Introduction to CDT

Overview

Central Deployment Tool (CDT) is a tool that runs on Gaia Security Management Servers and Gaia Multi-Domain Security Management Servers.

With this tool you manage the installation of software packages from your Management Server to multiple Security Gateways and Cluster Members at the same time:

  • Install and uninstall software packages.

  • Do different actions - take snapshots, run shell scripts, push or pull files, and so on.

  • Automate the RMA backup and restore procedure.

CDT handles cluster upgrades automatically - see Package Installation in Clusters.

CDT Installation Package

See sk111158 > section "Downloads and Documentation".

To see the installed CDT version and build, run in the Expert mode:

$CDTDIR/CentralDeploymentTool -v

CDT Limitations

See sk111158 > section Known Limitations.

CDT Workflows

Below are different workflows to use the Central Deployment Tool (CDT):

Generate an Installation Candidates List File

Create a list if candidate Security Gateways and Cluster Members, on which to install a package

=>

Select Candidates

Select the applicable candidates from the Installation Candidates List File

=>

Execute

Run the required operation on all selected candidates

When an administrator uses the CDT to install an Upgrade Package on a single Security Gateway, the CDT follows these steps:

  1. CDT makes sure that the state of the Security Gateway is correct (all required processes are up and running)

  2. CDT prepares Access Control Policy for the Security Gateway:

    1. Changes the version in the Security Gateway object.

    2. Changes the applicable configuration settings and Access Control Policy.

  3. CDT executes the Deployment Plan File on the Security Gateway:

    1. Runs Pre-Script(s).

    2. Updates the CPUSE version.

    3. Pushes the CPUSE package(s) to the Security Gateway.

    4. Imports the CPUSE package(s) on the Security Gateway.

    5. Installs the CPUSE package(s) on the Security Gateway.

    6. Makes sure the Access Control Policy is installed on the Security Gateway.

    7. CDT v1.9.7 and higher: Makes sure the Threat Prevention Policy is installed on the Security Gateway.

    8. Runs Post-Script(s).

  4. CDT makes sure that the state of the Security Gateway is correct (all required processes are up and running).

Important - You must manually install all other applicable Security Policies:

  • If you used CDT v1.9.7 and higher: install QoS, Desktop policies.

  • If you used CDT v1.9.6 and lower: install Threat Prevention, QoS, Desktop policies.

When an administrator uses the CDT to install an Upgrade Package on a ClusterXL in High Availability mode, the CDT follows these steps:

  1. CDT makes sure that the states of the Cluster Members are correct (Active and Standby).

  2. CDT prepares Access Control Policy for the Cluster:

    1. Changes the version in the Cluster object.

    2. Changes the applicable configuration settings and Access Control Policy.

  3. CDT executes the Deployment Plan File on the Standby Cluster Members.

    1. Runs Pre-Script(s).

    2. Updates the CPUSE version.

    3. Pushes the CPUSE package(s) to the Cluster Members.

    4. Imports the CPUSE package(s) on the Cluster Members.

    5. Installs the CPUSE package(s) on the Cluster Members.

    6. Makes sure the Access Control Policy is installed on the Cluster Members.

    7. CDT v1.9.7 and higher: Makes sure the Threat Prevention Policy is installed on the Cluster Members.

    8. Runs Post-Script(s).

  4. CDT runs a ClusterXL Upgrade:

    1. Makes sure the upgraded Cluster Member is in the Standby or Ready state.

    2. Performs cluster failover to one of the upgraded Cluster Members.

    Note - The CDT uses the:

    • Multi-Version Cluster (MVC) Upgrade when you upgrade to R80.40 or higher.

    • Full Connectivity Upgrade (FCU) when you upgrade to R80.30 or lower.

  5. CDT executes the Deployment Plan File on the former Active Cluster Member.

  6. CDT makes sure that the states of the Cluster Members are correct (Active and Standby).

Important - You must manually install all other applicable Security Policies:

  • If you used CDT v1.9.7 and higher: install QoS, Desktop policies.

  • If you used CDT v1.9.6 and lower: install Threat Prevention, QoS, Desktop policies.

When an administrator uses the CDT to install a Hotfix on a single Security Gateway or Cluster, the CDT follows these steps:

  1. CDT makes sure that the state:

    • CDT makes sure that the state of the Security Gateway is correct (all required processes are up and running)

    • CDT makes sure that the states of the Cluster Members are correct (Active and Standby)

  2. CDT executes the Deployment Plan File:

    1. Runs Pre-Script(s).

    2. Updates the CPUSE version.

    3. Pushes the CPUSE package(s) to the Security Gateway / Cluster Members.

    4. Imports the CPUSE package(s) on the Security Gateway / Cluster Members.

    5. Installs the CPUSE package(s) on the Security Gateway / Cluster Members.

    6. Makes sure the Access Control Policy is installed on the Security Gateway / Cluster Members.

    7. CDT v1.9.7 and higher: Makes sure the Threat Prevention Policy is installed on the Security Gateway / Cluster Members.

    8. Runs Post-Script(s).

  3. CDT makes sure that the state is correct:

    • On the Security Gateway all required processes are up and running

    • Cluster Members are in the states Active and Standby

Important - You must manually install all other applicable Security Policies:

  • If you used CDT v1.9.7 and higher: install QoS, Desktop policies.

  • If you used CDT v1.9.6 and lower: install Threat Prevention, QoS, Desktop policies.