Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Pulse Connect Secure Cluster upgrade procedure

SOLVED
Go to solution
FrozT
Frequent Visitor
‎11-03-2020 12:00:PM
‎11-03-2020 12:00:PM

Pulse Connect Secure Cluster upgrade procedure

Hi, I'm planning on upgrading my PSA5000 cluster from 9.1R7 to 9.1R9 tonight. I've already staged it. I'm just wondering should I initiate the upgrade on the Active member or start on the passive?

 

This upgrade guide doesn't say and it's the only one I could find:

https://docs.pulsesecure.net/WebHelp/PCS/8.3R3/Content/PCS/PCS_AdminGuide_8.3/Upgrading_the_System_S...

 

Thanks!

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
cbrauckmiller
Frequent Contributor
‎11-03-2020 12:13:PM
‎11-03-2020 12:13:PM

Re: Pulse Connect Secure Cluster upgrade procedure

Hello and thanks for the post.

 

You should always upgrade from the active node assuming this is an active/passive cluster.  The upgrade will start and at a point, the system will reboot.  The VIP(s) will then fail over to the passive node who will take on the users from the first node.  Users may see a small interruption of their tunnel traffic, so be forewarned but they will auotmatically re-establish their tunnel back to the second node.  Once the first node reboots and completes the upgrade, it will alert the second node, copy the upgrade package over to it and then start the upgrade there.  At the same point, users will fail back over to the first node and reconnect.

 

On an Active/Active cluster, it really doesn't matter which you upgrade first, but each node will upgrade one at a time so that users can move to the other node(s).

 

As always, it is highly recommended that you take a user and system config backup BEFORE runnint the upgrade just in case anything happens.

 

Thanks

 

Craig Brauckmiller

Pulse Secure

View solution in original post

0 Kudos
2 REPLIES 2
cbrauckmiller
Frequent Contributor
‎11-03-2020 12:13:PM
‎11-03-2020 12:13:PM

Re: Pulse Connect Secure Cluster upgrade procedure

Hello and thanks for the post.

 

You should always upgrade from the active node assuming this is an active/passive cluster.  The upgrade will start and at a point, the system will reboot.  The VIP(s) will then fail over to the passive node who will take on the users from the first node.  Users may see a small interruption of their tunnel traffic, so be forewarned but they will auotmatically re-establish their tunnel back to the second node.  Once the first node reboots and completes the upgrade, it will alert the second node, copy the upgrade package over to it and then start the upgrade there.  At the same point, users will fail back over to the first node and reconnect.

 

On an Active/Active cluster, it really doesn't matter which you upgrade first, but each node will upgrade one at a time so that users can move to the other node(s).

 

As always, it is highly recommended that you take a user and system config backup BEFORE runnint the upgrade just in case anything happens.

 

Thanks

 

Craig Brauckmiller

Pulse Secure

0 Kudos
KevinSC
New Contributor
‎04-22-2021 03:56:PM
‎04-22-2021 03:56:PM

Re: Pulse Connect Secure Cluster upgrade procedure

This is what the release notes say about upgrading a cluster:
"To reduce the number of reconnection attempts due to VIP failover, Pulse Secure recommends to upgrade the passive node first. Once the upgrade is complete, the passive node will push the service package to the active node and cause the VIP to failover to the passive node. All existing user session will be automatically transferred to the passive node. When the active node has completed the upgrade process, the passive node will remain the VIP owner. If you would like the active node to own the VIP again, a manual failover is required.
Note: The term “passive node” used in this example to describe the node that does NOT own the VIP."
0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.