imported all of the security certificates, you must ensure they are picked up by Apache Tomcat on the Entuity server. When Tomcat starts, it updates its security certificates. You do not need to stop Entuity, you only need to stop Tomcat (which will automatically restart). For example, from entuity_home\bin, enter: stop tomcat
Note: when configured for external authentication via LDAPs, Entuity enforces hostname verification between certificates and the LDAP server. If your LDAP TLS certificates are non-compliant with hostname verification, then the LDAPs intgrations will stop working after installing Entuity.
Entuity recommend that users plan for new certificates before upgrading to Entuity v22.0. If you are unable to rebuild certificates, Entuity recommend that you contact Entuity Support for details of how to handle non-compliant certifications.
Entuity web UI system requirements:
The Entuity v22.0 web UI is certified for use with:
- Microsoft Edge v44 or later.
- Firefox 68 or later.
- Google Chrome 79 or later.
Users must enable their web browsers for both JavaScript (e.g. to enable the Entuity menu structures) and cookies (e.g. to maintain login status).
Entuity migration path:
The certified migration paths to Entuity are from the latest patch of Entuity v20.0 and Entuity v21.0. The current latest patch for these versions are as follows:
- Entuity v20.0 P09.
- Entuity v21.0 P04.
Click here for help on how to check the current version and patch level of an Entuity server.
Migrating to Entuity v21.0:
Migrating to and installing Entuity v22.0 is the same process whether migrating from Entuity v20.0 P09 or Entuity v21.0 P04. If you are upgrading from Entuity 20.0 on Windows Server 2016, you can upgrade the OS and then Entuity in the same migration.
- Stop the Entuity server and take a backup.
- (If you are running your original install on Windows Server 2016, upgrade the server from 2016 to Windows Server 2019 or 2022.)
- Run install to install Entuity and install it on top of the existing install. Note, you must run install as administrator from the command prompt.
- Run configure and update the license file to point at the new install.
- Restart the Entuity server.
- Deploy the updated Event Management System (EMS) event project, or apply the changes within it to your current project.
For every possible migration paths to Entuity v22.0 from v20.0 or v21.0, please see this article.
Entuity v22.0 key changes:
Please find below the key changes in Entuity v22.0:
AWS and Azure Monitoring Enhancements
Configuration Management and Monitoring Enhancements
Maintenance Window Alerting Enhancements
AWS and Azure Monitoring Enhancements
Virtualization Summary dashboards
Improvement to virtualization monitoring to better reflect the difference in data collected between private (e.g. VMWare, HyperV etc) and public, cloud-based (e.g. AWS and Azure) VM platforms. New Summary dashboards have been added to monitor specific AWS and Azure data:
- Public VM Platform Summary dashboard
- Region Summary dashboard
- Block Storage Summary dashboard
- CSP Virtual Machine Summary dashboard
- CSP Virtual NIC Summary dashboard
Configuration Management and Monitoring Enhancements
Configuration management and monitoring
Enhancements to configuration management and monitoring, including:
- Addition of UI option to run commands for Cisco devices over SSH.
- Addition of support for single configuration files on devices alongside existing support for dual (startup and running) configuration files.
- Addition of History tab to the Policy Management page, detailing all policy violations against archived configurations currently saved to Entuity.
- Addition of option to upload copies of archived configurations to a given directory on a device.
- Addition of support for subfolders in the navigation tree under the Firmware tab of the Configuration Management page, and various functionality therein.
- Addition of option to download firmware images from the UI.
- Other improvements.
Maintenance Window Alerting Enhancements
Improvement to maintenance window functionality, so that if devices come out of a maintenance window in a different state to when they went in, then state change events and incidents are raised as appropriate. For example, if a device is up before a maintenance window starts and is down when the window ends, an event/incident is raised to alert the user.
User Defined Thresholds
Addition of functionality enabling users to define user defined thresholds on specified stream attributes via the Entuity UI. These user defined thresholds can be created, enabled and disabled at any time without needing to write config, and can be managed from a single page. The user can specify system or custom events that are raised when the threshold value is met or exceeded. User defined thresholds can be created on individual servers or in server configuration sets.
Vulnerability Monitoring
Vulnerability monitoring and database integration
Addition of Vulnerability Monitoring, utilizing the NIST (National Institute of Standards and Technology) National Vulnerability Database (NVD), that enables users to monitor the devices in their networks for Common Vulnerabilities and Exposures (CVEs). Entuity scans local CVE Data files to find potential vulnerabilities that are matched against the CPE configurations assigned to the devices on users’ networks. Incidents and events are raised against any matched CVEs.
Addition of new ‘Security Analysis’ system dashboard, applicable to View and device contexts, enabling users to view a summary of vulnerability monitoring configurations, view results of vulnerability monitoring scans.
Web Application Management
Addition of functionality to monitor SSL certificate expiry of user-specified web applications. Editable thresholds raise incidents and events upon the approach of certificate expiry dates.
Comments
0 comments
Please sign in to leave a comment.