Upgrade the Multicloud Defense Gateway
Multicloud Defense Gateways serve as an autoscaling self-healing Platform-as-a-Service (Paas), functioning as inline network-based security enforcement nodes. Unlike traditional firewalls, Multicloud Defense eliminates the need for customers to construct virtual firewalls, configure high-availability setups, or manage software installations.
Multicloud Defense Gateway instances operate on highly optimized software, incorporating a single pass datapath pipeline for efficient traffic processing and advanced security enforcement. Each gateway instance comprises three core processes: a "worker" process responsible for policy enforcement, a "distributor" process for traffic distribution and session management, and an "agent" process communicating with the controller. Gateway instances can seamlessly transition "in service" for a "datapath restart," enabling smooth upgrades without disrupting traffic flow.
New instances are spun up with new image. Once the instances are fully up, they are placed in the loadbalancer's (layer 4 sprayer of flows to gateway instances) target pool. The old instances are put in flow draining mode or flow timeout mode for the existing flows going through them. New flows will hit the new instances. Once the timeout (Azure) or the flows are drained (AWS), the old instances are reaped by the controller.
Use the following procedure to
Procedure
Step 1 | Navigate to . | ||
Step 2 | Select the checkbox for the gateway you want to upgrade. You can make only one selection at this time. | ||
Step 3 | Select . | ||
Step 4 | From the Gateway Image list, select the desired image. | ||
Step 5 | Click Save. | ||
Step 6 | Confirm the cloud service provider resource allocation necessary for the upgrade. | ||
Step 7 | Click Yes if the resource allocation is sufficient. Click No if the resource allocation is insufficient, increase the resource allocation in the cloud service provider, and return to continue the upgrade.
|