Rocky Linux Edge Upgrade
Introduction
CentOS 7 is a stable Linux distribution; however, with its End-of-Life in 2024, vulnerabilities are no longer being patched by the CentOS project. To mitigate CentOS vulnerabilities, the CIQ Bridge for CentOS has been deployed. This allows a safe operation until migration to a fully supported Operating System.
Starting with July 31st 2025, the Edge device is available based on Rocky Linux 8.10.
We advise all customers to upgrade to the new Edge device.
Prepare for the upgrade
Plan for downtime
During the upgrade process, the Edge device is unavailable. This inevitably results in some downtime.
DDM Customers.
Downtime is limited to a few minutes while the upgrade process takes place, but no other impact is noticed.
SPM Customers
Downtime is limited to a few minutes while the upgrade process takes place. During this time, the Edge device is unable to collect attributes. Customers should expect that some false positive alerts may be generated during this time, and shortly after the Edge restart, if they have events based on history or are time-dependent.
Download the new Edge image
You can download the new Edge image from FireScope - Matrix42 Marketplace.
Prepare new Edge Image
Once the new Edge Image has been downloaded, you must create a virtual machine using the same settings as the Edge being replaced – particularly the network interfaces.
It is important that this new Edge is NOT powered on at this stage.
Record the old Edge network settings.
The new Edge device needs to be configured with the same network settings used by the Edge device it is replacing. You must ensure these details are recorded for later use in the upgrade process. The required information is:
- Edge Device Name
- IP Address
- Network Mask
- Primary DNS Server Address
- Secondary DNS Server Address
- Network Time (NTP) Server Address
- Domain Search Suffix
Upgrade process
The upgrade process replaces the existing Edge device with the new one, using the same network settings. Follow the process below exactly as described.
Step-by-step guide
- Power off the existing Edge device. Do not proceed until this device is fully powered down and cannot be accessed on the network.
- Power on the new Edge device.
- At the new Edge device console menu, select option 1 and follow the prompts to fill in all network information recorded previously.
- Log into the DDM/SPM user interface.
- Browse to the Edge Device List page:
- DDM > Configuration > Edge Devices > List
- SPM > Administration > Edge Devices
Do not delete the existing Edge device entry. You will use this to make the new Edge device function as the one it is replacing.
- Download the registration key for the existing Edge Device.
- DDM:
- SPM:
- DDM:
- In a new browser tab, enter the IP of the Edge device to access its management interface.
- Log in with the administrative user.
- If required, change the administrator password.
- Under Administration, click Edge Registration.
- Enter the IP address of the Edge device where required, and load the recently downloaded license key.
- Click Validate Registration Key.
- Click Submit Registration Key.
- If everything worked and each step shows a green check mark, proceed with the remaining steps. Otherwise, resolve any issues before proceeding.
- Return to the DDP/SPM user interface.
- Go to the Edge Device List page:
- DDM > Configuration > Edge Devices > List
- SPM > Administration > Edge Devices
- Click on the name of the Edge device you are replacing.
- Run a configuration refresh:
- For DDM, click Run Configuration Refresh.
- For SPM, click Configuration Refresh.
- For DDM, click Run Configuration Refresh.
Once the configuration refresh has completed both processes, the new Edge device is functional and will perform as an exact replacement of the old one.
Post Upgrade
Running a configuration refresh may cause all discovery jobs to restart, so you may see some as running and others as pending. Once each job has been completed, it will return to the completed state.