Security update for connectors
EAA allows in-place patches for your connectors when there are security vulnerabilities.
An EAA administrator can apply in-place patches to their connectors in between EAA releases when there are security vulnerabilities that require kernel updates.
The EAA administrator is alerted when connectors’ operating system (Connector OS) has vulnerabilities. They can apply security patches with minimal downtime, thereby improving productivity for users. The administrator can pick off-peak hours that work best for the organization. If there are any failures encountered during the upgrade, the administrator can Akamai contact support. During the upgrade, the connector cannot serve traffic. To minimize interruption, EAA will automatically choose alternative connectors available for each application if it has been configured.
If you have a second connector that is associated with the applications and directories, that can be used as a backup while the security upgrade is completed for the connector with security vulnerability.
An EAA connector can be in these states:
|,||Connector image can be downloaded and installed in your virtual environment.|
|Connector has finished setup on the virtual machine in the datacenter or public cloud and has reached out to EAA Cloud for approval. Admin should click approve to start the connector.|
|EAA Cloud (cloud proxy) cannot reach the connector due to network issues or the virtual machine is down.|
|The connector is running fine. No security vulnerabilities are present.|
|The connector has a security vulnerability.|
|The connector is running fine. A previous update was successfully installed. It does not have any vulnerabilities.|
|The connector is running but, it has vulnerabilities. A previous update has failed. Re-run the security update to fix the vulnerability. If it still persists, contact Akamai support.|
Based on these states the admin can know if the health of the connector is okay, or it has a security vulnerability and must be updated.
Update connectors for security vulnerability
Learn how to upgrade connectors that have security issues.
When the EAA administrator logs into the EAA management portal, if there are security vulnerabilities for the existing connectors they are alerted with this message:
You can click on the Connectors that need an upgrade to see all the connectors that need to be updated in your environment to mitigate security vulnerabilities.
The connector card shows the connector state, applications and directories using this connector:
Choose a time that is best for your organization when there are minimum users using the applications, to have minimal downtime. You might also want to first update to connectors that have the least number of applications and directories associated with them, and then perform the update on other connectors.
You can update each connector by performing these steps:
- Log in to the EAA Management Portal.
- From the top menu bar, click Connectors. All of the connectors configured in your account are shown. Connectors that need security updates are indicated by red down arrow next to Update. Start with the connector that has the least number of applications and directories associated with it for least downtime. Click Update.
In the Security updates panel,
you can see the number of security updates that need to be performed. Click
packages, to see all the packages that are upgraded and their
exact versions, and Hide packages, to hide them.
Note: Administrator cannot choose which packages should or should not be updated. Also, when this connector goes down, if you have another connector for high-availability, then the application, directory traffic is served by that connector.
Click Start security
update.You see a warning notifying you of a downtime and
suggesting you to pick an off-peak time for the update process. Click Continue. The
upgrade process begins for the connector in the console log. The upgrade
process begins for the connector in the console log. When the update finishes
successfully, this message appears:
- The status changes on the connector panel from Updating to Connector is running (Up to date), if successful; or to Connector is running (Update failed), if it was a failure. In this case, try to update the security patch again. If the problem persists, contact Akamai support for more help.
Repeat these steps for the next
connector that has the security vulnerability, until all of the connectors are
upgraded in your environment. You can update the connectors in parallel if they
are independent and associated with another application.
Note: Also, see Self-upgrade of EAA connectors for automatic updates to connectors from the EAA connector repository.