Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 2704 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Moving Sophos to a New Server (Different Name)

Cache

Hi all

I've done a search but can't really find an answer to the situation I'm facing.

I'm currently in the process of rebuilding the servers I've inherited and replacing/rearranging functions.

At present the server currently Running SEC v3.1 has a small partition set for the C drive and is rapidly running out of space. The intention is to rebuild this server from scratch once the data has been migrated from it and then use it for deployment, updates and sophos. So, my plan was to move Sophos to a new server temporarily then once the server had been reconfigured, upgrade to SEC v4.

However the articles I've read only cover migrating to a new server which has the same name and ip address as the original server.

So, after all that the question I really have is, while I'm doing this, if I have 2 Sophos Consoles installed on the domain on different servers and gradually transition the clients over, am I going to encounter any problems, or am I better off removing the console from the old server and installing from scratch on the temporary one?

Then the same question goes really for installing v4 on the recommisioned server, would I be better off removing the console from the temporary server then setting up from scratch or could I run both in conjunction while I rolled the clients out?

Does any of that make sense?

Hope so!

Thanks. :)

:3292


This thread was automatically locked due to age.
  • 0

    Hello and welcome, Ian

    Sophos recommends against running more than one management server at a time (Ensure that you are running only one Console on the network at a time, otherwise you will experience problems).

    So much for the disclaimer.

    Caveat: If you use an AD syncpoint you should turn it off before you "activate" the new server. If you use remote CIDs (i.e. EM writing to a non-local share) make sure only one of the EM Libraries updates them.

    Now the good news. It can be done and it's not really complicated. The question is why you want to "move back" to the reconfigured server, but you probably have a reason. A quick summary of the required steps:

    1. Export the Certification Manager registry key, backup the database and export the library settings
    2. Install SEC3.1 and EM Library on the new server
    3. Edit and import the EM Library settings
    4. Import the database, edit the updating policies on the new server
    5. Configure RMS in the CID(s) on the new server (copy mrinit.conf to the rms\ subdirectory and run configcid.exe) - not absolutely necessary but does no harm)

    At this point the view on the new server should resemble the one on the old. Of course no clients will report to it. If you didn't turn off your production server you will lose some alerts and messages. To make sure everything works you could try Protect computers on one or two clients.

    You now have two options:

    1. Configure RMS in the CID(s) on the old server (put the mrinit.conf from the new server in the rms\ subdirectory, run configcid), the clients will then start reporting to the new. Use Comply with ... to apply the new updating policies.
    2. Change the update location in the "old" policies to point to the new server (in this case you need step 5 from above). Depending on the other (non-update) policies you use it might suffice that you create a new group with the respective updating policy and move the clients to this group.

    If you search the board for the words mrinit.conf certification manager (no link included this time) or mrinit.conf alone you will find several helpful posts/threads. 

    As for migration to SEC4: If you want to start "from scratch" (i.e. you keep nothing, no policies, no group structure, no history, alerts, reports) just set up SEC4 and SUM on the recommissioned server (but import the registry keys first), configure RMS as above and then change the updating policies on the temporary server. The clients will upgrade to SAV9 and "move back".

    ... 32C/90F outside and no A/C, so I hope all details are correct.

    Christian

    :3303
  • 0

    Hi Ian

    If you have remote sites and your new server has changed it's IP Address, you be required to change this IP in your firewall rules, to reflect the IP address of your new Sophos Server. All depends if you have used IP or FQDN (Full Qualified Domain Name). Something I found out when I moved servers and messgaes where not being received back at the console, this issues was related to the firewalls. Just thought I would give you a 'Heads Up' Cheers Simon

    :3325
  • 0

    I forgot to mention you may have your old IP listed in mrinit.conf just edit it with your new details.

    There is an article on how to edit this knowledgebase article 14635 that explains how and what to edit the mrinit.conf 

    You have also mentioned you are changing the name , don't forget to edit DNS if you keep the same IP Address.

    :3327
  • 0

    Thanks for the replies both of you and those steps make it so much clearer as to exacvtly what to do thanks!

    It's also made me question why I'm moving the server twice and I've come to the conclusion if I just rearrange the order of planning and can get a lot more background work done without people complaining to much I could just move it to it's eventual server once I've rebuilt it first before rebuilding the existing SEC server.

    Thanks again! :)

    (Edit: can't mark multiple posts a solution which is a shame :()

    :3331
Unfiltered HTML