Skip to main content

Steps of Updating NetScaler

NetScalers are running in Active/Standby mode, the update should be scheduled in two days for each pair in case there is an issue that requires an immediate rollback.

Postpone all NetScaler changes on the Netscalers which are under the update except for urgencies.

Day 1

  1. Confirm DC1 and DC2 are in HA mode. Under System -> High Availability -> Nodes, you can see two nodes.
  2. Force failover to DC1 Netscaler instance as the primary (May not required if DC1 instance is primary). You need to refresh the page on the browser to see the change.
force failover
  1. Save configuration on DC1 and DC2
  2. Check services on CLI of DC2 (Version 1). Recommend to copy and paste one command a time or they'd be placed randomly in the log.
show hostname 
show version 
sh ha node 
stat lb vserver -fullValues 
stat cs vserver -fullValues 
stat serviceGroup -fullValues 
stat service -fullValues 
stat vpn vserver -fullValues 
stat tcp 
show ns running
  1. Shutdown DC2 instance and take a snapshot DC2 instance. Always prefer to use Shut Down Guest OS since it notifies the system while Power Off directly shut the power off.
  2. Boot up DC2 instance and upgrade DC2 instance
    1. If the system reports insufficient diskspace, delete the old update files/folders under /var/nsinstall/
    2. USE a console window to check the system status since the web GUI won't refresh itself during the update.
  3. Confirm version and HA are good before failover to DC2. Save configurations on DC2
show version 
sh ha node
  1. Failover to DC2 instance as the primary
force failover
  1. Check services on DC2 (Version 2)
    1. The services should be in the status as same as they were before the update
    2. Some services take time
show hostname 
show version 
sh ha node 
stat lb vserver -fullValues 
stat cs vserver -fullValues 
stat serviceGroup -fullValues 
stat service -fullValues 
stat vpn vserver -fullValues 
stat tcp 
show ns running
  1. Confirm Version 1 and Version 2 are the same
    1. encryption phases change from time to time, they should NOT be the same
    2. HA node status should be different since the synchronization will stop between different versions.
  2. Do NOT delete Version 1 and Version 2

Day 2

  1. Save configurations on DC1 and DC2
  2. Shutdown DC1 instance and take snapshot of DC1 instance
  3. Set DC2 - STAYPRIMARY, on dc2
set ha node -haStatus STAYPRIMARY
  1. Set DC1 - STAYSECONDARY, on dc1
set ha node -haStatus STAYSECONDARY
  1. Check services on DC2 (Version 3)
show hostname 
show version 
sh ha node 
stat lb vserver -fullValues 
stat cs vserver -fullValues 
stat serviceGroup -fullValues 
stat service -fullValues 
stat vpn vserver -fullValues 
stat tcp 
show ns running
  1. Confirm Version 2 and Version 3 is the same
  2. Boot up DC1 instance and upgrade DC1 instance
  3. Check services on DC1 (Version 4). Some services may show DOWN at this step
show hostname 
show version 
sh ha node 
stat lb vserver -fullValues 
stat cs vserver -fullValues 
stat serviceGroup -fullValues 
stat service -fullValues 
stat vpn vserver -fullValues 
stat tcp 
show ns running
  1. Confirm services except for running status between Version 1 and Version 4
  2. Activate HA on DC1 & 2
set ha node -haStatus enable
  1. Check if DC2 is Primary and DC1 is Secondary
  2. Check services on DC2 (Version 5)
show hostname 
show version 
sh ha node 
stat lb vserver -fullValues 
stat cs vserver -fullValues 
stat serviceGroup -fullValues 
stat service -fullValues 
stat vpn vserver -fullValues 
stat tcp 
show ns running
  1. Confirm Version 5 and Version 1 is the same
  2. Failover to DC1
force ha failover

It can be applied to either DC1 or DC2

  1. Check services on DC1 (Version 6)
show hostname 
show version 
sh ha node 
stat lb vserver -fullValues 
stat cs vserver -fullValues 
stat serviceGroup -fullValues 
stat service -fullValues 
stat vpn vserver -fullValues 
stat tcp 
show ns running
  1. Confirm Version 6 and Version 1 is the same
  2. KEEP log Version 1-6 and the snapshots for at least a week

Rollback

During Day 1 Update

  1. Stop DC2 instance
  2. Rollback DC2 with the snapshot created before the update
  3. Confirm services

After Day 1 Update

  1. Failover to DC1 instance
  2. Stop DC2 instance
  3. Rollback DC2 with the snapshot created before the update
  4. Confirm services

During Day 2 Update - Partial rollback

  1. Stop DC1 instance
  2. Rollback DC1 with the snapshot created before the update
  3. Confirm services
    1. mainly for the number of services and configs
    2. the running status may be different with DOWN mainly

During Day 2 Update - Full rollback

  1. Stop DC1 instance
  2. Rollback DC1 with the snapshot created before the update
  3. Failover to DC1 instance
  4. Confirm services
  5. Perform DC2 instance rollback as mentioned above

After Day 2 Update

  1. Rollback DC2 instance
  2. Failover to DC2 instance
  3. Confirm services
  4. Rollback DC1 instance
  5. Confirm services
  6. Failover to DC1
  7. Confirm services