Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Services
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Security
Unlock the full power of Microsoft Security
Offensive Security
Solutions to maximize your security ROI
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
Loading...
Loading...

HOWTO: Upgrading MailMarshal Service Provider Edition to a newer version

Expand / Collapse


This article applies to:

  • Trustwave MailMarshal SPE supported versions

Question:

  • What is the safe method to upgrade MailMarshal SPE from an earlier version to the currently released version?

Procedure:

To upgrade SPE, the general procedure is to upgrade the Trustwave MailMarshal (SEG) servers first, then upgrade the SPE Marshal Interface Agent or console server and the SPE agents.

  • Product names in the installers and interfaces depend on the product versions. MailMarshal SPE (Service Provider Edition) is also known as Trustwave SPE. Trustwave MailMarshal is also known as Trustwave SEG or MailMarshal SMTP.
  • This article assumes you are familiar with SEG and SPE concepts.
  • Before starting, review the Release Notes for the new version of SPE and SEG. Release Notes include version specific upgrade notes, such as previous version supported for direct upgrade.

The following steps are suggested to upgrade SPE safely and with minimal disruption to email flow.

  1. Stop all SPE services on all array managers and nodes (Depending on version this may include Marshal Agent, Replication Agent, Status Agent, Maintenance Agent, Reporting Agent).
  2. Stop the Web Console services on the IIS server (either by stopping the website in iisconfig, or by typing net stop w3svc).
  3. Take a snapshot of the SPE database.
  4. Stop the SEG Array Manager.
  5. Take a snapshot of the SEG database.
  6. Start the SEG Array Manager.
  7. To ensure ability to roll back, create a backup of the SEG configuration by running the MMExportCfg in the SEG directory (typically in SEG version 8.X: C:\Program Files\Trustwave\Secure Email Gateway)
    • For instance: MMExportCfg MMBackupOct2008.xml 
    • For details of locations for earlier SEG versions, see article Q10832.
    • For SEG 8.0 if DKIM is in use, also ensure you have exported DKIM keys. They are not included in SEG 8.0 backups.
  8. Upgrade the array manager with the supported version of SEG software. This will upgrade your configuration from the earlier version.
  9. Upgrade the nodes with the SEG software.
    • At this point you will have a fully working SEG solution running on the new software. Take a configuration backup (as in step 7) and a snapshot of the SEG database.
  10. Repeat steps 4-9 for each SEG array.
  11. Start your IIS server.
  12. Upgrade the Web Console and/or MIA server: run the SPE installer and upgrade the web console and Marshal Interface Agent (Maintenance Agent in earlier versions). The database wizard will also run and upgrade your SPE database.
  13. When the installer and database wizard completes successfully, log into the SPE console and make sure the configuration appears correct. Arrays will not be connected at this stage.
  14. Run the SPE installer on all Array Managers to upgrade the Replication Agent or Marshal Agent (depending on version).
  15. Force a configuration reload on the SPE web console (Arrays->Force Reload).
  16. Monitor the Array Manager logs for any errors. If you encounter any problems, stop and disable the SPE agent on the Array Manager (Marshal Agent for 3.8 and above, Replication Agent for earlier versions). Restore the SEG configuration (from the backup you took in step 7 above), and restart the Array Manager. You will not need to restore the SQL database. Do not proceed further but contact Trustwave Technical Support for assistance.
  17. Upgrade the Marshal Agents on the nodes.
  18. If upgrading to a version below 3.6, upgrade the reporting agent. (3.6 and above does not use a separate reporting agent.)
  19. Restore any custom branding. The upgrade creates a dated backup of the website directory, including the branding subdirectory. Move required items to the production website\branding folder.
  20. If you use custom themes for the Customer Console or SQM, you may need to update the themes to cover new features. See the linked article below for more information.
    • Release 4.0 includes breaking changes to the SQM login page.
    • Release 3.6.2 includes significant changes in the Customer Console themes from 3.6.1.

Notes:

For some versions, the Release Notes recommend stopping all Marshal services including all SEG services during upgrade. This recommendation was to ensure that some settings are updated when services start. Normally you can follow the steps above and SEG services can remain running during the SPE upgrade.

For upgrade from SEG 8.0 or below with DKIM keys, in the rare case that you must roll back the SEG upgrade, you might need to re-import DKIM keys on the nodes. Contact Trustwave for assistance.


To contact Trustwave about this article or to request support:


Rate this Article:
     

Related Articles



Add Your Comments


Comment submission is disabled for anonymous users.
Please send feedback to Trustwave Technical Support or the Webmaster
.