8 Replies Latest reply on Jun 25, 2014 2:44 AM by aroopvsimon

    Cross Domain ePO end-point Migration

    aroopvsimon

      Hi Everybody -

       

      1. My current EPO server (v4.5) will be rebuilt on a new Server which will be on a NEW DOMAIN and the two domains would have One-Way Trust relationship.

      2. The new EPO server will be re-built with new version of ePO (4.6.6) on a new server.

       

      My question now is - The enpoints which were reporting to old ePO server on older domain will be required to access new ePO server on new domain. What is the best way to make this happen efficiently?

       

      And would endpoints reporting across domains be a concern? Assuming that the latency between domains is negligible.

        • 1. Re: Cross Domain ePO end-point Migration
          Tristan

          As far as i'm aware the only thing that ties McAfee products and the ePO server to the domain is the software installation credentials and DB access credentials.

           

          The DB credentials aren't an issue in your scenario as the ePO server and its DB will exist solely in the new domain.

           

          All you need to do is deploy new agents from your new ePO server to install over the old agents. As long as the credentails you enter into ePO to create the agent install package are a valid administrator level account on the client machines then the new ePO server will be able to manage them.

           

          The new credentials can be domain account  or even a local account as long as they have install privilages.

           

          EDIT: Also if your going to a new server then you should really look at the lastest version of ePO 5.1 rather than 4.6.

           

          Message was edited by: Tristan on 24/06/14 10:47:06 IST
          1 of 1 people found this helpful
          • 2. Re: Cross Domain ePO end-point Migration
            aroopvsimon

            Thanks Tristan. Do you think article KB79283 ( https://kc.mcafee.com/corporate/index?page=content&id=KB79283) would still apply for this case?

            • 3. Re: Cross Domain ePO end-point Migration
              Tristan

              Not really. The two options to transfer clients to a new ePO server.

               

              1. link two ePO servers (register and import keys) and then right click move clients

              2. Install a new agent from the new ePO server

               

              That KB entry relates to option 1 which is more complex in your scenario with the new domain.

               

              One issue that might cause an issue is if you've got any encryption products managed by ePO in which case the whole transfer process is a little more complex.

              1 of 1 people found this helpful
              • 4. Re: Cross Domain ePO end-point Migration
                aroopvsimon

                Thanks again Kristan.

                 

                If I choose option 2 - to install new agents, what method can i employ to transfer previous policies/tasks/system tree and security keys?

                • 5. Re: Cross Domain ePO end-point Migration
                  dnoaker

                  In the System tree view you can select the My Organization group.

                  Click the Policy tab, then click the Actions button and select Export All Assignments.

                   

                  Then select the Assigned Client Task tab, then click the Actions button and select Export All Assignments.

                   

                  On the new ePO do the same thing but select Import Assignments instead of Export Assignments.

                  • 6. Re: Cross Domain ePO end-point Migration
                    aroopvsimon

                    What does export all assignments do? Will the steps that you have mentioned ensure that I have the same setup (tasks/tree/policies etc.,)  on my new ePO server and I can just go ahead and shutdown the older ePO server and start using the new ePO server?

                    • 7. Re: Cross Domain ePO end-point Migration
                      dnoaker

                      You will have to recreate the System tree and reassign the policies but all the polices that are currently in use will be imported for you to assign. I would keep the old server online as a reference while you mirror the assignments. Once that is compete you can shut it down. Like Tristian said, if you have end point encryption on any of the systems the user assignments will be lost. So while you move them over you will want to disable the pre-boot screen to ensure a smooth transition. Once all the accounts are reassigned to the correct machines you can enable it again and have them setup their recovery questions again.

                      • 8. Re: Cross Domain ePO end-point Migration
                        aroopvsimon

                        The following are the extensions currently installed. End Point Encryption is not present. Can you confirm?

                         

                        1. ePolicy Orchestrator

                        2. GroupShield for Exchange

                        3. GroupShield for Lotus Domino

                        4. Help Content

                        5. Host IPS

                        6. Linux Shield

                        7. McAfee Agent

                        8. Rogue System Detection

                        9. Server

                        10. Shared Components

                        11. SiteAdvisor Enterprise

                        12. VirusScan Enterprise

                        13. VirusScan Enterprise for Linux

                        14. VirusScan For Mac