Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 2092 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Enterprise Console move and upgrade

keith_co

We are currently running Enterprise Console 4.5.  we also currently run our Enterprise Console on the same server as our SQL Server

we would like to do two things:

1. Upgrade to the newest version of the enterprise conole

2. Move the management pieces off of the SQL Server and put them on their own server, while keeping the SQL database where  it is.

I see a lot of articles on upgrading current setups and such, but nothing to this level.  Any ideas on what steps to take to do this?

thanks

:27483


This thread was automatically locked due to age.
  • 0

    HI,

    To get some official documentation, the most supported procedure (although odd) might be to move everything to the new server, essentially perform a full migration.  

    You could do this either by migrating SEC 4.5 to the new server or upgrade your current install of SEC to SEC 5.1 and move that.

    You have to migrate the same version of SEC, an upgrade with migrate at the same time is asking for trouble and certainly unsupported.

    SEC 5.1 is more complex than SEC 4,5 but the documentation, installer and tools have improved so I'd probably feel more confident migrating SEC 5,1.  Migration guide is here:

    http://www.sophos.com/en-us/medialibrary/PDFs/migration/sec_51_mgeng.pdf

    The main things to be aware of are:

    1. Going from 32->64 bit machines or 64->32 the registry paths change.

    2. If the locale of the computers differ you might end up with a different SQL collation, this will cause problems.  I would always check the current collation and the new SQL instances collation.  I would probably manually install a SOPHOS instance using SQL Server 2008R2 Express and ensure the collation was the same as your current SQL Server.

    To redirect endpoints:
    http://www.sophos.com/en-us/support/knowledgebase/116737.aspx 

    As this might take a while to settle down, I.e. redirect all the endpoints, make sure they all have their new updating policies, etc.  This could take a week I would think.

    Then I would clear everything off the SQL server, drop Sophos databases.   Then move the database role to the SQL server.

    Maybe re-post if you need help with that.

    How many clients do you have?  Just to check the new server could cope with SQL Express as the database.

    Regards,

    Jak

    :27497
  • 0

    Thanks for the help.

    In reference to your question regarding the DB, we do not want to move the DB.  Currently we run the DB and the Console/Management stuff on the same server, which happens to be our SQL Server.  We want to keep the DB on the  SQL Server, but move the Console/Management pieces to another server.

    Hope this helps.

    Thanks,

    Tony

    :27931
  • 0

    Hi

    From where you are now, to where you want to be and to follow tested supported documents, it would be easier to move everything over to the new server, as that is supported and then move the database role back.  I appreciate this sounds a bit backward but otherwise you need a bespoke solution for which there are many questions.  

    In trying to think of a shortcut hack, something like this might work:

    1. Move the certauthstore registry key.  This key is mentioned in the migration guide.

    2. backup the privatestore to XML (http://www.sophos.com/en-us/support/knowledgebase/111425.aspx)

    3. Uninstall Enterprise Console in total off the SQL Server leaving just the SOPHOS45 database attached.  The database will never be removed from the instance on an uninstall.

    4. Run the SEC 5.1 installer on the SQL server to generate the 3 new databases.

    At this point, all you have are:

    1) a SOPHOS45 database attached to the SQL instance.

    2) An XML file with the private store values and syncpoint data

    3) a cert reg key.

    4) The 3 new empty databases of SEC 5.1

    Then on the new server:

    1. Import the cert key to ensure the same certs are generated.

    2. Run the SEC 5.1 installer and add the console and server roles.  You can point the install at the SQL server.

    3. Once complete, manually run "upgradedb.exe -debug -sourceVersion=45" (http://www.sophos.com/en-us/support/knowledgebase/65420.aspx) to transfer the data from SOPHOS45 to SOPHOS51.  The management service will fail to start until you do this because of the state.  The application event log will tell you why.

    4. Import the prvatestore (http://www.sophos.com/en-us/support/knowledgebase/111425.aspx).  This will ensure that all the passwords in your polices can be interpreted by the management service, as the database just holds strings that reference the private store entries.

    Hopefully this will get you into a position where you then need to redirect the endpoints.

    http://www.sophos.com/en-us/support/knowledgebase/116737.aspx

    This might be one solution but I haven't tested it.

    Regards,

    Jak

    :27933
  • 0

    Ah ok.  I misunderstood before.  Does make sense now.  Thanks.

    :27939