The goal of this article is to explain how SKUDONET Subscriptions work and how to configure SKUDONET subscriptions to maintain updated SKUDONET appliances in a very automatic way.
The SKUDONET appliances require to have connectivity to two services: certs.skudonet.com and repo.skudonet.com
SKUDONET apppliance connects to https://certs.skudonet.com/ in order to check your Subscription Plan or Support status and once this system confirms the access is granted, then it connects to https://repo.skudonet.com/ in order to check the package updates.
For this reason, it’s important to ensure that the ADC is able to reach both remote points. If due to any reason, the connection to the Internet from ADC is not allowed to those sites the ADC can be configured to add an HTTP and HTTPS proxy. Ensure to have enabled the following destination rules in your data center:
For Firewall sysadmins: Allow From the SKUDONET IP to DNS resolution of certs.skudonet.com and repo.skudonet.com port 443 (HTTPS protocol)
For Proxy sysadmins: Allow From the SKUDONET IP to https://certs.skudonet.com/* and https://repo.skudonet.com/* (HTTPS protocol)
Please follow the next steps in order to enable your Subscription Plan or Support in the SKUDONET ADC Enterprise Edition appliances.
Firstly, please ensure you have the appliances deployed and activated, from SKUDONET 6.3.0 the suscription to our repository is done automatically at the moment the appliance is updated, but use the following procedure in case you experience some connectivity issues or want to ensure the system is properly connected to our systems.
1. Connect to your SKUDONET appliance in a ssh console and ensure that at least the release SKUDONET 6 is installed:
root@skudonet-adc:~# dpkg -l | grep skudonet ii skudonet 6.3.0 amd64 SKUDONET Load Balancer Enterprise Edition
Applying package updates and hotfixes
SKUDONET appliances are fully integrated with the Linux operating system based in a GNU/Debian environment,
Since SKUDONET 6 the system includes a tool called checkupgrades which check if any package update is pending and gives information about the system status as follows:
root@skudonet-adc:~# checkupgrades SKUDONET Packages are up-to-date.
or via web GUI:
Search a certain package in the local database.
root@zvnlb:~# apt-cache search skudonet cherokee - SKUDONET cherokee gdnsd - SKUDONET gdnsd health-checks - SKUDONET health checks pound - SKUDONET pound reverse proxy ssyncd - SKUDONET Ssyncd skudonet - SKUDONET Load Balancer Enterprise Edition skudonet-web-gui - Web GUI of SKUDONET Enterprise skudonet-ipds - Security updates to feed IPDS module of skudonet Load Balancer
Read the contents and information for a certain package.
root@zvnlb:~# apt-cache show skudonet-web-gui
Update a certain package.
root@zvnlb:~# apt-get install skudonet-web-gui
Update the whole system.
root@zvnlb:~# apt-get --with-new-pkgs upgrade
SKUDONET Load Balancer is able to be updated even if the load balancer is not allowed to connect to the Internet, so the latest SKUDONET updates also are accessible in ISO format, this ISO file can be downloaded from the Support Portal ZVNCentral.
The procedure for the offline updating process is the following.
1. Ensure that the load balancer has an active support contract.
2. Download the latest SKUDONET Update ISO file from the KB section of ZVNCentral portal, direct link here.
3. Copy the ISO file in the load balancer path /usr/local/skudonet/updates/.
4. Run the command checkupgrades, this command will check in first place the connectivity to our private system, if the connection is not possible, then the command will check if there are update ISO files in the updates path.
5.If there are pending updates, a message will be shown in order to confirm with the updating process.
SKUDONET 6 configures the subscription by default at the moment of appliance activation, so please ensure that the load balancer has internet connectivity before to activate it,.
Compatibility and Security
SKUDONET Load Balancer is based on a GNU/Debian system and fully integrated with the APT repository services. Although, it doesn’t mean that SKUDONET packages are fully compatible with Debian mainstream packages, as this has been designed to be optimized and ready for high availability, scalability, and security of applications.
It is capable to add third parties APT repositories for certain packages, but use this at your sole responsibility. System updates and upgrades are only supported by the official SKUDONET APT repositories. In addition, for security reasons, only accept updates from signed package repositories.
SKUDONET Team are responsible of keeping the SKUDONET ADC Appliances out of any vulnerability using the official SKUDONET repositories, so please keep the SKUDONET systems up-to-dated with our suscriptions plans and support levels.