> ## Documentation Index
> Fetch the complete documentation index at: https://altostrat.io/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Cisco IOS-XE firmware upgrade across 12 sites with change approval

> Plan, approve, schedule, and execute a fleet firmware upgrade — Jira change request, Freshservice approval, Slack war room, staged maintenance windows, post-upgrade verification, CMDB sync.

Cisco PSIRT publishes an advisory affecting the IOS-XE 17.x train running on twelve customer-edge ISR routers. The MSP needs the upgrade staged, approved, executed across twelve maintenance windows, validated, and documented — with the customer informed before, during, and after each window.

## Systems involved

| System                    | Role                                                     |
| ------------------------- | -------------------------------------------------------- |
| Jira                      | Source change request from the security team.            |
| Freshservice              | Customer-facing CR with approvals and CAB sign-off.      |
| Studio inventory          | The twelve target hosts, organized by customer and site. |
| Cisco IOS-XE              | The actual upgrade target.                               |
| TFTP / SCP                | Image staging path.                                      |
| Slack `#fleet-upgrade-q2` | Operational channel during each window.                  |
| ConnectWise PSA / NetBox  | CMDB updated with new firmware version per device.       |
| Gmail                     | Pre- and post-window customer comms.                     |

## Walkthrough

<Steps>
  <Step title="Build the upgrade plan from Jira">
    Copilot reads the Jira CR, lists every host tagged `cisco-edge` in inventory matching the affected version, and drafts a per-customer table with current version, target version, and the right maintenance window.
  </Step>

  <Step title="Generate the customer-facing CR">
    The Freshservice connector creates one CR per customer. Each contains the affected device, the maintenance window, the rollback path, the contact tree, and the Jira advisory link. CAB approves five at a time.
  </Step>

  <Step title="Pre-window customer email">
    Copilot drafts a per-customer email through Gmail 24 hours before each window: scope, expected outage, contact phone, post-window verification commitment. You review and queue.
  </Step>

  <Step title="Stage the firmware image">
    Copilot pushes the IOS-XE image to the local SCP server and verifies the MD5 against Cisco's published hash. If a customer's edge can't reach the central SCP, it picks the local jump host instead.
  </Step>

  <Step title="Open the war room">
    At T-15 minutes for each window, Copilot opens a Slack thread in `#fleet-upgrade-q2`, posts the device, the customer, the rollback command set, and the on-call name. Anyone joining sees the same context.
  </Step>

  <Step title="Run the upgrade procedure">
    The `Cisco IOS-XE upgrade` procedure runs against the host. Pre-checks: reachability, free flash, backup config to TFTP, save running-config. Stage commands appear in the staging panel for approval. After approval the upgrade runs, the device reloads, and the procedure waits for the OOB SSH path to come back.
  </Step>

  <Step title="Post-upgrade verification">
    Procedure runs `show version`, `show ip interface brief`, `show bgp summary`, and the customer-specific functional check. A diff of pre and post output is attached to the run.
  </Step>

  <Step title="Sync CMDB and close the CR">
    Copilot updates the ConnectWise/NetBox entry with the new firmware version and the upgrade timestamp. The Freshservice CR is closed with the diff artifact attached, and a closing email goes to the customer with the validation snippets.
  </Step>
</Steps>

## Where Studio earns its keep

* One procedure runs against twelve hosts the same way every time, so the worst window is the same as the best.
* The pre-checks are non-negotiable — Studio refuses to push the image if free flash is short or the backup didn't complete.
* The war room thread captures the exact commands, decisions, and outputs without anyone copying terminal scrollback.
* The CMDB and the customer email both update from the same source of truth, so no one is asking which version is now running.

## Related

<CardGroup cols={2}>
  <Card title="Procedures" icon="workflow" href="../../procedures" arrow="true" cta="Author runbooks">
    Build the IOS-XE upgrade procedure once and run it per host.
  </Card>

  <Card title="Shared sessions" icon="users" href="../../shared-sessions" arrow="true" cta="Share live">
    Bring a peer into the upgrade window for two-person verification on the highest-risk devices.
  </Card>
</CardGroup>