How to Upgrade Easily to Orion Platform versions 2020.2.4 and 2019.4.2 With New Digital Code-Signing Certificates

While the IT industry is still working through the widespread ramifications of the recent cyberattack on SolarWinds and our customers, our focus has been not only to address the recent vulnerabilities but check every box we can to help make sure we’re providing security-hardened products the IT industry can use with confidence. Our CEO, Sudhakar Ramakrishna,  has outlined our plan for a safer SolarWinds and customer community in this blog post.

As we execute on Sudhakar’s plan, one key element to deliver was re-signing all Orion Platform software with new digital certificates. These changes are available in Orion Platform releases 2020.2.4 and 2019.4.2. We’ve provided a detailed document regarding the new digital code-signing certificates to answer your most pressing questions about why we’ve taken this important step. For more information about how a specific product has been affected, please consult this guide. Keep in mind, this change involves non-Orion Platform products (such as Database Performance Analyzer (DPA), Security Event Manager (SEM), Access Rights Manager (ARM), and others), and we’ve provided details on each in the article mentioned above. Our existing certificates for affected versions will be revoked March 8, 2021. In this post, we’ll go over information and instructions to help you with the upgrade process for Orion Platform products. If you have questions about a non-Orion Platform product, please see respective release documentation or check out your product THWACK forum to see if there are updates or start a conversation.   

What is the content of these releases?

2020.2.4 was released January 2021 and together with the new digital code-signing certificate also contains all necessary security fixes for SUPERNOVA and SUNBURST originally released in 2020.2.1 HF 2 (released December 15, 2020). 

2019.4.2 was released in February 2021 and similarly includes both the new digital code-signing certificate and the necessary security fixes for SUPERNOVA and SUNBURST originally released in 2019.4 HF 6 (released December 14, 2020).

Head to the Customer Portal if you’re ready to begin your upgrade. Continue reading below for further information and resources.

You can find further details on the releases in the Release Notes section of your product within our support documentation (for instance, for NPM here).  

Are there any resources available to help with upgrades?

For our customers, this has also been a time of regular updates, and the recent digital code-signing certificate changes will add another to-do item on your list. We’re with you in this process and have been working in the past years to improve our upgrade process to be faster and more convenient. We have some resources you may find helpful as you begin your upgrade:

In our 2020.2 release (June 4, 2020) we made important updates to our upgrade process and published a post on THWACK outlining the improvements and use of My Orion Deployment page.

As part of our incident response, we created a video guide on the upgrade process to help make the process easier and clearer. In addition, the contents of this video apply to the upgrade path needed for the current 2020.2.4 release.

We continue to provide a large selection of upgrade specific information in our Upgrade Resource Center, which includes the Solarwinds Upgrade Advisor to help you with your compatibility questions. The SolarWinds installer has pre-flight checks and tools to help you plan your upgrade, so you can be confident to schedule and complete your installs.  

How should I complete my upgrades?

The digital code-signing certificates being revoked only apply to certain specific affected versions. Your first step should be to check what product version(s) you’re running to see if you have affected versions. This KB article has more information about how you can find the product version you’re currently using. 

If you have the 2020.2 release, you will find all the information you need in the My Orion Deployment view. From anywhere in the Orion Platform, click on the Settings button in the navigation and then My Orion Deployment. Then select the Updates and Evaluations tab in the new page. You will see a view with what major updates or fixes are available. The example environment in the screenshot below currently has 2020.2.1 installed, and we can see there are three products in use in this environment, all of which have 2020.2.4 as available installations.

  

Follow the steps in this article to install the latest upgrades through the My Orion Deployment page. Utilizing My Orion Deployment to upgrade your main polling engine will require connectivity to the internet to download necessary installation files from the SolarWinds downloads site. If you do not have connectivity to the internet, use the offline installer to start the main polling engine upgrade. While upgrading one or more scalability engines, you’ll be redirected from the installer while they’re upgraded in parallel, which does not require connectivity to the internet.

If you have an earlier version of the Orion Platform products or if you would rather do an offline installation, you can get your copy of the fixes from the Customer Portal.

After you log in to your Customer Portal, you’ll see a list of available downloads. For most products, you’ll see a link to “Check version compatibility and upgrade path.” This will take you to the SolarWinds Upgrade Advisor. Here you can select your existing product versions and new product versions to see what upgrade path to take. 

  

Clicking the download button will take you to the download page where you can get the offline or online installation downloads. Offline installation will include everything you need, so you can complete the process on a machine without internet access. If you’re doing a release download (as in this specific case), you don’t need to individually install hot fixes, as everything up to the release version you’re downloading will be included.

 

Please remember that when you upgrade one Orion Platform product, you’ll be upgrading all Orion Platform products you have installed. We have put a lot of effort in the past years to make individual Orion Platform products work and integrate well together as well as seamlessly upgrade and update at the same time to improve your experience. These changes are part of the reason recent version upgrades are significantly easier and faster.

Once your installation is successfully completed, follow the instructions in this KB article to validate you have the new certificate.

Even if you’re using a version not affected by the certificate changes, we strongly recommend installing the latest version of your Orion Platform products. We have made significant improvements in the latest releases, including the ability to do faster and easier upgrades.

Will this affect my agent deployments?

Our automated agent deployment process makes it easier to keep agents up to date across product updates. If you’ve configured automatic agent updates, you won’t need to do anything separately for your agents.

After the revocation of the old certificates, if you haven’t upgraded your products, you won’t be able to install new agents since older versions are signed using an expired certificate. The good news is any existing agents already deployed are automatically upgraded to the same version as the Orion Platform when you complete your upgrade. This will only work if you haven’t disabled automatic agent updates (this action is not recommended, as leaving your agents in older versions than the Orion Platform may lead to breaking functionality).

Some environments may utilize automated solutions to scale out agent deployment. If you’re using a software deployment/distribution solution to upgrade existing agents or to deploy new ones in your environment, always use the latest Agent MSI included with the Orion Platform. Alternatively, use the Agent's automatic agent update feature to ensure Agents are always running the latest version compatible with your version of the Orion Platform.

If you need a primer in how to use and work with agents, please check our support article for the Orion Platform. Read through this section for assistance if you need to manually upgrade the agents. For most of our users, agent updates should not cause any issues, but if you run into problems, please open a support ticket.

Conclusion

We hope the resources and details provided above will equip you for a seamless upgrade. We’ve worked hard in the past few years to improve the upgrade process by providing you better tools to prepare, stage, and complete the upgrades quickly and without problems. Some testimonials we received from our users showed these improvements made a huge difference (See for example My Upgrade to Orion 2020.2: A Customer Perspective and Orion Platform 2020.2: The Easiest Upgrade in Years.) If you haven’t recently upgraded to our newest version of the Orion Platform, please consider doing so, so you too can make use of the improvements.

Lastly, remember we’re engaged and always listening. If you have specific issues regarding your own update experience, creating a support ticket will be your best way to get to a quick response. But we also want to hear more about your thoughts on the resources provided above or any takeaways from your recent experiences. Please feel free to send us your thoughts for any of these in the discussion section below.

Anonymous
  • typically a remote enterprise security boundary that can be tricky to put eyes on. Cisco Viptela devices can be added to UDT through the Add Node wizard or Network Sonar Discovery.

  • If you are upgrading from Orion Platform 2019.2, you can upgrade your entire Orion deployment from the My Orion Deployment page. Click Settings > My Orion Deployment > Updates & Evaluations. Downloading the Orion Installer is no longer necessary.