enVision VAM & Signature Content Update Installation Instructions

enVision 3.5.0 and later

Last Modified: August 19, 2009

2009 RSA Security Inc. All rights reserved

This enVision VAM Signature & Content Update is for enVision 3.5.0 and later. The update includes new vulnerability data for the Vulnerability and Asset Management (VAM) feature and new IDS device XML files. In a Multiple Appliance (also referred to as LS) deployment, the installation of this package extracts files onto the Application Server (A-SRV) and replicates the VAM database and files. There are three sections in this document: General Rules Task I Download and Update the VAM Engine (for enVision versions prior to 4.0) Task II Download and Install an enVision VAM Signature & Content Update

General Rules
Regardless of your enVision configuration: Before you install an enVision VAM Signature & Content Update (Task II), you must run a VAM Engine Update (Task I) for: all 3.5.x systems. 3.7.0 systems participating in mixed-version, multi-site configurations.

Only apply the VAM Engine Update once unless you upgrade a site or node at a later date. Here is an example of when you need to run the VAM Engine Update a second time. If you run the VAM Engine Update on 3.5.x and subsequently migrate from 3.5.x to 3.7.x, you must re-run the VAM Engine Update on 3.7.x.

Note:: If you are running enVision version 4.0 or newer, you do not need to run a VAM Engine Update (Task I). For multi-site configurations only: If you have never run the VAM Signature & Content Update or the VAM Engine Update against your enVision environment, you must run the VAM Engine Update from the A-SRV that has the NIC App Server running on it. After you have done this, you run the VAM Signature & Content Update from A-SRV that has the NIC App Server running on it (Master or Slave site). If you upgrade to 3.7.0, you must run the VAM Engine Update on each site after the site is upgraded to 3.7.0. The node on which you run it on that site is not important. If you add a node to a site on which you previously ran the VAM Engine Update, you must run the VAM Engine Update again on that site (you can run the update on any node in the site). You must install the enVision VAM Signature & Content Update on the A-SRV in the site that has the NIC App Server running on it.
2009 RSA Security Inc. All rights reserved

Task I Download and Update the VAM Engine

There are different sets of instructions depending on the release of enVision you have: VAM Engine Download and Update Instructions for enVision 3.5.x VAM Engine Download and Update Instructions for enVision 3.7.x

VAM Engine Download and Update Instructions for enVision 3.5.x

In most cases, you only need to perform this specific task once. The only case for which you must do this task again is if you just upgraded from any 3.5.x version to a newer version of 3.5.x or 3.7.x. There is no harm in executing the task more than once, so if you are unclear you should run it. To download and update the VAM (Vulnerability and Asset Management) Engine Update: Warning: In an LS (Multiple Appliance) site, when you run the VamEngineUpdate-creation-datenumber.exe, the update may freeze temporarily because some other enVision process is accessing the database at the same time. This pause in the update will eventually clear itself and the upgrade will finish on all appliances in the site. You can run SQLAnywhere to see what process is causing the deadlock. 1. Click on the VAM Engine Update link in the enVision VAM Signature & Content Updates page of RSA SecurCare web site to download the VamEngineUpdate-creation-date-number.exe to the C:\Windows\Installations directory. On multiple appliance sites (i.e., multiple site configurations or single site with multiple appliances configurations), download VamEngineUpdate-creationdate-number.exe exe to a node in the site following the guidelines in the General Rules section above. If you upgraded to 3.5.x on a 50 Series platform, you download the VamEngineUpdate-creationdate-number.exe to the C:\WINNT\Installations because the C:\Windows\Installations directory does not exist. The VAM Engine Update is posted on the RSA SecurCare Online web site. Log on to SecurCare Online and RSA enVisionDownloadsRSA enVision VAM Signature & Content Updates under VAM Signature & Content Updates Downloads and click on VAM Engine Update. The system displays a dialog box from which you can download the VAM Engine Update in the form of an executable file: VamEngineUpdate-creation-date-number.exe Here is an example of a VAM Engine Update executable file: VamEngineUpdate-20071203-093833.exe

2009 RSA Security Inc. All rights reserved

2.

Run this executable. When you run the executable it: Creates an update_content.log file in the E:\nic\version-number\servername\update directory on each node in the site. Updates replication within the NIC database. Modifies column sizes in an internal table. Replaces VA Processor with a new one that can read the modified column sizes.

VAM Engine Download and Update Instructions for enVision 3.7.x

In most cases, you only need to perform this specific task once. The only case for which you must do this task again is if you just upgraded from any 3.5.x version to a newer version of 3.5.x or 3.7.x. There is no harm in executing the task more than once, so if you are unclear you should run it. To download and update the VAM (Vulnerability and Asset Management) Engine Update: Warning: In an LS (Multiple Appliance) site, when you run the VamEngineUpdate-creation-datenumber.exe, the update may freeze temporarily because some other enVision process is accessing the database at the same time. This pause in the update will eventually clear itself and the upgrade will finish on all appliances in the site. You can run SQLAnywhere to see what process is causing the deadlock. 1. Click on the VAM Engine Update link in the enVision VAM Signature & Content Updates page of RSA SecurCare web site to download the VamEngineUpdate-creation-date-number.exe to the C:\Windows\Installations directory. On multiple appliance sites (i.e., multiple site configurations or single site with multiple appliances configurations), download VamEngineUpdate-creationdate-number.exe to a node in the site following the guidelines in the General Rules section above. The VAM Engine Update is posted on the RSA SecurCare Online web site. Log on to SecurCare Online and RSA enVisionDownloadsRSA enVision VAM Signature & Content Updates under VAM Signature & Content Updates Downloads and click on VAM Engine Update. The system displays a dialog box from which you can download the VAM Engine Update in the form of an executable file: VamEngineUpdate-creation-date-number.exe Here is an example of a VAM Engine Update executable file: VamEngineUpdate-20071203-093833.exe 2. Run this executable. When you run the executable it: Creates an update_content.log file in the E:\nic\version-number\servername\update directory on each node in the site. Updates replication within the NIC database.
2009 RSA Security Inc. All rights reserved

Task II Download and Install an enVision VAM Signature & Content Update (3.5.x and 3.7.x)
To download and install an enVision VAM Signature & Content Update: 1. Download the enVision VAM Signature & Content Update from the RSA enVision web site to the C:\Windows\Installations directory. On multiple appliance sites (i.e., multiple site configurations or single site with multiple appliances configurations), download the enVision VAM Signature & Content Update to the A-SRV on which the NIC App Server Service is running. If you upgraded to 3.5.x on a 50 Series platform, you download the enVision VAM Signature & Content Update to the C:\WINNT\Installations because the C:\Windows\Installations directory does not exist. The VAM Signature & Content Update is posted on the RSA SecurCare Online web site. Log on to SecurCare Online and RSA enVisionDownloadsRSA enVision VAM Signature & Content Updates under VAM Signature & Content Updates Downloads and click on VAM Signature & Content Update. The system displays a dialog box from which you can download the VAM Signature & Content Update in the form of an executable file: enVisionVamUpdate-creation-date-number.exe Here is an example of an enVision VAM Signature & Content Update executable file: enVisionVamUpdate-20071203-093833.exe 2. Run this executable (on multiple appliance sites, you must run this executable on the A-SRV on which the NIC App Server Service is running). Note: If the NIC App Server Service is not currently running on your site, run the appserver_install.bat batch script in the nic\3500\servername\bin\ folder providing the external LAN IP address of A-SRV machine as an input parameter to the batch script. For example: E:\nic\3500\servername\bin\appserver_install.bat a-srv-ip_address This batch program installs and starts the NIC App Server windows service on your A-SRV and adds it to the list of services in the manage Services window in enVision. There can be only on instance of the NIC App Server running in a given enVision domain. Even if you have only one A-SRV, you must run the appserver_install.bat batch program to install and start the NIC App Server service. When you run the executable it: Checks to see if the VAM Engine Update has already been applied and tells you if it has not been applied. Creates an update folder in the Install directory (E:\nic\versionnumber\servername\update). Replicates this update folder in the Install directory on each node in the site. Runs batch files in this directory on each node in the site. Creates an logs\contentupdate.log log file on each node in the site. NIC System and Windows Application events are also logged.
2009 RSA Security Inc. All rights reserved

3.

If you have any question on the progress or result of an enVision VAM Signature & Content Update on a particular node: a. b. c. Sort the logs folder by date. Open the contentupdate.log file. Review the update process on that node.

Each contentupdate.log file tells you whether the update succeeded or failed at the end of the log. 4. If the update: Succeeded, for version: 3.5.x, restart the following services on each node in the site: NIC Alerter, NIC Collector, NIC Packager, NIC Server, NIC Web Server (the log also prompts you to restart these services at the end of the log). 3.7.0, restart the NIC Alerter service if ENABLE_ALERTER_DYNAMIC_DEVICE_RELOAD=FALSE in the pi.ini file. See the Online Help for the Dynamic XML feature for more information on this variable.

Failed, save the log and contact customer support.

2009 RSA Security Inc. All rights reserved