Upgrading to the latest version of AppScan Enterprise

For a successful upgrade to the latest version of AppScan Enterprise, read this topic carefully.

Planning the upgrade

Planning an upgrade is similar to planning a deployment. It is important to review your environment and requirements carefully.

Procedure

  1. Identify and document hardware elements that host software components:
    • AppScan® Enterprise Server (main application server hosted by IIS)
    • AppScan Enterprise dynamic scanning agents
    • Microsoft SQL Server database
  2. Create a table like this one to track your information:
    Table 1. Proposed environment server requirements

    Component Server Operating System Technical Specifications Required Software
    AppScan Enterprise Server
    SQL Server
    AppScan Dynamic Analysis Scanner server
  3. Validate identified software and hardware elements meet the system requirements.
  4. Identify and document security elements:
    • Installation account ID, rights and password
    • Service Account ID, rights and password (used for database interaction)
    • AppScan Enterprise URL
    • Product administrator ID and password
  5. Export or create a server certificate to use with IBM® WebSphere® Application Server Liberty Core.
  6. Check that you have the correct AppScan® Enterprise Licenses for your upgrade.
  7. Obtain AppScan® Enterprise 10.x.0 software from HCL® FNO:
    • AppScan® Enterprise Server and License Key Server
    • AppScan® Enterprise Dynamic Analysis Scanner
  8. If you use AppScan® Source, you can obtain the 10.0.1 software from HCL® FNO. You also need to upgrade your Oracle database.
  9. Back up your SQL Server database.
  10. If you upgrade your SQL Server, configure the SQL Server database for AppScan® Enterprise.
  11. Verify product changes that might affect the version you are upgrading from.

Building the staging (testing) environment for upgrade

Use these instructions for building a staging environment or if you are only upgrading your production environment.

Procedure

  1. Create three virtual or physical machines (one machine each for the SQL Server, AppScan Enterprise Server and the Dynamic Analysis Scanner) to meet the system requirements.
  2. Install required software (Application Services, SQL Server Services, etc.) to support the three components which will make up the staging environment.
    Note: If you do not install SQL Server on a separate machine, make sure that you specify "HOSTNAME\SQL_SERVER_NAME" as the SQL Server name in the Database Connection window during configuration. Liberty server does not support "." as a replacement for 'localhost'.
  3. Back up the production database, and load the database into the staging SQL Server.
  4. Install AppScan® Enterprise Server to the application server.
    1. Go to the directory where you downloaded the executable file (AppScanEnterpriseServerSetup_<version>.exe) and double-click the file.
      Note: It might take a while for the next screen to appear.
    2. If you do not have HCL® License Server configured, follow the instructions in HCL AppScan Enterprise License setup.
    3. In the Setup Wizard Welcome screen, click Next.
    4. In the License Agreement window, select the I accept the terms in the license agreement option, and click Next.
    5. In the Destination Folder window, select a target location and click Next.
    6. In the Ready to Install the Program window, click Install to proceed with the installation.
    7. On the Setup Wizard Completed screen, select the check box to launch the Configuration Wizard and click Finish.
    8. Run the Configuration Wizard.
    9. Run the Default Settings Wizard.
  5. Install AppScan® Enterprise Dynamic Analysis Scanner to the dynamic scanner machines. Unzip to machine and run ASE_DASSetup_<version>.exe. After you complete the installation, run the Server Configuration Wizard, and repeat for all Dynamic Analysis Scanner machines.
  6. Optional: Upgrade AppScan Source to version 10.0.5. See Upgrading AppScan Source for complete instructions.
  7. If you use AppScan Source and connect with an Oracle database, modify the filepath to point to Liberty instead of Jazz Team Server. See Upgrading the AppScan Source LDAP connection with an Oracle database.
  8. If you upgrade from v8.8, the database is unencrypted. Read these topics to learn how to encrypt the database.

Testing the staging environment

Procedure

  1. Verify all configured services are functioning as intended.
  2. Verify usage of the HCL AppScan software is functioning as intended.
    • authentication
    • building scans
    • running scans
    • reporting

Results

Once the above steps have been completed, and your Information Security team is satisfied all components of the running software in staging are functioning, stable, and ready for production use, upgrade to your production server.

Upgrading the AppScan Enterprise production environment

If you are only upgrading your production environment, refer to the detailed instructions explained in the "Building the staging (testing) environment for upgrade" topic above.

Preparing production for AppScan Enterprise Software upgrade

Procedure

  1. Notify your users that services will be unavailable for the period of time while upgrade has been introduced, and testing has been completed.
  2. Back up the production database.
  3. Take existing agent servers out of service before upgrade is performed.
  4. Take existing application server out of service before upgrade is performed.
  5. Take existing SQL server out of service before upgrade is performed.

Upgrading production AppScan Enterprise software

Procedure

  1. Upgrade production AppScan Enterprise Server to the latest release:
    Note:
    • Always uninstall AppScan Enterprise components before installing new versions or fixpacks.
    • Always leave existing components of AppScan Enterprise in place and install on top of these when you apply an iFix or a patch.
  2. Upgrade production SQL server to the latest release that AppScan Enterprise supports.
  3. Upgrade production Agent Dynamic Analysis Scanner servers to the latest release.
  4. Perform system reboot, then put AppScan Enterprise server in service.
  5. Perform system reboot, then put Agent Scanner servers in service.

Testing production AppScan Enterprise software post upgrade

Procedure

  1. Verify all services are available and ready for use.
  2. Verify usage of the HCL AppScan software is functioning as intended.
    • authentication
    • building scans
    • running scans
    • reporting