The environment that the server existed in has become non-operational and I am faced with bringing the Endpoint Encryption server back up on another machine. I am armed with an older server, a tape backup, and the ability to use the original IP address. EEPC executables were all set to online installations back to that single IP address.
From what I have read this should be, at the most, a bit time consuming but should work fine from the restore. Once the environment has been restored then the database will need to be moved back to the original machine and that can be accomplished by copying the SBDATA folder over after stopping all EE services. Re-starting service on the original machine should allow everything to continue normally.
Are there any special considerations?
Anyone who has done something similar?
And yes, I am recommending that the customer implements the Endpoint Hot Backup Solution in case this should occur again.
Thanks for any and all feeback.
In a nutshell that should be it. A good database snapshot, original installation media and installation procedure notes should suffice.
As for large and busy database, "hot" backup is not very useful, but better than nothing. Just don't assume that you could freely flip between backup and primary database servers. Test backup database from time to time on a separate server - run database checks to make sure it has good data. That should be enough for a good DR.
can you just copy the directory from your old box to new one? You don't actually really need to install anything - there's nothing in the registry to care about, and unless you REALLY want the start menu items, everything you need is in the c:\program files\sbadmin (or c:\program files\mcafee\endpoint encryption manager) folders.
Just copy that to your new box, usually the database is with it, fire it up and that will be it 😉
In this case the server is virtualized and since that is completely gone until things are fixed the original is completely inaccessible. However, backups are done on a regular basis and a very recent backup exists. Confidence is high that all currently encrypted machines would be a part of that backup.
Great to know about not needing to install anything, that will make things much easier. Basically I just need the service to be running so that the online installs will do what is expected and that an accurate accounting will take place on the server as far as creating new machines and updating the audit logs.
Thanks to you both on the quick replies. I am typing up the DR documentation and hoping that everything will be restored shortly.
In case you don't know, you get the service installed by running SBDBServer.exe (as an application), then in the menu there's an option to start the service (which will install the service as well).
Don't forget to set up the connector schedules again if you use it, and of course the same for the backup tool.
And just in case that you don't have initial installation documentation, always check your setup with: Endpoint_Encryption_Enterprise_Best_Practices_Guide_v2.pdf
available from McAfee site.