Software Updates
How to check for and update Privileged Access Management to the Latest Version.
The development of Privileged Access Management (PAM) follows an Agile development process which means a fast paced and frequent software release cycle. Due to this, the software provides an easy method to check for and ultimately deploy the latest version.
Before you update, review the latest Privileged Access Management Release Notes.
PAM updates may contain changes that require modifications to the PAM database. For this reason, please ensure that the PAM schema owner has DDL permissions on the database before starting the software update process.
Check and Update PAM Online
To Check and Update PAM Online (for offline update scroll down to the next section).
To perform an Online Update, your PAM node(s) must be able to communicate with the PAM distribution server to complete a version check and to download the software package. If required, whitelist the domain "bin.xtontech.com" using port 443 in your firewall.
- Login to PAM as a System Administrator.
- Navigate to Administration > Updates. The Application Update page will display all the components configured, their Current Version and the latest Available Version. If the available version is more recent than your current version, a Download button will be visible.
- Click Download to queue the download process. The download will be processed when possible and may take a few minutes to complete.
-
When the download is finished, an Install button will become visible under the Actions column. Click Install to queue the installation process. The installation will be processed when possible and may take a few minutes to complete and during this time, connectivity to the system will be intermittent. We recommend performing the installation during “off peak” hours if possible.
-
After the update is installed, the current Components and Available Version numbers will be identical and the Action message will state that the current version is up to date.
Check and Update PAM Offline
To Check and Update PAM Offline:
- Download the offline update from here: https://bin.xtontech.com/product/pam-pkg.zip
- Copy the downloaded zip file to the PAM server.
- Extract the zip file to a temporary location on the PAM server.
- In this temporary location, navigate to /pkg/pam and copy the files xtam.war and xtamWorker.war.
- Paste these files to $PAM_HOME/content, or the directory specified by the Administration / Settings / Properties / Content Location parameter.
- Once copied, PAM will begin the update process automatically.
- The update process takes about 5 minutes to complete and you should open PAM and navigate to Administration > Updates to confirm when the process is complete.
-
Download and then unpack the web archive https://www.xtontech.com/wp-content/uploads/2017/12/web.zip
-
Copy the web.xml file to $PAM_HOME/web/webapps/xtam/WEB-INF replacing the file which already exists. (Consider making a copy of the existing web.xml file in case of issues.)
-
Restart the PamManagement (Windows) or pammanager (Linux) service.
If your deployment includes the Federated Sign-In Module, then you will need to complete the following additional steps when performing an offline update.
Performing PAM software update manually
-
Login to PAM host server. Administrative privileges may be required.
-
Download the offline update (https://bin.xtontech.com/product/pam-pkg.zip) and extract to a temporary location.
-
Stop the PamManagement/pammanager service.
Note that this PAM node will now be offline until the update is complete.
-
Navigate to $PAM_HOME/web/webapps and delete both files xtam.war and xtamWorker.war
-
Also in this same location, delete both directories xtam and xtamWorker.
-
Optionally, rather than deleting these files and directories, you can move them to a temp location outside of $PAM_HOME. If the update process fails, you can move these back and restart the service.
-
From within the extracted .zip in step 2, navigate to $PAM_HOME/pkg/pam and copy the files xtam.war and xtamWorker.war.
-
Paste both copied files to $PAM_HOME/web/webapps.
-
Start the PamManagement/pammanager service. This will begin the update process which should complete in a few minutes.
If you are not using the Federated Sign-in Module, then the update process should be complete for this node.
If you are using the Federated Sign-in Module, then you will also need to complete these steps:
-
Stop the PamManagement/pammanager service again. This is a second operation which can not be combined with the first procedure.
-
Download the Federated Sign-in Module configuration file (https://www.xtontech.com/wp-content/uploads/2017/12/web.zip) and extract to a temporary location.
-
In this extracted archive, there will be a single web.xml file.
-
Copy web.xml and paste to $PAM_HOME/web/webapps/xtam/WEB-INF, overwriting the current file of the same name that already exists in this directory.
-
Start the PamManagement/pammanager service.
-
Once the update process is complete for this node, you can repeat these steps for the next PAM node.
PAM and OS upgrade
PAM runs as an independent product that has operating system (OS) services added. Performing an in-place upgrade of the OS should complete without any PAM issues.
It is always good practice to perform these types of operations in a test/dev environment before doing so in a Production environment, as there are always things that can be learned through this process.
Before initiating the OS upgrade, it is beneficial to first stop all PAM services (PamManagement, PamDirectory, PamSession), and also take a backup of the PAM directory and store this in another location/folder.