Upgrade Air Gapped Secure Endpoint Private Cloud Using USB Mass Storage Device

Available Languages

Download Options

PDF (84.0 KB)
View with Adobe Reader on a variety of devices
ePub (147.2 KB)
View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
Mobi (Kindle) (133.6 KB)
View on Kindle device or Kindle app on multiple devices

Updated:September 25, 2024

Document ID:222412

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Introduction

This document describes step-by-step guide on how to upgrade software on Secure Endpoint Private cloud using USB mass storage.

Problem

In highly secure environments, air-gapped appliances are critical for protecting sensitive data and systems from external threats. These appliances operate without any network connection, ensuring that there is no direct or indirect communication with untrusted networks. While this isolation provides exceptional security, it also introduces significant challenges when it comes to maintaining and updating software of the appliance.

The primary problem lies in effectively and securely upgrading air-gapped appliances without compromising their isolated status or security posture. Traditional update methods, which often rely on network connectivity, are not applicable in these scenarios. Consequently, organizations must find alternative methods to deliver updates, ensure compliance with security standards, and minimize downtime during the upgrade process.

Addressing these challenges requires a well-defined, secure, and efficient update mechanism tailored to the unique constraints of air-gapped environments. In this context, the updates via USB mass storage presents a viable solution that can enhance the manageability and security of upgrading air-gapped appliances.

Solution

1. Download amp-sync application from OPadmin portal > Operations > Update Device > Download amp-sync.

Tip: If you see this message: "This Private Cloud device includes a Protect DB snapshot. It is recommended to run amp-sync with the -X and -M 20230821-1604 options to save bandwidth" add these attributes to the end of the amp-sync command, for example amp-sync all -X -M 20230821-1604.

2. Copy amp-sync to Linux-based machine and add executable privileges. Place it in the folder you have enough space (over 300 GB for whole database).

3. There are two options to run amp-sync:

a. as a main process:

amp-sync all

b. in background:

nohup amp-sync all &

to allow it to run even if SSH session gets disconnected. This is useful if whole download process takes multiple hours. You can peek into the current status with the command:

tail -f nohup.out

4. Copy ISO image to the computer where you have your USB mass storage attached.

5. Copy ISO image to USB storage.

Caution: USB mass storage must be formatted in ext2, ext3, ext4 or XFS format. exFAT and NTFS is not supported. FAT32 whereas supported on both platforms has limitation that a file cannot be larger than 4 GB.

6. Safely detatch USB mass storage and plug it into Private Cloud Appliance.

7. Mount USB mass storage and copy ISO file to /data/mount folder:

mkdir /mnt/usb
mount /dev/sdd1 /mnt/usb
cp /mnt/usb/PrivateCloud-4.2.1-Updates-2024-08-30-NOSNAP-D20230821-1604-prod.iso /data/mount

8. Go to OPadmin > Operations > Mount ISO.

9. Select Mount Type as Local, Local Directory as /data/mount and Local ISO File as the name of the file in that Local Directory folder, for example:

Mount ISO location type, directory and location of the iso file