This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SEC 5.2 to 5.5 upgrade to new server

Hello,

We have a client who wishes to upgrade from SEC 5.2 to 5.5.

They have a remote SQL database server but want to move SEC from Server 2012 to Server 2016.

The server to server migration document only talks about migrating where database is local.

What is the process to move to SEC on Server 2016 where a remote SQL database is used? I am assuming we need to upgrade SEC components to 5.5 prior to migrating to another server.

Thanks.

Andrew



This thread was automatically locked due to age.
Parents
  • Hello Andrew,

    when using a remote database the database component must be upgraded first. After that the management server and console components can either be upgraded on the server they reside or simply installed on a new server (setup.exe will ask for the database location).

    Christian

  • Thanks Christian,

     

    Does the database store all configuration information? Is there anything else that is required than pointing a new SEC server at the upgraded database? What about client connections to the new server?

     

    Cheers.

     

    Andrew

  • Hello Andrew,

    all configuration information
    sorry, working with SEC since it has been brought into being the particulars have become second nature to me and I forget to mention them.
    The database doesn't hold all the information (please see the DataBackupRestore.exe article), the IMO most interesting piece of "the rest" are the certificates which are used for the server-endpoint communication. "the rest" is a small amount of information (which, except for the certificates, can easily be re-entered). Group structure, policies with all their details, policy assignments, and SUM configuration are in the database.
    client connections to the new server
    the docs recommend reprotecting the endpoints or using the Endpoint Migration Utility (both don't require to import the certificates before SEC installation).

    the server to server migration document
    I've also suggested an unsupported "shortcut" (take two weeks off and you forget a lot of things) namely upgrade and migration in one step. The supported scenario is a two-step upgrade-migrate or migrate-upgrade. In your case it would be upgrade to 5.5.0 on the old server (remote database first) then migrate the management component to the new (following the Migration Guide skipping the database component install and database restore).

    Christian   

Reply
  • Hello Andrew,

    all configuration information
    sorry, working with SEC since it has been brought into being the particulars have become second nature to me and I forget to mention them.
    The database doesn't hold all the information (please see the DataBackupRestore.exe article), the IMO most interesting piece of "the rest" are the certificates which are used for the server-endpoint communication. "the rest" is a small amount of information (which, except for the certificates, can easily be re-entered). Group structure, policies with all their details, policy assignments, and SUM configuration are in the database.
    client connections to the new server
    the docs recommend reprotecting the endpoints or using the Endpoint Migration Utility (both don't require to import the certificates before SEC installation).

    the server to server migration document
    I've also suggested an unsupported "shortcut" (take two weeks off and you forget a lot of things) namely upgrade and migration in one step. The supported scenario is a two-step upgrade-migrate or migrate-upgrade. In your case it would be upgrade to 5.5.0 on the old server (remote database first) then migrate the management component to the new (following the Migration Guide skipping the database component install and database restore).

    Christian   

Children
  • Thanks Christian,

     

    From what I have been reading, the supported method is to upgrade first and then migrate. The migration guide mentions an assumption that all components are on one server. Can the migration guide be used with a remote SQL database?

     

    Cheers.

     

    Andrew

  • Hi Andrew,

    So the process goes as follows:

    - First upgrade to 5.5.0

    - Then, migrate to the new server

    - During the process of migration, you will be asked to select the location of the database server

    - Now point it to the remote database server

    Please do take a backup of the database to be on the safer side. Let me know if this helps resolve your query.

    Haridoss Sreenivasan
    Technical Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • Hello Andrew,

    migrate to the new server
    as the database is on a remote you have to skip chapter 7 (Install Enterprise Console database component) and the database restore (item 4. in chapter 8). At 9 Install Enterprise Console server and console components step 3.b) make sure the Database Component is unselected, when proceeding you'll get asked for the database location.

    Christian

  • Hi,

     

    I spoke with Sophos support yesterday and they have advised we can upgrade the database and then point new server at the database. Their process is as follows:

     

    create a back up of the Sophos Database:
                > follow KBA: 110380 do the back up of the Sophos database
    - Upgrade of Sophos database: http://www.sophos.com/en-us/support/documentation/enterprise-console.aspx
    - Install other SEC components on the new server and point it to the existing Sophos Database
    - Configure Update managers to point to their main update manager (in the DMZ)
    - Configure updating policy with the correct updating location

     

    Andrew

  • Hello Andrew,

    thanks for the information - so it seems the upgrade-migrate "shortcut" is at least semi-official [:)]

    Christian