Replication of SEC to DR site

Hi,

I suppose the most relevant document is:

http://www.sophos.com/en-us/support/knowledgebase/114299.aspx

and you might be able to use at least parts of:

http://www.sophos.com/en-us/medialibrary/PDFs/nonindexed/sec_50_mgeng.pdf

I would suggest at least reading through it to get a rough idea of what is required to migrate a SEC server.

As you might gather from reading that, there is important config data stored outside of the database, so it's not just a case of moving the database but the tool DatabBackupRestore.exe will get everything required to re-create a new server configured the same as the old.

Worth asking, are you able to virtualise your "live" SEC server?  With that being virtualised it might make things easier to restore a backup of that in the DR site?

If not, using the same, name and IP at the DR site would be the easiest, as the clients will continue to message the server without reconfiguring them.  Also, for the purposes of using databackuprestore.exe, it is easier if the computers are the same OS and same 32/64-bit.

Note: If the current "live" management server had a static IP at the time of installation, the clients currently reference the server by IP.  However the clients will try contacting the server for messaging by IP then try FQDN and finally try by NetBIOS (but take a while to timeout moving to the next address). So you could make a DNS change to redirect the clients to a different server (as long as they have the same certificates) but it might take them a while (5 mins) to move to the FQDN so not optimal.

If you do install a SEC at the other site, make sure you backup the certauthstore of the current server and restore that registry key into the new server before installing the management software, this will ensure that the new server has the same RMS certificates and the clients can talk to the new server without being re-initialized in terms of RMS.  The migration guide mentions this.

Once you have installed the second, SEC, you should be able to move all the backup files over to the new server and run the restore tool. You can check everything is expected once complete.  How often you take a backup of the main server with the tool will depend on significant changes to the group structure, policies etc.  As soon as the computers start sending in status messages to the new server it will update the status of the computers so there is nothing to do there.

Regards,

Jak

Hi,

I suppose the most relevant document is:

http://www.sophos.com/en-us/support/knowledgebase/114299.aspx

and you might be able to use at least parts of:

http://www.sophos.com/en-us/medialibrary/PDFs/nonindexed/sec_50_mgeng.pdf

I would suggest at least reading through it to get a rough idea of what is required to migrate a SEC server.

As you might gather from reading that, there is important config data stored outside of the database, so it's not just a case of moving the database but the tool DatabBackupRestore.exe will get everything required to re-create a new server configured the same as the old.

Worth asking, are you able to virtualise your "live" SEC server?  With that being virtualised it might make things easier to restore a backup of that in the DR site?

If not, using the same, name and IP at the DR site would be the easiest, as the clients will continue to message the server without reconfiguring them.  Also, for the purposes of using databackuprestore.exe, it is easier if the computers are the same OS and same 32/64-bit.

Note: If the current "live" management server had a static IP at the time of installation, the clients currently reference the server by IP.  However the clients will try contacting the server for messaging by IP then try FQDN and finally try by NetBIOS (but take a while to timeout moving to the next address). So you could make a DNS change to redirect the clients to a different server (as long as they have the same certificates) but it might take them a while (5 mins) to move to the FQDN so not optimal.

If you do install a SEC at the other site, make sure you backup the certauthstore of the current server and restore that registry key into the new server before installing the management software, this will ensure that the new server has the same RMS certificates and the clients can talk to the new server without being re-initialized in terms of RMS.  The migration guide mentions this.

Once you have installed the second, SEC, you should be able to move all the backup files over to the new server and run the restore tool. You can check everything is expected once complete.  How often you take a backup of the main server with the tool will depend on significant changes to the group structure, policies etc.  As soon as the computers start sending in status messages to the new server it will update the status of the computers so there is nothing to do there.

Regards,

Jak