1 2 Previous Next 11 Replies Latest reply on Aug 23, 2017 6:43 AM by snoehler

    How do you migrate from a lab server to a new production server?

    DBO

      What would be the procedure to migrate the complete setup of a lab server (Policy, list, Template, etc but not IP/Name/NTLM credential of the proxy ) to a new production server?

       

      Once in place, how can you keep them in sync other then retyping list content, etc?  I know I can export/Import ruleset from local file but it seem I can only import content in list but not export a/all list???

       

      I have also tried to locate those files directly from the server but was only successfull to locate some minor files.  I was used to do that with WW6.9...  Is there a list of proxy files with desc and location????

        • 1. Re: How do you migrate from a lab server to a new production server?
          snoehler

          Hi!

           

          If you go to the Troubleshooting tab of your web gateway you should see "Backup/Restore" on the left hand side. Create a backup by clicking on "Backup to file".
          On your new production server you can then restore this backup, by default only the policy tab will be restored. If you would like to restore accounts as well you would need to tick "Configurations and Accounts".

           

          For syncing you may consider Central Management. You can then use the Central Management to synchronize your policy from the lab to the production web gateway.

           

          ~sno

          • 2. Re: How do you migrate from a lab server to a new production server?
            DBO

            Yes, I am allready backing the lab config before any new big changes but after reading doc-5207, I wasn't sure of the impact of a backup from one server to a restore on a different one...  I will read Doc-4823 and surely come back with more question!!!  So much to learn and so little time!!!

             

            Thank you

             

            PS: Any documentation on the file structure in the gateway itself?

            • 3. Re: How do you migrate from a lab server to a new production server?
              DBO

              Doesn't work, «Cannot find own UID in backup».  So a GUI initiated restore on a different server is a no go...  Is it possible another way?

              • 4. Re: How do you migrate from a lab server to a new production server?
                DBO

                Ok, evidently, it was my fault.  I was trying through the GUI to restore with the Configuration and accounts option selected and it's only valid on a server with the same UUID

                • 5. Re: How do you migrate from a lab server to a new production server?
                  snoehler

                  Hey,
                  was totally my bad. Should have mentioned the article about Restore a backup file on a replaced appliance
                  Sorry about the missing information

                  • 6. Re: How do you migrate from a lab server to a new production server?
                    DBO

                    It's oK, I had a look at it before asking on the site.  The migration to another machine is describe but it's not the scenario I was looking for (migrate from lab to production). Anyway, it's done. 

                     

                    Small question: when installing a cert for the GUI, is it something that is synchronise across members of a cluster?

                    • 7. Re: How do you migrate from a lab server to a new production server?
                      johnaldridge

                      What I found was that GUI settings, including the cert, are per appliance (though, I'm am going from memory in my own testing).

                       

                      Having recently tested the re-imaging procedure, with a number of run throughs--and hitting way too many problems, I now have a good sense of what's required.

                       

                      The list of critical areas that are per-appliance settings include (as a minimum):

                       

                      1. Network Interfaces
                      2. Static Routes (requires manual entry--we have up to nine routes, ouch)
                      3. Date and Time (we block NTP to the Internet, so we have to set the time before joining a cluster -- another ouch)
                      4. Central Management: Group runtime, Group update, etc.
                      5. Proxies (HTTPS(S), FTP, SOCKS, ICAP…): HTTP port definition list, Enable SOCKS proxy, etc.
                      6. SNMP: Listener address list, Communities for SNMPv1 and SNMPv2 access
                      7. User Interface

                       

                      It would be nice if there was a way to force copying settings from another appliance in a backup.

                       

                      Maybe if there was a way for it to pretend to be another appliance and then change UUID and host name, that might get it.  Anybody have a thought about how this might be made to work?.

                       

                      Also, now that a Cluster CA is required, you have to set that before joining a cluster.  It would be nice if this was also taken care of when restoring a backup.

                       

                      Setting time can be done by setting under "Date and Time" a reachable NTP server and rebooting, or manually with hwclock, as follows:

                      1. Set time zone to UTC: cat /usr/share/zoneinfo/UTC > /etc/localtime
                      2. Set hardware clock: hwclock --set --date "<dd mmm yyyy HH:MM>" --utc
                      3. Set system clock: hwclock --hctosys

                       

                      Gosh, it sure is nice when restoring a backup works right.  Too bad there are so many pitfalls.

                      • 8. Re: How do you migrate from a lab server to a new production server?
                        snoehler

                        Hi guys,

                         

                        I was on vacation for two weeks so apologies my late response. johnaldridge you are right, those settings wont be copied in a backup, most likely all settings part of the configuration tab wont.

                         

                        What you could do to copy all the settings (I would highly recommend to do this with a standalone appliance only) and keep in mind that this way is NOT supported at all - if you try it then on your own risk!

                         

                        1. Download the current active configuration from the appliance you would like to backup (via FTP)
                        2. Replace the UUID with the new one, modify the network settings (hostname, IP etc)
                        3. Upload this config to the new appliance and make it the active one

                         

                        If you would like to have a more detailed guide just ping me, I am following both of you so that you can leave me a message

                        • 9. Re: How do you migrate from a lab server to a new production server?
                          johnaldridge

                          Thank you for the response. If the steps are just a matter of working with directories and text files, then it would be nice to have the relevant paths.  If there are special commands, it'd be nice to provide examples.

                          1 2 Previous Next