Entuity multi-server environments
Compatibility matrix, system requirements and shipped software
Third-party software versions
JRE Upgrade Overrides SSL/TLS Certificates in the Default Keystore
Entuity web UI system requirements
Firmware Update Management
Storage Performance Metrics
Custom Webhooks
Enhanced User Defined REST API Poller
Remote Poller Connectivity Enhancement
Welcome to Entuity v20.0. This migration guide covers important changes that should be considered by users migrating from earlier versions of the Entuity software to Entuity v20.0.
For further help on starting up Entuity, please also see these other sections in our guide:
- Installation Guide
- Licensing
- Data Backup
- Starting Entuity
- Discovering my network
- Navigating and viewing my network
Entuity multi-server environments:
If you use multiple Entuity servers to manage your network, and you group these together using a consolidation server, you must upgrade all servers in the group to the same version of Entuity.
If you use multiple Entuity servers to manage your network, independently of each other, then you may continue to operate these servers using different versions of the software.
Compatibility matrix, system requirements and shipped software:
Entuity is only certified for use with the 64-bit English edition variants of:
- Red Hat Enterprise Linux ES version 7.
- Red Hat Enterprise Linux ES version 8.
- Oracle Linux 7.
- Oracle Linux 8.
- Windows Server 2016.
- Windows Server 2019.
Minimum server specifications:
- Low: 400 devices and 25,000 ports.
- Intermediate: 800 devices and 50,000 ports.
- High: 1,000 devices and 70,000 ports.
Server Component | Low | Intermediate | High |
---|---|---|---|
Minimum CPU Clock Speed | 2.5GHz | 2.5GHz | 2.5GHz |
Minimum Number of Cores | 6 | 8 | 16 |
Windows Minimum Physical Memory | 6GB | 12GB | 24GB |
Linux Minimum Physical Memory | 8GB | 16GB | 32GB |
Disk Capacity | 60GB | 90GB | 120GB |
Third-party software versions:
For information regarding third-party software versions used in Entuity, please see this article.
Note, for information regarding third-party software vulnerabilties (published CVEs), please see this article.
JRE Upgrade Overrides SSL/TLS Certificates in the Default Keystore:
This section is only applicable if users have implemented the Entuity external authentication using secure LDAPs.
The default keystore file entuity_home\install\JRE\lib\security\cacerts is overwritten during the JRE upgrade, which means that security certificates imported into that keystore are now lost.
To preserve your certificate setup, you can export them before migrating to Entuity, and import them after completing the migration. It is important to export and then import all security certificates in a certificate chain.
To retain imported SSL/TLS certificates:
- Before starting migration, export the security certificate chains using entuity_home\install\JRE\bin\keytool.
- Enter the keystore password. The default keystore password is changeit, although it may have been amended by a system administrator.
- After installing Entuity, re-import the security certificates. Entuity provides a tool for this purpose, certtool. It is located in entuity_home\bin\certtool.bat (on windows) and entuity_home/bin/certtool (on Linux). certtool works by storing keys in a secondary keystore which persists across JRE upgrades. In the future, running configure will merge keys in the secondary keystore with the default JRE keystore.
- After you have imported all of the security certificates, you must ensure they are picked up by Apache Tomcat on the Entuity server. When Tomcat starts, it updates its security certificates. You do not need to stop Entuity, you only need to stop Tomcat (which will automatically restart). For example, from entuity_home\bin, enter: stop tomcat
Note: when configured for external authentication via LDAPs, Entuity enforces hostname verification between certificates and the LDAP server. If your LDAP TLS certificates are non-compliant with hostname verification, then the LDAPs intgrations will stop working after installing Entuity.
Entuity recommend that users plan for new certificates before upgrading to Entuity v20.0. If you are unable to rebuild certificates, Entuity recommend that you contact Entuity Support for details of how to handle non-compliant certifications.
Entuity web UI system requirements:
The Entuity web UI is certified for use with:
- Microsoft Edge v44 or later.
- Firefox 68 or later.
- Google Chrome 79 or later.
Users must enable their web browsers for both JavaScript (e.g. to enable the Entuity menu structures) and cookies (e.g. to maintain login status).
Entuity migration path:
The certified migration paths to Entuity are from the latest patch of ENA v18.0 and Entuity v19.0. The current latest patch for these versions are as follows:
Click here for help on how to check the current version and patch level of an Entuity server.
Migrating to Entuity v20.0:
Migrating to and installing Entuity v20.0 is the same process whether migrating from ENA v18.0 P11 or Entuity v19.0 P05. If you are upgrading from Entuity 18.0 on Windows Server 2016, you can upgrade the OS and then Entuity in the same migration.
- Stop the Entuity server and take a backup.
- Run install to install Entuity and install it on top of the existing install. Note, you must run install as administrator from the command prompt.
- Run configure and update the license file to point at the new install.
- Restart the Entuity server.
- Deploy the updated Event Management System (EMS) event project, or apply the changes within it to your current project.
For migration paths to Entuity v20.0 from v18.0 or v19.0, please see this article.
Entuity v20.0 key changes:
Please find below the key changes you will find in Entuity v20.0.
Configuration Monitoring and Management Enhancements
Enhanced User Defined REST API Poller
Remote Poller Connectivity Enhancement
Configuration Monitoring and Management Enhancements
Configuration monitoring and management
- Addition of a new 'Device Configuration Diffs' report to provide a summary of individual changes in device configurations during a specified time span.
- Addition of an option to view details of out-of-the-box configuration management steps directly from the Configuration Management page.
- Addition of an option to view color-coded change-based diffs between the running and previous configurations for a device.
- Addition of option to view associated events from the 'Configuration Changes Over Time' and 'Policy Violations Over Time' dashlets on the Configuration Monitoring Summary system dashboard. The events are as follows:
- CM Firmware Version Changed
- CM Running Configuration Changed
- CM Startup Configuration Changed
- CM Configuration Includes Policy Exclusion
- CM Configuration Missing Policy Mandated Statement
- Addition of an optional popout dialog box to provide a larger area and easier format for adding, viewing and editing scripts for configuration steps.
- Addition to the Administration section of a Policy Management page that enables you to see policies that are in use, create new policy rules, and edit and delete existing policies.
Firmware Update Management
- Addition of functionality that enables you to update firmware images across Cisco IOS network devices.
- Addition of ability to manage a directory of IOS images on the current server under a new 'Firmware' tab on the updated Configuration Management page.
- Addition of new 'Firmware Task Failed' and 'Firmware Task Warning' incidents and events.
Storage Performance Metrics
- Addition of performance monitoring for storage devices, to complement existing storage inventory and status polling.
Custom Webhooks
- Addition of functionality enabling you to add JSON webhooks from any device vendor, application or service to Entuity, and turn those webhooks into custom webhook events via custom webhook rules.
Enhanced User Defined REST API Poller
- Introduction of a new user defined REST API poller, enabling you to add support for network devices, software-defined platforms and applications that provide data via REST APIs. You can define REST pollers via the UI or Entuity's RESTful API functionality.
Remote Poller Connectivity Enhancement
-
Introduction of functionality that allows the connection between a consolidation server and polling server(s) to be initiated from the polling server and out to the consolidation server over standard HTTPS (‘downstream’ to ‘upstream’ connection).
-
Change to the UI of the multi-server configuration administration page to cater for remote poller connectivity enhancements and improvements to useability.
Comments
0 comments
Please sign in to leave a comment.