This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Promote Remote SEC to Primary SEC

Hello,

 

We are planning a migration from Windows 2008r2 to Windows 2016. We would like to run the two systems in parallel with the Windows 2016 host acting as a remote SEC. When ready, we'd like to decomm the 2008r2 server and promote the 2016 SEC as the primary manager. 

 

  • Does Sophos support "promoting" a remote SEC to primary? 


This thread was automatically locked due to age.
  • Hi Ntrepid,

    You can run two servers with SEC and their own database without issues.  Each endpoint can only connect to one SEC server.  When both SECs are running you can slowly migrate your endpoints to the Windows 2016 SEC server by pushing out an endpoint redirection script to them via start-up GPO.  Once all the endpoints are migrated over you can decommission your Windows 2008 R2 server.
    Redirection script: https://community.sophos.com/kb/en-us/116737

    A guide for setting up your Windows 2016 server can be found here: https://docs.sophos.com/esg/enterprise-console/5-5/help/en-us/PDF/sec_55_mgeng.pdf

  • Hi  

    If you have an Enterprise console with the older version than 5.5.0, I'd suggest you to first upgrade it to 5.5.1 as 5.5.0 is soon going to be expired. Once it is upgraded to the desired version, you can start the migration process for the enterprise console.  has mentioned the correct migration process. 

    The latest version on the Enterprise console is needed because if you'll be stuck at any process while migrating, you can contact Sophos support and they'll be able to help you on the problem if you have the supported version of the Sophos Enterprise console.

    Regards,

    Jasmin
    Community Support Engineer | Sophos Support

    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • Hello Ntrepid Corporation,

    MEric and Jasmin have already suggested what to do.
    For clarification: It is a Remote Console (that can also be installed on a workstation), not a remote SEC. You can't promote a remote console to a SEC (I prefer the term Management Server) even though you use the SEC installer to install the console. The installer has three major components - Console, Database, Management Server. The latter consists of the management proper and the Update Manager (SUM). The server and its endpoints communicate using the Remote Management System (RMS). While on endpoints RMS is like all other Endpoint components maintained by AutoUpdate, on the server it is maintained by SUM. Thus you can't promote an already protected (i.e. where Endpoint is installed, whether also the Console or not) machine by just running the SEC installer.

    One important decision is whether you want to transfer your configuration (group structure, policies) and historical data - this would forbid the "slow migration" of endpoints. 

    Christian