Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[JSA Series] Differences between 'Deploy Changes' and 'Deploy Full Configuration'

0

0

Article ID: KB33066 KB Last Updated: 05 Jun 2019Version: 2.0
Summary:

After Administrative actions, a 'Deploy Changes' may be required. This article provides information on when to either perform a 'Deploy' or 'Deploy Full Configuration' and their impact on your Juniper Secure Analytics (JSA) services.

Symptoms:

Examples of JSA changes that require Deploy Changes:

  • Adding or editing a new user or user role.
  • Adding or updating network hierarchy.
  • Adding a new security profile.
  • Creating a new authorized service token.
  • Adding a centralized credential (security descriptor)
  • Adding a new log source.
  • Setting a password for another user.
  • User changing their own password.
  • Change a users' user role and/or security profile.

Examples of JSA changes that require Deploy Full Configuration:

  • Adding or removing a host in the deployment editor that has an EC, EP, or MPC component.
  • Adding, removing, or editing the values on an EC/EP component or offsite source or target component in the deployment editor.
Solution:

What is a 'Deploy' in JSA?

When a JSA Console detects changes that are required to be pushed out to managed hosts, it shows in the Admin tab as banner stating that changes need to be deployed:

 

Changes are pushed out from the 'staging' area of JSA to the 'deployed' area and the Hostcontext service restarts the appropriate components. If a component does not have changes, then there are no changes to deploy, then a restart of that service might not be required.

What is the difference between 'Deploy Change' and 'Deploy Full Configuration'?

After you perform a 'Deploy changes', only services that need updates are restarted on the appliances. Data collection and processing continues as normal because the Event Collection Server/Service (ECS) does not restart. A Deploy Changes does not impact the JSA event pipeline (collection, processing, rules, or offenses).

A 'Deploy Full Configuration' from the Admin tab sends a request to rebuild all configuration file sets. Each individual appliance contains its own configuration files which then restarts services to ensure that the new configuration is loaded. All processes that collect and process event/flow data restart, and an interruption of data collection occurs. The data collection disruption is due to the ECS service being restarted, during a full deploy.

For JSA release 2014.6, anytime a service interruption is expected on a Deploy, a warning dialog message is shown to an Admin user. This allows the Admin user to cancel a deploy and to defer to a later time:


 

With JSA release 7.3.1 and later, event and flow collection is handled by the ecs-ec-ingress service, which is not restarted as part of a Deploy Full Configuration action.

 

Modification History:
2019-06-05: Updated the article with change in behavior for Full Deploy in latest versions ‚Äč7.3.1 and later.

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search