4 Replies Latest reply on Mar 11, 2016 3:01 AM by elcore

    Migrate ePO 4.6.6 to ePO 5.1.1 with diffrent IP address and hostname

    elcore

      Hi All,

       

      Looking for some expert advice on how to perform migration of ePO 4.6.6 to ePO 5.1.1 with diffrent IP address and hostname.

       

      CURRENT EPO:

      Windows 2008 R2 Std x64

      ePO version 4.6.6

      MS SQL 2008 R2 Std.

      Clients 2500+

      Client McAfee Agent version: 4.6

       

      NEW EPO:

      Windows 2012 R2

      ePO version 5.1.1

      MS SQL 2012 Std

      Clients 2500+

       

      Following are the steps planned so far:


      1. Installation of ePO 5.1.1 and Microsoft SQL Standard 2012
      2. Backup of existing ePO 4.6.6 database and its Program Files
      3. Follow the checklist KB article KB76739 for 5.x version
      4. Run the Upgrade compatibility tool on current server and confirm there no in compatible extensions found
      5. Check the McAfee Agent extension  is up to date as per KB79169
      6. Copy the Migrate.zip file to new server
      7. Run the Upgrade Compatibility Tool on new server and point to Migrate.zip file

       

      For above steps, have few questions:

       

      1. Is above method of migration and order is correct considering IP address and hostname will change?
      2. Will SQL DB get migrated as a part of the "migrate.zip" or that need to be restored seperately ?
      3. Once migration is completed, how will the agents come to know about new ePO server?
        1. Do i need to point the PTR record of old ePO server to new ePO servers IP address?
        2. "OR" I will have to reinstall McAfee Agent on all clients ?

       

      Thanks in advance for all your guidance

        • 1. Re: Migrate ePO 4.6.6 to ePO 5.1.1 with diffrent IP address and hostname
          gpickers

          Hi elcore,

           

          Are you intending to retain the data that you currently have on the existing 4.6.6. server and migrate that to the 5.1.1?

          If so is the SQL instance for the 4.6.6 ePO on a separate SQL server?

           

          If you wish to retain the data I would and you have a separate SQL server as you current back-end I would recommend performing the following steps:

           

          On Windows 2008 R2 Server

          1. Back-up your existing 4.6.6 server in line with the guidance in the following article: McAfee KnowledgeBase - KB66616

          2. Run the upgrade compatibility tool to verify your extensions are suitable, and resolve any compatibility issues.

          3. Upgrade the 4.6.6 server to 5.1.1 on your existing Windows 2008 R2 server.

          4. Run the Disaster Recovery Snapshot server task on your now ePO 5.1.1 server (still Windows 2008 R2 server).

          5. Make a note of your keystore password (can be changed under Server Settings) as you will need this for the disaster recovery process (for migration).

          6. Stop the ePO services so nothing further is written to the database.

           

          On Windows 2012 R2 Server

          7. Download the ePO 5.1.1 install .zip to your new server.

          8. Run the installation wizard and check the disaster recovery checkbox.

          9. Input the details for your SQL Server 2008 R2 and the necessary and your keystore password you made a note of.

          10. Complete the installation and verify that the ePO services are all running correctly.

           

           

          If you do not need to retain the data I would recommend the following:

           

          On Windows 2008 R2 Server

          1. Export all policies you wish to keep (from ePO 4.6.6) and transfer to Windows 2012 server.

          2. Export all tags, client tasks, server tasks, automatic notifications, policy assignment rules, permission sets and transfer to your Windows 2012 server.

          3. Export security keys that may be required for any encryption products or distributed repositories and transfer to Windows 2012 server.

           

          4. Install fresh SQL on SQL 2012 server.

           

          On Windows 2012 R2 Server

          5. Install ePO 5.1.1 on Windows 2012 server.

          6. Check-in in extensions for products (most of which are backwards compatible).

          7. Check-in product packages.

          8. Configure system tree.

          9. Import exported policies.

          10. Import exported tags, client task, server tasks, automatic notifications, policy assignment rules + permission sets.

          11. Import exported security keys.

          12. Deploy McAfee Agent from your new ePO over existing agents to migrate systems across to the new ePO.

           

          Hope this helps,

           

          George

          • 2. Re: Migrate ePO 4.6.6 to ePO 5.1.1 with diffrent IP address and hostname
            elcore

            Thanks a lot gpickers

             

            Currently ePO DB resides on ePO server itself and for future it will reside on new ePO server.

             

            Regarding retaining data, would it make any difference in both the above mentioned methods ?

            Basically we are expecting to migrate all the tasks, policies and various other ePO components to new server..

             

            As well as could you please let me know whether in first method be able to overcome challenges related to IP ,hostname change and encryption keys ... ?

             

            Thanks once again

            • 3. Re: Migrate ePO 4.6.6 to ePO 5.1.1 with diffrent IP address and hostname
              gpickers

              Hi elcore,

               

              The main issue I can see occurring with you migration is due to the fact that you are running SQL on the ePO application server.

              In order for you to retain the data (audit logs, threat event logs, client logs, server task logs and so on) you will need to manually migrate the SQL instance over to the new ePO server. As you are moving from SQL 2008 to SQL 2012 I advise you look at the following article for migrating your ePO instance: Migration from SQL server 2008 to 2012 - CodeProject

               

              With regards to IP/hostname changes the following guidance can be found in McAfee Knowledgebase - KB71078:

              "The Agent uses either the last known IP address, DNS name, or NetBIOS name of the ePO server. If you change any one of these, ensure that the Agent has a way to locate the server. The easiest way to do this is to retain the existing DNS record and change it to point to the new IP address of the ePO server. After the Agent is able to successfully connect to the ePO server, it downloads an updated SiteList.xml with the current information."

               

              Given your requirements it is probably best that you follow my first method. I have made some amendments to include the migration of your SQL instance and the change of DNS record:

               

              On Windows 2008 R2 Server

              1. Back-up your existing 4.6.6 server in line with the guidance in the following article: McAfee KnowledgeBase - KB66616

              2. Run the upgrade compatibility tool to verify your extensions are suitable, and resolve any compatibility issues.

              3. Upgrade the 4.6.6 server to 5.1.1 on your existing Windows 2008 R2 server.

              4. Run the Disaster Recovery Snapshot server task on your now ePO 5.1.1 server (still Windows 2008 R2 server).

              5. Make a note of your keystore password (can be changed under Server Settings) as you will need this for the disaster recovery process (for migration).

              6. Stop the ePO services so nothing further is written to the database.

              7. Migrate the SQL instance from SQL 2008 to SQL 2012 on the Windows 2012 R2 Server using the following article for guidance: Migration from SQL server 2008 to 2012 - CodeProject

               

              On Windows 2012 R2 Server

              8. Change DNS record of the old ePO to point at this server's IP address.

              9. Download the ePO 5.1.1 install .zip to your new server.

              10. Run the installation wizard and check the disaster recovery checkbox.

              11. Input the details for your migrated SQL Server 2012 instance and the necessary and your keystore password you made a note of.

              12. Complete the installation and verify that the ePO services are all running correctly.

              13. Access the ePO console, send an Agent Wakeup call to a managed system and verify that the Agent-Server Communication operates correctly.

               

              In the event that anything goes wrong:

              Shutdown the services on your new ePO server and revert your DNS change to point at the IP address of the old ePO server. Bring up the McAfee ePO services on the old server and you should be able to manage your systems again from the old ePO while you identify what caused the migration to fail.

               

              Kind regards,

               

              George