4 Replies Latest reply on Aug 16, 2017 2:35 PM by mwaqas

    Same DB, Same EPO Version - Different Server/OS


      Hey Guys,


      Here's my scenario - just completed an install of EPO 5.3 (transferring all policies, etc from our current prod environment) on a Server 2008 R2 box. No workstations are using this at this time. Our sys admin asks if we can do the install on Server 2012 instead.


      I'm trying to see, instead of re-installing, re-importing, and updating packages, extensions, etc - if there's a way to install EPO 5.3 on a server 2012 VM and simply point it to the existing SQL database (housed on a SQL cluster). We do have drive encryption and USB encryption (DLP). Is it possible to do this? We use the standard install paths.


      I'm hoping all the information is housed in the DB and we can stand up a new 2012 VM, install EPO to the same version and patch, and 'point' it to the current database to load up all the work we've already done.


      Thoughts and/or recommendations on how to proceed? I've only found articles discussing migrating DB over to different SQL clusters/servers and based on EPO databases housed on the EPO server or installations that involve upgrading EPO. I'm just looking to upgrade the OS, and load up all the configurations / work we've already done. There's no endpoints/servers in this setup so there's no impact currently.



        • 1. Re: Same DB, Same EPO Version - Different Server/OS

          Obviously, the easiest answer would be to just upgrade 2008r2 to 2012r2.


          However, am contemplating a similar move as I am going to migrate to a new database and new server, but I do not want to change my agent package. For you, in theory, this is the perfect time to develop and test a disaster recovery solution. ePO 5.3 has disaster snapshots built into the server tasks. I would say if you do the snapshot, backup your keystores and recovery passphrases. Then image a new server with 2012r2, run the ePO 5.3 installer and select "restore from snapshot". That might not be the correct phrasing, but it's something to that extent. Point the new install to the existing database and make sure the correct keys are present and in theory, you should be golden.

          • 2. Re: Same DB, Same EPO Version - Different Server/OS

            I contemplated the OS upgrade, but that's not recommended by McAfee:

            McAfee Corporate KB - Upgrading Windows on an ePO server may damage the installation KB82672


            But you raise a really good point regarding testing the disaster recovery solution piece. And that sounds like exactly what we're looking to do. I don't recall seeing the restore from snapshot option during install but thats simply likely due to me only running fresh installs when needed. From a highlevel - would you see any obstacles should we name the new server the same name and IP (taking the previous server offline before hand of course)?

            • 3. Re: Same DB, Same EPO Version - Different Server/OS

              I find that KB disturbing as support literally suggested to me to do an OS upgrade.... le sigh...I find it sad that we have to support each other because the vendor support is so questionable.


              As for the name and IP, i think that is good. If you break it down, as long as the name, ip and agent/server key is the same, there is no reason why agents shouldn't check in with the handler. If you build the server, maintain the same name and IP address, then restore from a snaphsot and if needed manually re-import the backed up keys that should essentially be it.


              As for the snapshot, i just updated from 5.3.0 to 5.3.2 a few weeks ago and i remember seeing an option to restore settings from a snapshot, upgrade or fresh install. I didn't pay much attention to it as i was upgrading but i assume this is what that option is there for.

              • 4. Re: Same DB, Same EPO Version - Different Server/OS

                Just wanted to close the loop on this one. So we powered down the 2008 R2 servers, and brought up the 2012 R2 with the same name and IP. Right when you launch McAfee EPO installer, there's a check box that states to restore DB or something to that effect. When you check that, it'll ask for server info/credentials and DB credentials (ie. keystore, and EPO password). It goes through and installs EPO. Voila, log in with accounts that we had already configured in our previous install, all packages, tasks, and policies were all there.


                Thanks for your help! It took about 10 mins to have everything restored to what it was.