cancel
Showing results for 
Search instead for 
Did you mean: 

Cross Domain ePO end-point Migration

Hi Everybody -

1. My current EPO server (v4.5) will be rebuilt on a new Server which will be on a NEW DOMAIN and the two domains would have One-Way Trust relationship.

2. The new EPO server will be re-built with new version of ePO (4.6.6) on a new server.

My question now is - The enpoints which were reporting to old ePO server on older domain will be required to access new ePO server on new domain. What is the best way to make this happen efficiently?

And would endpoints reporting across domains be a concern? Assuming that the latency between domains is negligible.

8 Replies
Tristan
Level 15
Report Inappropriate Content
Message 2 of 9

Re: Cross Domain ePO end-point Migration

As far as i'm aware the only thing that ties McAfee products and the ePO server to the domain is the software installation credentials and DB access credentials.

The DB credentials aren't an issue in your scenario as the ePO server and its DB will exist solely in the new domain.

All you need to do is deploy new agents from your new ePO server to install over the old agents. As long as the credentails you enter into ePO to create the agent install package are a valid administrator level account on the client machines then the new ePO server will be able to manage them.

The new credentials can be domain account  or even a local account as long as they have install privilages.

EDIT: Also if your going to a new server then you should really look at the lastest version of ePO 5.1 rather than 4.6.

Message was edited by: Tristan on 24/06/14 10:47:06 IST

Re: Cross Domain ePO end-point Migration

Thanks Tristan. Do you think article KB79283 ( https://kc.mcafee.com/corporate/index?page=content&id=KB79283) would still apply for this case?

Tristan
Level 15
Report Inappropriate Content
Message 4 of 9

Re: Cross Domain ePO end-point Migration

Not really. The two options to transfer clients to a new ePO server.

1. link two ePO servers (register and import keys) and then right click move clients

2. Install a new agent from the new ePO server

That KB entry relates to option 1 which is more complex in your scenario with the new domain.

One issue that might cause an issue is if you've got any encryption products managed by ePO in which case the whole transfer process is a little more complex.

Re: Cross Domain ePO end-point Migration

Thanks again Kristan.

If I choose option 2 - to install new agents, what method can i employ to transfer previous policies/tasks/system tree and security keys?

Re: Cross Domain ePO end-point Migration

In the System tree view you can select the My Organization group.

Click the Policy tab, then click the Actions button and select Export All Assignments.

Then select the Assigned Client Task tab, then click the Actions button and select Export All Assignments.

On the new ePO do the same thing but select Import Assignments instead of Export Assignments.

Re: Cross Domain ePO end-point Migration

What does export all assignments do? Will the steps that you have mentioned ensure that I have the same setup (tasks/tree/policies etc.,)  on my new ePO server and I can just go ahead and shutdown the older ePO server and start using the new ePO server?

Highlighted

Re: Cross Domain ePO end-point Migration

You will have to recreate the System tree and reassign the policies but all the polices that are currently in use will be imported for you to assign. I would keep the old server online as a reference while you mirror the assignments. Once that is compete you can shut it down. Like Tristian said, if you have end point encryption on any of the systems the user assignments will be lost. So while you move them over you will want to disable the pre-boot screen to ensure a smooth transition. Once all the accounts are reassigned to the correct machines you can enable it again and have them setup their recovery questions again.

Re: Cross Domain ePO end-point Migration

The following are the extensions currently installed. End Point Encryption is not present. Can you confirm?

1. ePolicy Orchestrator

2. GroupShield for Exchange

3. GroupShield for Lotus Domino

4. Help Content

5. Host IPS

6. Linux Shield

7. McAfee Agent

8. Rogue System Detection

9. Server

10. Shared Components

11. SiteAdvisor Enterprise

12. VirusScan Enterprise

13. VirusScan Enterprise for Linux

14. VirusScan For Mac

More McAfee Tools to Help You

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community