New Install vs. Migrating

Hello jerryn3,

55 users is not much. I've used (had to use) both methods but with a lot more clients.

Won't bother you with the intricacies. A fresh install requires that you recreate you group structure (which can't be too complicated in your case) and the policies. If you can reliably discover and protect all your computers from the console you don't even have to keep the accounts and certificate from the old server - this would be the easiest method. Of course, whenever you do not migrate the database you'll lose not only the settings but all of the history as well.

BTW: will you also upgrade SEC?

Christian

A fresh install would mean:

1. No database so no group structure, nor group polices and no historical data about threats or computer history (the last one can be important to companies tracking year-on-year threats).
2. The server would create brand new certificates and all existing endpoint installations would then have out of date certificates.  No real problem if you plan to re-protect all the computers.  However that is a consideration about losing the old certificates:
3. Assuming you kept the same server hostname/IP address for the server the clients, with the now incorrect certificates, would be able to route messages to the new server but all those messages would be blocked as the certificates won't match.

If you don't need the computers, groups, and historical data in the database starting fresh on that is simpler and forgoing the backup/restore will save you some time.  However it's always worth copying over the certificates...

http://www.sophos.com/en-us/support/knowledgebase/117463.aspx

...especially if the new server has the same network settings as the old one as you avoid 55 computers trying to send messages to the Sophos Certification service and that service having to repeatedly deny the request (which slows down valid messages trying to get processed in the queue).  You would generally have to have tens of thousands of endpoints to really see a problem but I have been involved in troubleshooting that so I now suggest thecertificates are always kept.

Hi Christian,

I am currently running 5.2. Isn't that the latest version? I am concerned about the certificates. If I install on a new server with different name and IP do I have to use the old certificate? I am not worried about the settings as I have screen shots of most of the configurations. I have exported the exceptions list. Would I stop services or uninstall the old server first? Then install on new server or can I install in advance?

Thank you

Jerry

Hi Ruckus,

What if I install to an existing server with different name and IP address? Do I still have to deal with certificates? Does reprotecting endpoints change the certificate they use to the new one?

Thank you,

Jerry

Hello Jerry,

5.2. Isn't that the latest version?

you didn't mention it, did you (or I have missed it)? 5.2.1 R2 would be the very latest, please see the 5.2.1R2 release notes for the changes.

with different name and IP do I have to use the old certificate?

Using a new certificate with a new IP/name wouldn't cause the problems ruckus has mentioned. Using the old certificate has the advantage that (with a little bit of configuration) you can redirect the endpoints to the new server by simply changing the update location with the policies on the old one.

or can I install in advance?

No problem, the old and the new can co-exist (unless you are instructing them to write to the same remote share, or - in a domain environment - use AD sync with automatic protection).

Christian