Replibit Service Advisory – Trusty Upgrade
Replibit has recently completed the deployment of our first major Operating System upgrade:
- This uplifted all devices from Ubuntu 12.04 LTS (Precise) to Ubuntu 14.04 LTS (Trusty).
- Replibit v8.0.9 is currently the latest published version.
During the phased deployment of Ubuntu Trusty, issues affecting the Operating System upgrade have been identified and fixed. Critical considerations encountered included the content filtering and antivirus scanning features of some firewalls were impeding the performance of the Operating System upgrade—they had a tendency to block required application packages from being downloaded.
Having identified this firewall blocking indicator, we executed steps in the 8.0.9 release to prevent upgrades from 7.0.x when this type of firewall is detected.
- Such devices will not be updated from 7.x to 8.0.9.
- We will be targeting all remaining 7.x devices with the Release of 8.1.1 which will begin shortly.
How to Prepare for Replibit Release 8.1.1
To ensure a reliable upgrade experience for any remaining devices that are still running Replibit 7.0.3 or earlier, to minimize the risk of packages failing to be accessible, and to facilitate future Operating System upgrades please follow the instructions below to ensure that your firewall is configured properly:
1. Replibit devices should always be protected behind a network layer firewall, and should never be exposed directly on the internet, either architecturally or using IP Forwarding.
2. An outbound rule on the firewall must be configured to allow Replibit Appliances to receive updates.
- This rule should be configured to disable layer 7 inspections.
- If you are using a Next-Generation Firewall inspections such as: AV, URL Filtering, IPS, and so forth, these often interrupt the update process and can cause the update to fail making your Appliance unusable. One or more outbound rules at the top of your firewall policy list that disables these layer 7 inspections, and allows HTTP (port 80) and HTTPS (port 443) traffic to the following sources should be configured:
- To ensure connectivity during an outage, each Replibit device should be assigned a static IP address. This will prevent issues should the local DHCP server host be unavailable
- Additionally, each Replibit device should be assigned a public DNS server.
- Google’s public DNS servers: 22.214.171.124 and 126.96.36.199 are known to work well with Replibit.