Moving Sophos to a New Server (Different Name)

Question

Hi all

I've done a search but can't really find an answer to the situation I'm facing.

I'm currently in the process of rebuilding the servers I've inherited and replacing/rearranging functions.

At present the server currently Running SEC v3.1 has a small partition set for the C drive and is rapidly running out of space. The intention is to rebuild this server from scratch once the data has been migrated from it and then use it for deployment, updates and sophos. So, my plan was to move Sophos to a new server temporarily then once the server had been reconfigured, upgrade to SEC v4.

However the articles I've read only cover migrating to a new server which has the same name and ip address as the original server.

So, after all that the question I really have is, while I'm doing this, if I have 2 Sophos Consoles installed on the domain on different servers and gradually transition the clients over, am I going to encounter any problems, or am I better off removing the console from the old server and installing from scratch on the temporary one?

Then the same question goes really for installing v4 on the recommisioned server, would I be better off removing the console from the temporary server then setting up from scratch or could I run both in conjunction while I rolled the clients out?

Does any of that make sense?

Hope so!

Thanks. :)

This thread was automatically locked due to age.

QC · Accepted Answer

Hello and welcome, Ian

Sophos recommends against running more than one management server at a time ( Ensure that you are running only one Console on the network at a time, otherwise you will experience problems ). 
 So much for the disclaimer.

Caveat: If you use an AD syncpoint you should turn it off before you "activate" the new server. If you use remote CIDs (i.e. EM writing to a non-local share) make sure only one of the EM Libraries updates them.

Now the good news. It can be done and it's not really complicated. The question is why you want to "move back" to the reconfigured server, but you probably have a reason. A quick summary of the required steps: 
 
 Export the Certification Manager registry key, backup the database and export the library settings 
 Install SEC3.1 and EM Library on the new server 
 Edit and import the EM Library settings 
 Import the database, edit the updating policies on the new server 
 Configure RMS in the CID(s) on the new server (copy mrinit.conf to the rms\ subdirectory and run configcid.exe ) - not absolutely necessary but does no harm) 
 
 At this point the view on the new server should resemble the one on the old. Of course no clients will report to it. If you didn't turn off your production server you will lose some alerts and messages. To make sure everything works you could try Protect computers on one or two clients.

You now have two options: 
 
 Configure RMS in the CID(s) on the old server (put the mrinit.conf from the new server in the rms\ subdirectory, run configcid), the clients will then start reporting to the new. Use Comply with ... to apply the new updating policies. 
 Change the update location in the "old" policies to point to the new server (in this case you need step 5 from above). Depending on the other (non-update) policies you use it might suffice that you create a new group with the respective updating policy and move the clients to this group. 
 
 If you search the board for the words mrinit.conf certification manager (no link included this time) or mrinit.conf alone you will find several helpful posts/threads.

As for migration to SEC4: If you want to start "from scratch" (i.e. you keep nothing, no policies, no group structure, no history, alerts, reports) just set up SEC4 and SUM on the recommissioned server (but import the registry keys first ), configure RMS as above and then change the updating policies on the temporary server. The clients will upgrade to SAV9 and "move back".

... 32C/90F outside and no A/C, so I hope all details are correct.

Christian 
 :3303