Migrating to a New Appliance

From time to time, Synopsys will do a major update of the Sentinel Appliance software or operating system. When an update takes place, you will need to replace your existing Sentinel Appliances with ones using the updated Sentinel Appliance software or operating system – for example, when replacing Sentinel Appliances using Ubuntu 14 with Sentinel Appliances using Ubuntu 18.

For migration, you will need to:

  • Identify the appliances that need to be replaced.

  • Obtain the replacement appliance.

  • Deploy and Start the new appliance.

  • Configure the new appliance the same as the old appliance.

  • Initiate the migration as described below.

    • Make any internal network configuration changes required so that the new appliance can connect to the WhiteHat Sentinel Satellite controller, as described in Network Requirements under Setting Up Your Appliance.

    • Verify all internal network configuration changes required, including updating the new appliance DNS configuration, so that the new appliance can connect to all assets being scanned (internal or preproduction sites, application source code, or binaries.)

  • Confirm that any changes to your network that were in place for the old appliance (e.g. firewall configuration) have been duplicated for the new appliance.

Identifying an Appliance to be Replaced

If a new version of an appliance is available, you will see the "Download New" option where the "Download" option is shown above. (Although the SAST appliance screens are used in the examples below, the DAST process is identical.)

If a new version of an appliance is available and has already been assigned to replace your current version, you will see the screen below and the "Migrate" button will already be available.

Even appliances lacking any associated assets will display the "Download New" or "Migrate" buttons; however, appliances without assets do not need to be replaced. Please contact Customer Support at support@whitehatsec.com or by phone at 408.343.8300 to request that unused appliances be decommissioned.

Obtaining the Replacement Appliance

If you click on "Download New," a new row will appear below the older appliance:

migrate3

The new appliance will be labeled "new" and will have a status of "Disconnected," with no assets associated with it. Download the new appliance and perform the deployment, start-up, and configuration process; at that point you will be able to migrate from the old to the new version.

Migrating Assets to the New Appliance

Once the new appliance has been deployed and configured, both appliances will show a status of "Connected" and the "Migrate" button will be available. Click on "Migrate" to initiate the migration process.

migrate5

You will see the "Migration in progress" message as your assets are migrated from the old to the new appliance. Once the migration is complete, the message will be updated to "Migration verification in progress" and you will see that your new appliance now has the appropriate asset count associated with it, while the old appliance has no assets.

migrate6

Synopsys will monitor the progress of the migration and initial post-migration scans, and should there be any difficulties Synopsys will resolve them manually; the "Download Appliance" status may be returned to "migration in progress" until these issues are resolved.

Once the scans are successful and the migration is complete, WhiteHat Security will decommission the old appliance (please see Decommissioning Your Appliance) and it will no longer appear in this list. The "new" label will no longer appear on the new appliance, and the "Download Appliance" column will show "Download" rather than "Download New."

migrate7

Decommissioning Your Appliance

When a Sentinel Appliance is no longer in use, it should be decommissioned.

A Sentinel Appliance may require decommissioning outside the migration process if for any reason no assets are configured to use that appliance (the asset count is shown as "0" in the Sentinel Appliance Management page).

To request decommissioning of an unused Sentinel Appliance outside of a migration process, please contact Customer Support at support@whitehatsec.com. Synopsys will decommission appliances that go through the migration process without requiring a separate decommissioning request.

Once the Appliance has been virtually decommissioned by Synopsys, both the Synopsys software and (for Sentinel Source/SAST Appliances) any copies of your source code will have been deleted from the hard drive (physical or virtual).

For Virtual Appliances: shut down the appliance and undeploy or delete it from the virtual environment

Finally, remove all internal firewall configurations put in place to enable the appliance to connect to Synopsys and to your internal resources.