Upgrade Guide to PostgreSQL (MDSS v4.0.0)

MDSS v4.0.0 Upgrade Guide: MongoDB to PostgreSQL Migration

Overview

Starting with MDSS version 4.0.0, PostgreSQL replaces MongoDB as the primary database backend. This guide covers the upgrade process, migration scenarios, and best practices for a seamless transition.

Key Changes in v4.0.0

  • Database Backend: PostgreSQL replaces MongoDB
  • Automatic Migration: Data is migrated by default during upgrade
  • External Database Support: Improved support for external PostgreSQL instances

Pre-Upgrade Considerations

When Data Migration Occurs

Data migration happens automatically when upgrading from any MDSS version < 4.0.0 and any of the following conditions are met:

  • Previous version uses internal/bundled MongoDB
  • New version is configured to use external PostgreSQL
  • Both previous and new versions are configured with external databases

Data migration from MongoDB to PostgreSQL takes about 2-3 hours / 1M files in the original database. In this time MDSS is not available for operation. Other upgrade options are available below.

When Data Migration is Skipped

Data migration is automatically skipped when all the following conditions are met:

  • Previous version uses external MongoDB
  • New version is configured with bundled PostgreSQL deployment

⚠️ Important: This prevents unintentional migration of cloud/external data to local deployments.

Data migration is also skipped after a successful installation or upgrade of MDSS v4.0.0 on the same machine so that data is migrated only once. This is done in order to ensure data in MDSS v4.0.0 is not overwritten by an unintentional migration from an older version.

Upgrade Options

Option 1: Standard Upgrade with Migration

Recommended for: Small to medium deployments where historical data is required.

  1. Backup your current deployment
  2. Upgrade to v4.0.0 using your standard deployment process
  3. Monitor the migration - duration depends on data volume

Configuration: No additional configuration needed for default migration.

Option 2: Skip Data Migration

Recommended for: Large deployments or when historical data is not critical.

Add the following to your customer.env file before upgrading:

Bash
Copy

💡 Time Savings: For large datasets, migration can take several hours. Skipping migration provides immediate availability of the new version.

Option 3: Blue-Green Deployment

Recommended for: Production environments requiring zero downtime and maximum safety.

Process:

  1. Deploy v4.0.0 in parallel to your existing environment without starting any scans
  2. Configure the new deployment with the same settings as the old one
  3. Test thoroughly without activating storage processing
  4. Stop storage processing on the old version (while keeping it running for rollback capability)
  5. Activate storage processing on the new v4.0.0 deployment
  6. Monitor the new deployment for proper functionality
  7. Decommission old environment after validation period

Benefits:

  • Controlled transition of storage processing
  • Easy rollback by reversing the process
  • No data migration time
  • Fresh start with optimized database
  • Prevents duplicate storage scanning

External PostgreSQL Configuration

For production deployments, consider these managed PostgreSQL services for better performance, reliability and high availability options:

  • AWS RDS PostgreSQL
  • Google Cloud SQL for PostgreSQL
  • Azure Database for PostgreSQL

Connection Configuration

To use an external PostgreSQL database, add the following to your customer.env file:

Bash
Copy

Example configurations:

Bash
Copy

Database Configuration Recommendations

Connection Limits

Ensure your PostgreSQL instance has adequate connection limits:

SQL
Copy

Performance Tuning

Consider these PostgreSQL settings for optimal MDSS performance:

SQL
Copy

More details on configuring allocated resources on a PostgreSQL database can be found in their official documentation here.

What Gets Migrated

  • User accounts and permissions
  • Configuration settings
  • Historical data and logs
  • Custom configurations
  • Dashboards and reports
  • Storages

Special attention on Real Time Processing, Storage Remediations and Scan Configurations migration.

The idea of Workflow is the result of merging Scan Configuration and Storage remediations. To not lose any remediations from storage, a Workflow shall be created starting from Default Scan Configuration and appending the Storage Remediations.

Remediation of DeepCdr with encrypt original will be migrated to Keep Allowed and Keep Blocked for the original file

The existent Scan Configuration will be migrated with only Keep Allowed and Keep Blocked remediations which are the defaults.

Real Time Processing shall be migrated using the new Workflow created from that specific storage

Troubleshooting

Connection Issues

Bash
Copy

Rollback Procedure on Linux

If you need to rollback after upgrade:

  1. Set in customer.env: ENV_IMAGE_TAG=stable3.6.1
  2. Run the update command: sudo mdss -u update
  3. Verify connectivity to your original MongoDB database
  4. Confirm functionality and data integrity

In order to perform the rollback on an offline deployment you need to (re)deploy the docker offline toolkit for version 3.6.1.

Rollback Procedure on Windows

If you need to rollback on a Windows deployment:

  1. Stop MDSS
  2. Backup the MongoDB data folder: C:\Program Files\OPSWAT\MetaDefender Storage Security\data\mongo - preferably before upgrading to v4.0.0 but this folder should be kept even after an upgrade
  3. Uninstall MDSS 4.0.0
  4. Install MDSS 3.6.1
  5. Stop MDSS (after the installation is complete it start automatically)
  6. Replace the MongoDB data folder with the previously created backup.
  7. Start MDSS

Running the data migration manually

In order to migrate the data from an older MongoDB database and overwrite any existing data in the new PostgreSQL database:

  1. Clear the SKIP_MONGO_TO_PG variable from the .env and customer.env files and from the system environment variables (Windows only)
  2. Delete the PostgreSQL data docker volume mdss_postgres_data (Linux only): docker volume rmmdss_postgres_data``
  3. Restart MDSS v4.0.0

💡 Notes:

  • The migration process doesn't modify your original MongoDB database, so rollback is straightforward by reverting to the previous MDSS version.
  • Modifications performed after the upgrade will not be kept after the rollback.
  • Rollback is only supported to version 3.6.1.

The only backup of the original MongoDB database is in the original docker volume called mdss_**mongo_db. Uninstalling MDSS or performing any cleanup operations will delete this volume permanetly.**__

Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard