Appearance
Updating
The Enclave agent is designed with three separate updateable components. These are the Enclave service, any plugins installed (i.e. networking, asset management), and optionally the GUI interface. Below we will go through our approach to releasing new version and how you should manage updates of the Enclave agent across your fleet.
Our approach
All of our releases follow Semantic versioning. In summary, MAJOR.MINOR.PATCH
versions are how we tag our releases. Currently all our deployments are on the 1.x.x
channel so backwards compatability is ensured.
Any MINOR
versions will be released on Tuesday between 12:00-14:00 CST (18:00-20:00 UTC)
. We aim to release PATCH
versions at the same time but reserve the right to deploy them out of band in case critical updates need to be made. MAJOR
versions will be on an opt in basis and communication will be made if a MAJOR
version is going to be released.
Example agent version
Component | Version | Update style |
---|---|---|
Agent (service) | 1.8.0 | End user initiated |
GUI | 1.10.0 | End user initiated |
Plugins | 1.12.1 | Managed from the EMC |
Managing plugins (manifest version)
The Enclave agent works by running a series of plugins that is pulled down from a manifest delivered from the EMC. This allows different functionality to be deployed based on the needs of the organization or type of agent that is running. For example, if an organization has access to asset management, our inventory plugin will be downloaded and run by the agent service. This process is dynamic and managed from the Enclave Management Consoles (EMC).
For best practices we recommend that you always pin your manifest version in live mode, verify new versions in test mode, then once verified, update your live mode version to the verified version. This will ensure that you are deploying updates to your fleet in update windows of your choice. The image below shows how you can manage manifest versions from the EMC:
Updating the agent service and GUI
There are three options to updating the agent service and GUI. The first option is user initiated. This can be done by clicking the Update
button in the bottom right corner of the GUI if an update is available. The other option is to deploy a new binary using your UEM tool of choice. Lastly you can script a update to your fleet if you have the capabilities to do so. Below is an example Bash script that can be run to update an agent:
bash
!/bin/bash
# update the enclave agent
# pass the --confirm flag to skip any prompts
enclave update --confirm
It is on our roadmap to be able to initiate service updates from the EMC and we will soon provide an estimated date on when that will be available.