Deployment 101

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
45 minutes
Difficulty
Beginner
CEU/CPE
3
Video Transcription
00:00
>> [MUSIC] Hi there and
00:00
welcome to the Check Point Deployment 101 lesson.
00:00
Before we take a deep dive into the various tools and
00:00
use cases of deployment
00:00
that are specific to Check Point,
00:00
let's briefly discuss what deployment is,
00:00
the types and methods of deploying
00:00
>> Check Point software,
00:00
>> and finally, I will give
00:00
a high-level overview of
00:00
the Check Point deployment tools.
00:00
Simply put, software deployment is the process
00:00
required to make a software system available for use.
00:00
It can be generally divided into three categories.
00:00
Setting up a new machine.
00:00
This type of deployment is performed on a new machine,
00:00
which also requires an installation
00:00
of an operating system.
00:00
Performing a clean install on an existing machine.
00:00
In this type of deployment,
00:00
you start afresh with a clean version of
00:00
a designated software
00:00
overriding an existing installation.
00:00
This type of deployment preserve
00:00
previous configurations such as user credentials,
00:00
IP addresses, and default gateways.
00:00
A clean install should be
00:00
chosen when you wish to downgrade the machine to
00:00
an older major version or perform
00:00
a fresh install of the same version
00:00
>> or a higher version,
00:00
>> which will also be used when
00:00
you would like to change a machine role,
00:00
for instance, from management to gateway.
00:00
Finally, the third type of
00:00
deployment is used when upgrading a machine.
00:00
In this type of deployment,
00:00
you preserve the existing operating system settings
00:00
and the Check Point database while installing hotfixes,
00:00
Jumbo Hotfixes, or major versions.
00:00
This form of deployment also generates
00:00
an automatic snapshot during
00:00
a major version installation.
00:00
This is very helpful in
00:00
case you need to revert the installation.
00:00
So what can you deploy with Check Point
00:00
>> deployment tools?
00:00
>> You can deploy major versions,
00:00
which introduce new functionalities
00:00
and cutting-edge innovative
00:00
technologies to the market while
00:00
maintaining a high product quality.
00:00
For example, R80.20,
00:00
R80.40, R81, etc.
00:00
Jumbo Hotfixes are an accumulation of stability and
00:00
quality fixes resolving
00:00
multiple issues in different products.
00:00
You can also install hotfixes,
00:00
which are specific quick fixes for
00:00
a particular feature or
00:00
a fix to be installed where required.
00:00
The last type of Check Point deployment is Blink.
00:00
Blink allows users fast and easy deployment
00:00
of the Check Point gateway or management server.
00:00
This usually means an all-in-one bundle
00:00
package of major and minor installations.
00:00
Upon completion of this deployment,
00:00
the user gets a machine with the desired version,
00:00
the desired hotfixes or Jumbo Hotfixes,
00:00
and the updated signatures
00:00
for the installed software blades.
00:00
You can install this deployables either
00:00
>> by orchestrating
00:00
>> multiple gateways or by deploying a single gateway.
00:00
When orchestrating multiple gateways,
00:00
several gateways are upgraded simultaneously.
00:00
This includes upgrading clusters
00:00
while maintaining connectivity upgrades.
00:00
The upgrade is performed from
00:00
the management server and can only
00:00
be used to upgrade gateways.
00:00
When deploying a single gateway,
00:00
you perform an installation on a single machine,
00:00
which can be a gateway, a management machine,
00:00
a log server, or
00:00
any type of Gaia operating system machine.
00:00
So we've talked about
00:00
the types of Check Point deployments.
00:00
But what about the methods of deployment?
00:00
Let's talk about the three methods
00:00
of deployment that can be
00:00
used when deploying Check Point software
00:00
depending on the circumstances.
00:00
First, you have the Online deployment method.
00:00
In this method, the machine that is
00:00
deployed to is connected to the Check Point cloud,
00:00
and the software package are being
00:00
downloaded and installed on the machine.
00:00
Next you have the offline deployment method.
00:00
In this method, the machine that
00:00
is deployed to is not connected to
00:00
the Check Point cloud and the user needs to
00:00
import the desired upgrade package to the machine.
00:00
Finally, you have the initial deployment method.
00:00
In this method, users can
00:00
easily manage the initial deployment of
00:00
their Gaia operating system gateway or their
00:00
Gaia Embedded small and medium business enterprises
00:00
and data center security appliances.
00:00
This is designed for setting up a new appliance.
00:00
In this last topic of this session,
00:00
I'd like to give you a quick overview of
00:00
the four deployment tools
00:00
used when deploying Check Point software.
00:00
The checkpoint update service engine CPUs,
00:00
also known as the Gaia software update agent is
00:00
an advanced and intuitive mechanism
00:00
for software deployment on Gaia OS.
00:00
It supports deployments of hotfixes,
00:00
Jumbo Hotfixes, and major versions on a single machine.
00:00
The central deployment tool, CDT,
00:00
is a utility that runs on management servers
00:00
and multi-domain management servers running Gaia OS.
00:00
This utility lets you manage
00:00
the deployment of software packages from
00:00
your management server to
00:00
multiple managed security gateways
00:00
and cluster members at the same time.
00:00
It also allows you to perform various actions,
00:00
such as taking a snapshot,
00:00
running shell scripts, push files or pull them, etc.
00:00
It also allows you to
00:00
automate the return material authorization,
00:00
also known as RMA,
00:00
backup and restore process.
00:00
Finally, CDT handles cluster upgrade
00:00
automatically, including connectivity upgrade.
00:00
Another tool is the Central Deployment in SmartConsole,
00:00
available from version R81.
00:00
You can deploy using the SmartConsole.
00:00
It lets you perform batch deployment of Jumbo Hotfixes,
00:00
and hotfixes on gateways,
00:00
clusters, and VA6 gateways.
00:00
It also enables you to upgrade versions
00:00
of gateway clusters and VA6 devices.
00:00
The last type of tool is called Zero Touch.
00:00
The Zero Touch Cloud Service allows users to easily
00:00
manage the initial deployment of
00:00
their Gaia operating system gateways,
00:00
or Gaia Embedded small and medium business enterprises
00:00
and data center security appliances.
00:00
It allows to deploy them in
00:00
remote sites without having to send a skilled admin,
00:00
and you can also use it to install
00:00
a new version and not just initial settings.
00:00
That's about covers the Check Point deployment 101.
00:00
We've talked about deployment in a nutshell,
00:00
the types and methods of deployment,
00:00
and the tools that can be used
00:00
for deploying Check Point software.
00:00
Thank you for taking this lesson.
00:00
See you in the next one.
00:00
[MUSIC]
Up Next