This guide provides detailed information about upgrading Zscaler App Connectors on Red Hat Linux, clarifying processes, terminology, and roles for zpa-connector and zpa-connector-child.
Terminology
- Manager Version: Version of
zpa-connectorinstalled and updated manually via Linux package management (yum). It manages operations and updates. - Software Version: Automatically managed operational software version, updated by Zscaler Cloud independently.
- Software Update: Automatic updates by Zscaler Cloud, maintaining the operational software version.
Differences Between Manager Version and Software Version
- Manager Version:
- Updated manually using
yum. - Updates are less frequent, targeting administrative and OS-level stability.
- Typically shows a numerically higher version number.
- Updated manually using
- Software Version:
- Automatically updated from Zscaler Cloud.
- Receives frequent updates for new features and security improvements.
- Typically shows a numerically lower or different versioning scheme.
It’s normal for these versions to differ numerically. Despite numerical differences, both versions work seamlessly together in operation. The Manager Version affects the stability and administrative functions, while the Software Version controls active operational features and security enhancements.
Roles of zpa-connector and zpa-connector-child
zpa-connector(Manager):- Controls connector operations.
- Downloads and manages the updates for
zpa-connector-child. - Uses OS-trusted CA bundle (
/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem) for secure TLS connections.
zpa-connector-child:- Downloaded and managed automatically by
zpa-connector. - Establishes secure Microtunnels (M-Tunnels) to internal applications.
- Handles secure communication and user session management.
- Frequently updated directly by Zscaler Cloud.
- Downloaded and managed automatically by
Upgrade Methods
1. Manual Package Upgrade (Manager Version)
Manually updating the Manager Version using Linux commands:
# Check current package version
sudo yum info zpa-connector
# Upgrade the zpa-connector package
sudo yum upgrade zpa-connector
# Restart the service
sudo systemctl restart zpa-connector
# Check service status
sudo systemctl status zpa-connector
This only updates the Manager Version.
2. Automatic Software Version Upgrade
The operational software (Software Version) is automatically updated by Zscaler Cloud:
- No manual intervention needed.
- Regularly includes new features and enhancements.
Version Differences Explained
- Manager Version typically shows a higher numeric value due to different update cycles and focuses.
- Version numeric differences are normal, yet both components are fully compatible and synchronized operationally.
- Keeping Manager Version up-to-date ensures OS-level stability, while the Software Version ensures ongoing functionality.
Verification of Versions
CLI Verification
- Manager Version:
sudo yum info zpa-connector - Service Status:
sudo systemctl status zpa-connector
GUI Verification
In the Zscaler Cloud portal, navigate to Administration > Connectors:
- Manager Version: Matches the Linux-managed package version.
- Software Version: Shows the operational software managed by Zscaler Cloud.
- Software Status: Shows success or failure status for software updates.
Hovering over the success status confirms operational synchronization, despite numerical differences.
Best Practices
- Regularly verify connector statuses in the Zscaler Cloud GUI.
- Periodically update the Manager software using Linux commands.
- Allow Zscaler Cloud to handle automatic updates of the Software Version.
- Regularly update OS CA trust bundles:
sudo update-ca-trust.
Following these guidelines ensures accurate and efficient management of your Zscaler App Connectors.