Managing Domain Management Servers During the Upgrade Process
|
Best Practice - To not make any changes to Domain Management Server Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. databases during the upgrade process. |
If your business model cannot support management downtime during the upgrade, you can continue to manage Domain Management Servers during the upgrade process.
If you make changes to Domain Management Server databases during the upgrade process, this can create a risk of inconsistent Domain Management Server database content between instances on different Multi-Domain Servers. The synchronization process cannot resolve these database inconsistencies.
After you successfully upgrade one Multi-Domain Server Dedicated Check Point server that runs Check Point software to host virtual Security Management Servers called Domain Management Servers. Synonym: Multi-Domain Security Management Server. Acronym: MDS., you can set its Domain Management Servers to the Active state, while you upgrade the others. Synchronization between the Domain Management Servers occurs after all Multi-Domain Servers are upgraded.
If, during the upgrade process, you make changes to the Domain Management Server database on different Multi-Domain Servers, the contents of these databases will be different. Because you cannot synchronize these databases, some of these changes will be lost. The Domain Management Server High Availability status appears as Collision.
You must decide which database version to retain and synchronize it to the other Domain Management Servers. Then you must re-enter the lost changes to the synchronized database - configure the same objects and settings again.