Index | Prev | Next

Upgrading a system

Except where noted, an upgrade of an existing AX-3.7, AX-3.6, or AX-3.5 job to the same-revision “update release” (AX-3.7u1, AX-3.6u4, or AX-3.5u4) should go much like any other “maintenance release” system upgrade. In this scenario, hosts should not need license upgrades.

If you are upgrading a system from a lower-revision level, say from AX-3.5 to AX-3.8 or to AX-3.7u1, the procedure is much the same, but you need to purchase license upgrades for all hosts before the upgrade.

Upgrading a system to a Security Update release (or AX-3.8)

The basic steps in performing this upgrade are as follows:

  1. Using your existing Workbench, backup all stations including the Supervisor.

  2. Stop the Supervisor station.

  3. Install the new updated Workbench to your PC and also Supervisor.

    Select the install option for “this Workbench to be used as an installation tool”.

    NoteIn the Workbench install options, be sure to select “Copy Settings from Latest Version Installed”. If for some reason you do not see this option, see the section Copying items from previous install.

  4. Start the new update Workbench and start the Supervisor.

    NoteIn AX-3.8 Workbench, all Open Platform and Open Station choices default to “open with SSL”. In most cases, you need to change the connection “Type” to regular (non-SSL), unless an upgrade from an initial AX-3.7 release where SSL was previously configured. Following any upgrade to AX-3.7u1 or later, SSL configuration is highly recommended. For related details, see the SSL Connectivity Guide.

  5. In Workbench, open the running Supervisor station (Fox connection).

  6. In the Supervisor station, open the property sheet of its NiagaraNetwork. (Config > Drivers > NiagaraNetwork).

  7. Expand the FoxService and look for a new property Legacy Authentication.

  8. Change Legacy Authentication from the default “Strict” to “Relaxed Until” (shown below) and then Save. For further details, see “Fox Service properties” in the NiagaraAX Drivers Guide.



    NoteThis should be a temporary setting only. Reset this to “Strict” in the Supervisor’s FoxService after you finish upgrading NiagaraAX in the subordinate JACE hosts (represented in the Supervisor’s NiagaraNetwork). Typically you use the platform Commissioning Wizard to update these JACEs, as described in the next step.

    (Background): Relaxed authentication in the Supervisor’s FoxService allows its subordinate JACEs to continue to communicate with the Supervisor until they have been upgraded. This is necessary to continue operations like remote alarming, archiving histories, and so on.

    However, you should not leave the Supervisor in this state, as this negates much security (see Caution).

    CautionUnless set to “Strict”, either “Relaxed” option is effectively the same as setting the FoxService property Authentication Policy to “Basic”, as this is the only “common ground” authentication between a legacy Fox client (Workbench or another station) and this update release station. Thus, passwords for client connections to this station are passed in clear text. Obviously, this is not a desired operating state. For this reason, you should seldom (if ever) set the Legacy Authentication property to “Always Relaxed”.

  9. For each of the subordinate JACE hosts, open a platform connection in Workbench. Run the platform Commissioning Wizard, selecting to “Install/upgrade core software from distribution files”, and also to “upgrade all out-of-date software modules”.

    After each JACE reboots and its station starts, verify that its communications to the Supervisor are still functional (in upgraded JACEs, you should not need to change any FoxService properties).

  10. After all JACEs are upgraded to the update release level, open the Supervisor station in Workbench.

    In the Supervisor’s NiagaraNetwork, FoxService, reset the Legacy Authentication property to “Strict”, and then Save.

  11. Verify that NiagaraNetwork communications between the Supervisor and JACE stations are OK, and make new backups of all stations.

Copying items from previous install

When you choose the Workbench install option to “Copy settings from Latest Version Installed (version)”, the contents of the following folders are copied from the older NiagaraAX Workbench release folder (!) to the new NiagaraAX Workbench release folder (!):

  • !backups

  • !certificates

  • !certManagement (new folder in AX-3.8)

  • !daemon

  • !jre/lib/security/krb5.conf (if it exists - used for LDAP with Kerberos)

  • !licenses

  • !modules -> !sw/inbox

  • !security

  • !sedona/kits (if it exists)

  • !sedona/manifests (if it exists)

  • !sedona/platforms (if it exists)

  • !stations (except for !stations/demo and !stations/demoAppliance)

  • !sw

  • !users (in an AX-3.8 installation, user credentials are not included)

  • !workbench

If necessary, you can manually copy these files.

NoteIf upgrading Workbench or a Supervisor from the original AX-3.7 release to either AX-3.7u1 (or AX-3.8), the contents of these folders have special significance:

  • !security

  • !workbench/security

This is especially important if SSL is implemented, as these contain related certificates, exemptions, and trusted root certificates.

To copy the !sw folder for Workbench, you can alternatively use the platform Software Manager after starting Workbench and making a local platform connection. Select “Software Import”, “Import software from directory”, and navigate to the old !sw folder. For details, see “Software Import” in the Platform Guide. Note that backup .dist files have exact dependencies, such that prior saved backups are likely dependent upon modules in the older software database (!sw) folder.

Index | Prev | Next

Copyright © 2000-2014 Tridium Inc. All rights reserved.