cancel
Showing results for 
Search instead for 
Did you mean: 

Migrating ePolicy Orchestrator

Has anyone had any experience with moving an entire ePO infrastructure from one domain to another?  For DR purposes or otherwise?

Thanks,

7 Replies
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 8

Re: Migrating ePolicy Orchestrator

Can you provide us with some context so someone can better answer your question? You want to take an ePO server from xyz.com and take it to zzz.com?

Re: Migrating ePolicy Orchestrator

ja2013,

I apologize for not having more information than that, but you are correct.  I'm looking for a very high level idea of what it would take to migrate an environment from one child domain to another in the same forest.  Below is my initial idea which may or may not be totally off base

1. Establish the new domain

2. Establish two way trust

3. Move SQL to the new domain and ensure that ePO1 is still communicating with it.

4. Install ePO2 on new domain (new server)

5. Point ePO2 at the same database and configure ePO1 and ePO2 to run in tandem (shared database, 2way server trust)

6. As endpoints change domains, assign ePO2 as primary server until all endpoints are converted.

This is completely hypothetical but I'm curious if its even possible.  I guess my concern lies in where any/all domain information is stored and if ePO will willingly let this information be changed or if this would require a completely new install with a complete client transfer.

Cheers,    

tomz2
Level 11
Report Inappropriate Content
Message 4 of 8

Re: Migrating ePolicy Orchestrator

ePO on its own is domain agnostic. It's not tied to the underlying domain that manage the OS that the application is installed on. I know customers that deploy ePO in a workgroup and I know customers that maintain a separate domain for all security infrastructure.

As far as domain information is concerned, each domain is configured as a Registered Server at the application level. As long as the ePO server itself is able to communicate to the domain controllers in each domain, you should be okay. Your endpoints can be in different domains / workgroups, and ePO won't care. The only exception is Drive Encryption which does require that connectivity to the domain of the system be available so that user assignments can occur.

andrep1
Level 14
Report Inappropriate Content
Message 5 of 8

Re: Migrating ePolicy Orchestrator

You can't share a database between two epo servers. You can share a sql server. Best is to build the second servers with a second database and use the built in  functionality in ePO to transfer system/policies/ task  in between servers. We have 4 domains connected

petchi
Level 9
Report Inappropriate Content
Message 6 of 8

Re: Migrating ePolicy Orchestrator

Hi Andre Parent,

I would like to know how to transfer system/polcy/task between 2 ePO. Can you please provide more details?

Re: Migrating ePolicy Orchestrator

petchi
Level 9
Report Inappropriate Content
Message 8 of 8

Re: Migrating ePolicy Orchestrator

Thank you very much indeed,