The Cognito Platform Brain requires outbound connectivity to the automatic update server for normal operation. This connectivity is used for automatic (including security) updates and to synchronize keys for cryptographic authentication of sensors. The updates are a six step process:
- Brain downloads brain image anytime it detects a new version available on the update server. This is done over a TCP/443 (HTTPS). Vectra appliances validate SSL certificates for all HTTPS connections.
- Brain Installs brain image
- Brain downloads sensor image
- Brain stages sensor image for sensors.
- Sensors download sensor image from brain. Brain and sensors communicate over TCP/22 (SSH) and TCP/443 (HTTPS).
- Sensors install sensor image
Step 1 will happen anytime a brain detects there is a new version available on Updater
Steps 2-4 will happen during the customers configured maintenance window. If they do not complete during the maintenance window, then the next step continues during the next maintenance window. Sensors will update at any time after the sensor image has been staged on the brain. Sensors can jump upgrade, brains have to step upgrade release to release. Update window may be modified in UI: Settings, click edit next to "Preferred update window:"
Typically when going from one release to another (not multiple releases), the entire process should take less than an hour.