Introduction to CDT
Overview
Central Deployment Tool (CDT) is a tool that runs on Gaia Security Management Servers and Gaia Multi-Domain Security Management Servers.
With this tool you manage the installation of software packages from your Management Server to multiple Security Gateways and Cluster Members at the same time:
-
Install and uninstall software packages.
-
Do different actions - take snapshots, run shell scripts, push or pull files, and so on.
-
Automate the RMA backup and restore procedure.
CDT handles cluster upgrades automatically - see Package Installation in Clusters.
CDT Installation Package
See sk111158 > section "Downloads and Documentation".
To see the installed CDT version and build, run in the Expert mode:
|
CDT Limitations
See sk111158 > section Known Limitations.
CDT Workflows
Below are different workflows to use the Central Deployment Tool (CDT):
When an administrator uses the CDT to install an Upgrade Package on a single Security Gateway, the CDT follows these steps:
-
CDT makes sure that the state of the Security Gateway is correct (all required processes are up and running)
-
CDT prepares Access Control Policy for the Security Gateway:
-
Changes the version in the Security Gateway object.
-
Changes the applicable configuration settings and Access Control Policy.
-
-
CDT executes the Deployment Plan File on the Security Gateway:
-
Runs Pre-Script(s).
-
Updates the CPUSE version.
-
Pushes the CPUSE package(s) to the Security Gateway.
-
Imports the CPUSE package(s) on the Security Gateway.
-
Installs the CPUSE package(s) on the Security Gateway.
-
Makes sure the Access Control Policy is installed on the Security Gateway.
-
CDT v1.9.7 and higher: Makes sure the Threat Prevention Policy is installed on the Security Gateway.
-
Runs Post-Script(s).
-
-
CDT makes sure that the state of the Security Gateway is correct (all required processes are up and running).
|
Important - You must manually install all other applicable Security Policies:
|
When an administrator uses the CDT to install an Upgrade Package on a ClusterXL in High Availability mode, the CDT follows these steps:
-
CDT makes sure that the states of the Cluster Members are correct (Active and Standby).
-
CDT prepares Access Control Policy for the Cluster:
-
Changes the version in the Cluster object.
-
Changes the applicable configuration settings and Access Control Policy.
-
-
CDT executes the Deployment Plan File on the Standby Cluster Members.
-
Runs Pre-Script(s).
-
Updates the CPUSE version.
-
Pushes the CPUSE package(s) to the Cluster Members.
-
Imports the CPUSE package(s) on the Cluster Members.
-
Installs the CPUSE package(s) on the Cluster Members.
-
Makes sure the Access Control Policy is installed on the Cluster Members.
-
CDT v1.9.7 and higher: Makes sure the Threat Prevention Policy is installed on the Cluster Members.
-
Runs Post-Script(s).
-
-
CDT runs a ClusterXL Upgrade:
-
Makes sure the upgraded Cluster Member is in the Standby or Ready state.
-
Performs cluster failover to one of the upgraded Cluster Members.
Note - The CDT uses the:
-
Multi-Version Cluster (MVC) Upgrade when you upgrade to R80.40 or higher.
-
Full Connectivity Upgrade (FCU) when you upgrade to R80.30 or lower.
-
-
CDT executes the Deployment Plan File on the former Active Cluster Member.
-
CDT makes sure that the states of the Cluster Members are correct (Active and Standby).
|
Important - You must manually install all other applicable Security Policies:
|
When an administrator uses the CDT to install a Hotfix on a single Security Gateway or Cluster, the CDT follows these steps:
-
CDT makes sure that the state:
-
CDT makes sure that the state of the Security Gateway is correct (all required processes are up and running)
-
CDT makes sure that the states of the Cluster Members are correct (Active and Standby)
-
-
CDT executes the Deployment Plan File:
-
Runs Pre-Script(s).
-
Updates the CPUSE version.
-
Pushes the CPUSE package(s) to the Security Gateway / Cluster Members.
-
Imports the CPUSE package(s) on the Security Gateway / Cluster Members.
-
Installs the CPUSE package(s) on the Security Gateway / Cluster Members.
-
Makes sure the Access Control Policy is installed on the Security Gateway / Cluster Members.
-
CDT v1.9.7 and higher: Makes sure the Threat Prevention Policy is installed on the Security Gateway / Cluster Members.
-
Runs Post-Script(s).
-
-
CDT makes sure that the state is correct:
-
On the Security Gateway all required processes are up and running
-
Cluster Members are in the states Active and Standby
-
|
Important - You must manually install all other applicable Security Policies:
|