- Computers & electronics
- Software
- Computer utilities
- Database software
- Sophos
- Enterprise Console server to server migration
- User guide
advertisement
Sophos Enterprise Console server to server migration guide
Product version:
Document date:
5.4
April 2016
2
Contents
server to server migration guide
1 About this guide
This guide describes how to migrate Sophos Enterprise Console (SEC) version 5.4.0 from one server to another. You can use this guide to migrate Enterprise Console between any supported
Windows operating system, 32-bit or 64-bit.
Note: This guide describes how to migrate your existing version of Enterprise Console to another server. You cannot upgrade Enterprise Console to another major, minor, or maintenance version during the migration process described in this guide. To upgrade, see the Enterprise Console upgrade guide.
Sophos Enterprise Console documentation is published at https://www.sophos.com/en-us/support/documentation/enterprise-console.aspx
.
2 Terminology
The following table lists terms that have specific meanings for this guide:
Term old server new server old identity new identity
Meaning
The existing Enterprise Console server.
A new server onto which the existing installation of Enterprise Console will be migrated.
The old server's identification details: name, domain and IP address (if fixed).
A new server's new identification details: name, domain and IP address
(if fixed). Name (and IP address) must differ from the old identity but domain must be the same.
3 Assumptions
This guide assumes the following:
■
You are migrating Enterprise Console version 5.4.0 installed on the old server to a new server.
■
All components of Enterprise Console 5.4.0 (Management Console, Management Server, and
Database) are installed on a single server, the old server, and are operational.
3
4
Sophos Enterprise Console
■
■
■
The same version of Enterprise Console will be installed on the new server that has no other
Sophos software. If the new server has or had any Sophos products or components installed,
see Appendix A: Prepare a new server (page 20).
Enterprise Console will be migrated to the new server with a new identity.
If a new user account is created, it is based on the network environment. For example, a local account in a workgroup environment and a domain account in a domain environment.
■
If you are using or installing a custom database on the old or new server, you must make sure the collation settings match between them.
Note: The default collation settings of SQL server can differ when installing on a computer with different locale.
■
■
■
■
■
■
Enterprise Console is installed on the old server in the default location and will be installed in the default location on the new server. If a different location is used then any folder paths referenced in this guide must be modified accordingly.
There is local Sophos Update Manager (SUM) installed on the old server. If there are any other SUM installations on the network, they update from the SUM installed on the old server.
Both the old server and new server are in the same domain or workgroup.
Neither the old server or new server are a domain controller.
You have the necessary administrator privileges on both the old server and new server.
All the files that are transferred between the old server and new server during the migration process are stored and transferred using a secure location or device.
4 Prerequisite
If User Account Control (UAC) is enabled on the server, turn off UAC and restart the server.
You can turn UAC on again after the migration is complete.
5 What are the key steps?
To migrate Enterprise Console to a new server, you carry out these steps:
■
Prepare the old server (this includes checking the Update Manager password and backing up data).
■
■
Install the Enterprise Console database component on the new server.
Restore the database and certificate registry key on the new server.
■
■
Install the Enterprise Console management server and management console components on the new server.
Back up data on the new server.
server to server migration guide
■
■
■
■
Import registry and Secure Store from the old server to new server.
Switch endpoint computers to be updated by the new Update Manager.
Change updating policy details.
Switch endpoint computers to be managed by the new Enterprise Console.
■
■
Switch any unprotected child SUMs to the new Update Manager.
Switch remote consoles to the new server.
These steps are described in the sections that follow.
6 Prepare the old server for migration
To prepare the old server for migration, do the following:
■
Check Update Manager password (page 5)
■
■
(page 6)
Back up data, registry and Secure Store (page 6)
6.1 Check Update Manager password
The Sophos Update Manager (SUM) password is set in updating policies and is used to authenticate endpoints so that they can receive updates from SUM.
If you do not know your SUM password, you can reset it. You should be aware that if you do this, your endpoint computers will fail authentication when they next update.
To reset the SUM password:
1. On the old server, create a new Windows account so the account name and password are known. This account will be used as your Update Manager account.
2. Using Windows Explorer, navigate to the update share location. The default location is:
C:\ProgramData\Sophos\Update Manager\Update Manager
3. Right-click the Update Manager folder, select Properties. In the Properties window, on the
Sharing tab, click Permissions.
4. Add the newly created Windows account and set Read access.
5. In Enterprise Console, find each updating policy that uses the previous Windows account and edit it so that it uses the new Windows account, as follows: a) Open the updating policy, and select the Primary Server tab.
b) Change the Username to the new account.
c) Click Change to set a new password.
6. Push the policy or policies out to all endpoints (right-click on all groups then Comply with >
Group Updating Policy).
5
6
Sophos Enterprise Console
7. Confirm that all endpoints are compliant with the revised updating policy (there are no
"Computers that differ from policy").
If you are using a workgroup/local account on the new server, you must create a new Windows user account with the same account name and password on the new server as on the old server.
You have finished resetting the Update Manager password.
6.2 Stop Sophos services
On the old server:
1. Close Enterprise Console.
2. Open a command prompt window.
3. Stop the endpoint communication services. To do this, type the following commands:
net stop "Sophos Message Router" net stop "Sophos Patch Endpoint Communicator" net stop "Sophos Certification Manager"
Note: Sophos recommends that you wait for several minutes after you stop the endpoint communication services. This will help process any messages that may be cached in the memory queues.
4. Stop the data processing and front end services.
To stop the services, type the following commands:
net stop "Sophos Patch Server Communicator" net stop "Sophos Management Host" net stop "Sophos Patch Endpoint Orchestrator" net stop "Sophos Management Service" net stop "Sophos Update Manager"
You have finished stopping Sophos services.
6.3 Back up data, registry and Secure Store
On the old server:
1. Open a command prompt at the Enterprise Console installation directory.
Windows version
32-bit
64-bit
Default location
C:\Program Files\Sophos\Enterprise Console
C:\Program files (x86)\Sophos\Enterprise Console
server to server migration guide
2. Type the following command to back up the database:
DataBackupRestore.exe -Action=backup
A confirmation message is displayed and a Backup folder is created with a Database subfolder, registry keys, and Secure Store information in the following location:
%ALLUSERSPROFILE%\Sophos\ManagementServer\
3. In the Backup folder that has been created, create two new folders:
■
Router
■
DataBackupRestore
4. Copy the table_router.txt file to the Router folder created earlier. The default location of the
table_router.txt file is:
%ALLUSERSPROFILE%\Sophos\Remote Management
System\3\Router\table_router.txt
5. Copy the Envelopes folder to the Router folder created earlier. The default location of the
Envelopes folder is:
%ALLUSERSPROFILE%\Sophos\Remote Management System\3\Router\Envelopes
Note: The Envelopes folder will be empty if you have no outstanding messages.
6. Browse to the Enterprise Console installation directory.
Windows version
32-bit
64-bit
Default location
C:\Program Files\Sophos\Enterprise Console
C:\Program files (x86)\Sophos\Enterprise Console
7. Copy the following files and folders to the DataBackupRestore folder created earlier.
■
Metadata (entire folder along with its contents)
■
■
BackupRestore.proj
DataBackupRestore.exe
■
■
■
■
DataBackupRestore.exe.config
ResetUserMappings.sql
TBK.bat
TRS.bat
You have finished taking backup of data, registry, and Secure Store.
7
8
Sophos Enterprise Console
7 Install Enterprise Console database component
On the new server:
1. Download the Enterprise Console 5.4.0 installer from the Sophos Enterprise Console Downloads page: http://www.sophos.com/en-us/support/downloads/console/sophos-enterprise-console.aspx
You will need to enter your MySophos credentials.
2. Locate the installer and double-click on it.
3. In the Sophos Endpoint Security and Control network installer dialog box, click Install.
The installation files are copied to a location and an installation wizard starts.
4. In the Sophos Enterprise Console dialog box, click Next.
5. A wizard guides you through installation. You should do as follows: a) Accept the defaults wherever possible.
b) In the Components selection dialog box, select only the Database component.
c) In the Database details dialog box, provide the username for database access.
6. When installation is complete, click Yes or Finish.
You have finished installing the Enterprise Console database component.
8 Restore database and certificate registry key
To restore database and certificate registry key from the old server to new server:
1. Create a new folder called ManagementServer in the following location:
%ALLUSERSPROFILE%\Sophos\
2. Copy the Backup folder from the old server to the ManagementServer folder on the new server that has been created.
The folder path should be
...\Sophos\ManagementServer\Backup
3. Open a command prompt at the DataBackUpRestore folder location:
%ALLUSERSPROFILE%\Sophos\ManagementServer\Backup\DataBackUpRestore\
server to server migration guide
4. Type the following command to restore the database.
DataBackupRestore -Action=Restore -DataSourceType=Database
Confirm by typing y.
Note: Ensure the Build succeeded message is displayed along with the Restore database
successfully processed message. If it is displayed along with a Failed to restore message, browse to the location (for example, depending on your SQL Server version):
%ProgramFiles%\Microsoft SQL Server\MSSQL10.SOPHOS\MSSQL\Backup\
and check if the files are accessible (readable) with the SQL Server service account you are using.
If the files are not accessible, provide read access to the SQL Server service account and re-run the command.
5. Browse to the Backup folder.
%ALLUSERSPROFILE%\Sophos\ManagementServer\Backup
6. Right-click the registry file CertificationManager.reg, select Merge and confirm.
Note: If you are migrating between 32-bit and 64-bit computers, you must edit the registry key. For more information, see
Appendix B: Modify exported registry files (page 22).
You have finished restoring the database and certificate registry key.
9 Install Enterprise Console server and console components
On the new server:
1. Locate the Enterprise Console 5.4.0 installer and double-click on it.
2. In the Sophos Enterprise Console dialog box, click Next.
3. A wizard guides you through installation. You should do as follows: a) Accept the defaults wherever possible.
b) In the Components selection dialog box, select Management Server and Management
Console.
c) In the Database details dialog box, enter the credentials for database access.
d) In the Sophos Update Manager Credentials dialog box, enter the Windows user account
that is used as the Update Manager account set earlier in Check Update Manager password
(page 5) and continue with the installation.
4. When installation is complete, you may be prompted to restart. Click Yes or Finish.
Note: When you log back on (or restart) for the first time after installation, dismiss the warning message saying that the update manager is not configured and close Enterprise Console.
You have finished installing the Enterprise Console management server and management console components.
9
Sophos Enterprise Console
9.1 Stop Sophos services
1. Ensure Enterprise Console is closed.
2. Stop the endpoint communication services. To do this: a) Open a command prompt window.
b) Type the following commands:
net stop "Sophos Message Router" net stop "Sophos Patch Endpoint Communicator" net stop "Sophos Certification Manager"
3. Stop the data processing and front end services.
To stop the services, type the following commands in the command prompt window:
net stop "Sophos Patch Server Communicator" net stop "Sophos Management Host" net stop "Sophos Patch Endpoint Orchestrator" net stop "Sophos Update Manager"
You have finished stopping Sophos services.
10 Back up data on the new server
You must take a backup of the data on the new server. The backup will be used later for importing registry values.
1. Rename the existing Backup folder at the following location to Old_Server_Backup.
%ALLUSERSPROFILE%\Sophos\ManagementServer\Backup
2. Open a command prompt at the Enterprise Console installation directory.
Windows version
32-bit
64-bit
Default location
C:\Program Files\Sophos\Enterprise Console
C:\Program files (x86)\Sophos\Enterprise Console
10
server to server migration guide
3. Type the following command to back up the database:
DataBackupRestore.exe -Action=backup
A confirmation message is displayed and a Backup folder is created with a Database subfolder, registry keys, and Secure Store information in the following location:
%ALLUSERSPROFILE%\Sophos\ManagementServer\
4. Rename the new Backup folder that has been created to New_Server_Backup.
5. Now rename the Old_Server_Backup folder to Backup.
6. Stop the Sophos Management Service. To do this: a) Open a command prompt window.
b) Type the following command:
net stop "Sophos Management Service"
You have finished taking backup of data on the new server.
11 Import registry and Secure Store
1. Open a command prompt at the Enterprise Console installation directory.
Windows version
32-bit
64-bit
Default location
C:\Program Files\Sophos\Enterprise Console
C:\Program files (x86)\Sophos\Enterprise Console
2. Type the following command to import the registry values.
DataBackupRestore -Action=Restore -DataSourceType=Registry
Confirm to continue and acknowledge any messages about files being restored.
3. Verify the Management Service database connection string value in the registry. To do this: a) Open Registry Editor and navigate to the Sophos registry key:
Windows version
32-bit
Default location
HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\EE\Management Tools\
11
Sophos Enterprise Console
Windows version
64-bit
Default location
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\EE\Management
Tools\ b) In the right pane, select the entry DatabaseConnectionMS.
c) On the Edit menu, click Modify.
d) In Value data, ensure it is set to point to the new server hostname. If the value is not there, create it. It should read: Data Source=(local)\SOPHOS;
4. Modify the ServerLocation registry value to have the new server hostname. To do this: a) Navigate to the Sophos registry key:
Windows version
32-bit
64-bit
Default location
HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\EE\Management Tools\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\EE\Management
Tools\ b) In the right pane, select the entry ServerLocation.
c) On the Edit menu, click Modify.
d) In Value data, find your old server hostname, and then replace it with the new server hostname.
5. Modify the Instance registry value to have the new server hostname. To do this: a) Navigate to the Sophos registry key:
Windows version
32-bit
Default location
HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\EE\ManagementTools\Database
Installer
12
server to server migration guide
Windows version
64-bit
Default location
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\EE\Management
Tools\Database Installer b) In the right pane, select the entry Instance.
c) On the Edit menu, click Modify.
d) In Value data, find your old server hostname, and then replace it with the new server hostname. It should read: (local)\SOPHOS
6. If the Sophos Update Manager uses a workgroup/local account, modify the SumUser registry values. To do this: a) Navigate to the Sophos registry key. The registry keys are at the following location:
Windows version
32-bit
64-bit
Default location
HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\EE\Management Tools\SumUser
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\EE\Management
Tools\SumUser b) Retrieve the registry values for SumUserName and SumUserData from the
ManagementTools.reg file.
The ManagementTools.reg file is located in the New_Server_Backup folder created as
part of Back up data on the new server (page 10).
c) Replace the existing SumUserName and SumUserData values with those specified in the
ManagementTool.reg file.
7. If the database uses a workgroup/local account, modify the DatabaseUser registry value to contain the new server hostname. To do this: a) Navigate to the Sophos registry key:
Windows version
32-bit
Default location
HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\EE\Management
Tools\DatabaseUser
13
Sophos Enterprise Console
Windows version
64-bit
Default location
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\EE\Management
Tools\DatabaseUser b) In the right pane, select the entry DatabaseUserDomain.
c) On the Edit menu, click Modify.
d) In Value data, find your old server hostname, and then replace it with the new server hostname.
Note: If you have used a different database account during the installation on the new server, you must do the following additional steps: e) Retrieve the registry values for the DatabaseUserName and DatabaseUserPassword from the ManagementTools.reg file.
The ManagementTools.reg file is located in the New_Server_Backup folder created as
part of Back up data on the new server (page 10).
f) Replace the existing DatabaseUserName and DatabaseUserPassword values with those specified in the ManagementTool.reg file.
8. Modify the PatchServerURL registry value to have the new server hostname and port (if a different port was set during installation). To do this: a) Navigate to the Sophos registry key:
Windows version
32-bit
64-bit
Default location
HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\EE\Patch\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\EE\Patch\ b) In the right pane, select the entry PatchServerURL.
c) On the Edit menu, click Modify.
d) In Value data, find your old server hostname, and then replace it with the new server hostname and port (if using a different port).
9. Restore the table_router.txt file from the old server's Router folder to the new server at the following location:
%ALLUSERSPROFILE%\Sophos\Remote Management
System\3\Router\table_router.txt
14
server to server migration guide
10. Restore the contents of the Envelopes from the old server's Router folder to the new server at the following location:
%ALLUSERSPROFILE%\Sophos\Remote Management System\3\Router\Envelopes
Note: The Envelopes folder will be empty if you have no outstanding messages.
11. Open a command prompt at the Enterprise Console installation directory.
12. Type the following command to import Secure Store.
DataBackupRestore -Action=Restore -DataSourceType=SecureStore
Confirm by typing y.
You have finished importing registry and Secure Store.
11.1 Start all Sophos services
On the new server:
1. Start the endpoint communication services. To do this, open a command prompt window and type the following commands:
net start "Sophos Message Router" net start "Sophos Patch Endpoint Communicator" net start "Sophos Certification Manager"
2. Start the data processing and front end services.
To start the services, type the following commands in the command prompt window:
net start "Sophos Patch Server Communicator" net start "Sophos Management Host" net start "Sophos Patch Endpoint Orchestrator" net start "Sophos Management Service" net start "Sophos Update Manager"
You have started all Sophos services.
12 Redirect endpoints to the new Update
Manager
You must configure endpoint computers to be updated by the new Sophos Update Manager
(SUM) and configure it to download updates from Sophos.
1. On the new server open Enterprise Console.
2. On the View menu, click Update managers.
The Update Managers list is displayed with the new SUM.
15
Sophos Enterprise Console
3. Double-click the old SUM and remove all entries on the Sources tab. Click OK.
4. Double-click the new SUM and setup the Sources, Subscriptions, Distributions, and other details as required.
5. Wait until the Last Updated column changes from
Never
to the current date/time for the new
SUM.
6. If there are child SUMs, configure each child SUM to point to the new SUM.
You have finished redirecting endpoints to the new Update Manager.
13 Configure updating policy
You must configure the updating policy account details on the new server. To do this:
1. In Enterprise Console, double-click on the updating policy you want to edit.
The Updating Policy dialog box is displayed.
Note: Do not change the updating policies that point to child SUMs.
2. In the Primary Server tab, change Address to point to the new server location.
3. Modify the Username and click Change to set a new password.
4. If necessary, modify the settings for Secondary Server.
5. Click OK to save the settings.
6. On the View menu, click Update managers, in the update manager list, right-click the old
SUM and click Delete.
You have finished configuring the updating policy.
14 Redirect endpoints to the new Enterprise
Console
To redirect endpoints to the new Enterprise Console you can reprotect the endpoint computers from the new Enterprise Console.
Note: If you have a large number of endpoints or if reprotection is not possible due to any other reason, an alternative procedure is described in Sophos support knowledgebase article 116737
( http://www.sophos.com/en-us/support/knowledgebase/116737.aspx
).
If you need detailed information on how to protect computers, see Protect computers section in the Sophos Enterprise Console Help.
To protect computers:
1. Depending on whether or not the computers you want to protect are already in a group, do one of the following:
■
If the computers you want to protect are in the Unassigned group, drag the computers onto a group.
16
server to server migration guide
■
If the computers you want to protect are already in a group, select the computers, right-click and click Protect Computers.
The Protect computers wizard is launched.
2. On the Installation type page, select the security software that you want to use for reprotection.
3. Follow the instructions in the wizard. On the Select features page, select the features you want.
■
■
Note: For a list of system requirements for the features, see the system requirements page on the Sophos website ( http://www.sophos.com/en-us/products/all-system-requirements.aspx
).
The anti-virus protection is always selected and must be installed.You can also select to install the features listed below. Some of the features are available only if your license includes them.
■
Firewall
Patch
Third-Party Security Software Detection
4. On the Protection summary page, any problems with installation are shown in the Protection
issues column. Click Next.
5. On the Credentials page, enter details of an account which can be used to install software.
This account is typically a domain administrator account. It must:
■
■
Have local administrator rights on computers you want to protect.
Be able to log on to the computer where you installed the management server.
■
Have read access to the Primary server location specified in the Updating policy.
Note: If you are using a domain account, you must enter the username in the form
domain\user
.
You have finished redirecting endpoints to the new Enterprise Console.
15 Redirect any unprotected child SUMs to the new Update Manager
Child Sophos Update Managers protected by Sophos Endpoint Security and Control are automatically redirected to the new parent SUM by their updating policies.
17
Sophos Enterprise Console
For any unprotected SUMs, configure them manually to connect to the new parent SUM as follows:
1. On the new server, copy the mrinit.conf
and cac.pem
files from the Enterprise Console folder.
Windows version
32-bit
64-bit
Default location
C:\Program Files\Sophos\Enterprise Console
C:\Program files (x86)\Sophos\Enterprise Console
2. Go to each child SUM and carry out the following steps: a) Paste the mrinit.conf
and cac.pem
files to the Remote Management System folder.
Windows version
32-bit
64-bit
Default location
C:\Program Files\Sophos\Remote Management System
C:\Program files (x86)\Sophos\Remote Management System b) Open a command prompt window at the Remote Management System directory.
c) Run the command
ClientMrInit.exe -update
.
You have finished redirecting unprotected child SUMs to the new Update Manager.
16 Redirect remote consoles to the new server
For each remote Enterprise Console installation, at the remote computer:
1. Run the Enterprise Console 5.4.0 installer package.
2. Extract the installation files to the suggested destination folder or another one of your choice.
The folder must be on the computer to be upgraded.
The installation wizard starts.
3. In the Sophos Enterprise Console dialog box, click Next.
18
server to server migration guide
4. A wizard guides you through installation. You should do as follows: a) Accept the defaults wherever possible.
b) In Components selection dialog box, select Management Console and click Next.
c) In the Management Console dialog box, enter the name of the new server. If the new server is using a different port, update the port number.
Note: If the remote console and the new server are part of an Active Directory domain, you will be prompted to enter the Database details. If prompted, ensure you use the same account details used for database access during the installation of Enterprise Console on the new server.
5. Continue the installation wizard to update the console installation with the new settings.
You have finished redirecting remote consoles to the new server.
17 Decommission the old server
Note: If the old server is protected, and if you do not plan to decommission it after the migration, the old server must be reprotected from the new Enterprise Console server in order for it to become a managed computer.
To decommission the old server:
1. If you are disposing of an old server, it is advisable to securely wipe or destroy its hard drives(s).
2. If you are reusing the old server, uninstall Enterprise Console and Microsoft SQL Server using
Windows Control Panel and later delete the database.
You have finished decommissioning the old server.
19
Sophos Enterprise Console
18 Appendices
18.1 Appendix A: Prepare a new server
If you are using a server that has or had any Sophos products installed, ensure all the components are uninstalled and do the following:
1. Open the Registry Editor. To open click Start, Run, type
regedit
and then click OK.
2. Take a backup of the registry.
For information on how to take a registry backup, refer to Microsoft documentation.
3. In the Registry Editor window, browse to the Sophos registry key location:
Windows version
32-bit
64-bit
Registry key location
HKEY_LOCAL_MACHINE\SOFTWARE\Sophos
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos
If it exists, delete the Sophos registry key. Close the Registry Editor window.
4. Browse to the Sophos installation folder location:
Windows version
32-bit
64-bit
Default path
C:\Program files\Sophos
C:\Program files (x86)\Sophos
If it exists, take a backup of its contents, including all subfolders, save it to a safe and secure location, and then delete the folder.
20
server to server migration guide
5. Browse to the Sophos common installation location:
Windows version
32-bit
64-bit
Default path
C:\Program files\Common Files\Sophos
C:\Program files (x86)\Common Files\Sophos
If it exists, take a backup of its contents, including all subfolders, save it to a safe and secure location, and then delete the folder.
6. Browse to the database backup location, for example (depending on your SQL Server version):
Windows version
32-bit
64-bit
Default path
C:\Program Files\Microsoft SQL Server\MSSQL10.SOPHOS\MSSQL\Backup
C:\Program Files\Microsoft SQL Server\MSSQL10.SOPHOS\MSSQL\Backup
If it exists, take a backup of its contents, including all subfolders, and save it to a safe and secure location. Delete Enterprise Console database backup files (.bak files).
The file names begin with "SOPHOS" and usually contain Enterprise Console version number.
For information about the database file names for different console versions, see Sophos support knowledgebase article 17323
( http://www.sophos.com/en-us/support/knowledgebase/17323.aspx
). For example, the database backup files for Enterprise Console 5.4.0 are:
■
■
■
SOPHOS540.bak
SOPHOSPATCH52.bak
SophosSecurity.bak
21
Sophos Enterprise Console
7. Browse to the database data location, for example (depending on your SQL Server version):
Windows version
32-bit
64-bit
Default path
C:\Program Files\Microsoft SQL Server\MSSQL10.SOPHOS\MSSQL\DATA
C:\Program Files\Microsoft SQL Server\MSSQL10.SOPHOS\MSSQL\DATA
If it exists, take a backup of its contents, including all subfolders, and save it to a safe and secure location. Delete the Enterprise Console database files (.mdf files) and transaction log files (.ldf files).
The file names begin with "SOPHOS" and usually contain Enterprise Console version number.
For information about the database file names for different console versions, see Sophos support knowledgebase article 17323
( http://www.sophos.com/en-us/support/knowledgebase/17323.aspx
). For example, the database files and transaction log files for Enterprise Console 5.4.0 are:
■
■
■
■
■
■
SOPHOS540.mdf
SOPHOS540_log.ldf
SOPHOSPATCH52.mdf
SOPHOSPATCH52_log.ldf
SophosSecurity.mdf
SophosSecurity_log.ldf
You have finished preparing the new server.
18.2 Appendix B: Modify exported registry files
If you are migrating between 32-bit and 64-bit computers, when exporting and importing registry keys, you will need to open any exported registry files in a text editor and change the Sophos registry values as shown below. The easiest and most reliable way to do this is by using search and replace.
Windows version
Default installation path
Sophos registry location
32-bit
64-bit
C:\Program files
C:\Program files
(x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Sophos
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos
22
server to server migration guide
Migrating from a 32-bit to 64-bit computer
1. Open the saved registry exported file with Windows Notepad.
2. Click on the Edit menu and click Replace.
3. In Find what type
\SOFTWARE\Sophos\
and in Replace with type
\SOFTWARE\Wow6432Node\Sophos\
.
4. Click Replace all.
5. In Find what type
C:\\Program Files\\Sophos\\Update Manager
and in Replace
with type
C:\\Program Files (x86)\\Sophos\\Update Manager
.
6. Click Replace all
7. Save the file and close Notepad.
Migrating from a 64-bit to 32-bit computer
1. Open the saved registry exported file with Windows Notepad.
2. Click on the Edit menu and click Replace.
3. In Find what type
\Wow6432Node\Sophos\
and in Replace with type
\Sophos\
.
4. Click Replace all.
5. In Find what type
C:\\Program Files (x86)\\Sophos\\Update Manager
and in
Replace with type
C:\\Program Files\\Sophos\\Update Manager
.
6. Click Replace all
7. Save the file and close Notepad.
19 Technical support
You can find technical support for Sophos products in any of these ways:
■
Visit the Sophos Community at community.sophos.com/ and search for other users who are experiencing the same problem.
■
■
■
Visit the Sophos support knowledgebase at www.sophos.com/en-us/support.aspx
.
Download the product documentation at www.sophos.com/en-us/support/documentation.aspx
.
Open a ticket with our support team at https://secure2.sophos.com/support/contact-support/support-query.aspx
.
20 Legal notices
Copyright
©
2012–2016 Sophos Limited. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner.
23
Sophos Enterprise Console
Sophos, Sophos Anti-Virus and SafeGuard are registered trademarks of Sophos Limited, Sophos
Group and Utimaco Safeware AG, as applicable. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.
ACE
™
, TAO
™
, CIAO
™
, DAnCE
™
, and CoSMIC
™
ACE
™
, TAO
™
, CIAO
™
, DAnCE
™
, and CoSMIC
™
(henceforth referred to as "DOC software") are copyrighted by Douglas C. Schmidt and his research group at Washington University , University of California, Irvine , and Vanderbilt University , Copyright (c) 1993-2014, all rights reserved. Since
DOC software is open-source, freely available software, you are free to use, modify, copy, and distribute—perpetually and irrevocably—the DOC software source code and object code produced from the source, as well as copy and distribute modified versions of this software. You must, however, include this copyright statement along with any code built using DOC software that you release. No copyright statement needs to be provided if you just ship binary executables of your software products.
You can use DOC software in commercial and/or binary software releases and are under no obligation to redistribute any of your source code that is built using DOC software. Note, however, that you may not misappropriate the DOC software code, such as copyrighting it yourself or claiming authorship of the DOC software code, in a way that will prevent DOC software from being distributed freely using an open-source development model. You needn't inform anyone that you're using DOC software in your software, though we encourage you to let us know so we can promote your project in the DOC software success stories .
The ACE , TAO , CIAO , DAnCE , and CoSMIC web sites are maintained by the DOC Group at the
Institute for Software Integrated Systems (ISIS) and the Center for Distributed Object Computing of Washington University, St. Louis for the development of open-source software as part of the open-source software community. Submissions are provided by the submitter "as is" with no warranties whatsoever, including any warranty of merchantability, noninfringement of third party intellectual property, or fitness for any particular purpose. In no event shall the submitter be liable for any direct, indirect, special, exemplary, punitive, or consequential damages, including without limitation, lost profits, even if advised of the possibility of such damages. Likewise, DOC software is provided as is with no warranties of any kind, including the warranties of design, merchantability, and fitness for a particular purpose, noninfringement, or arising from a course of dealing, usage or trade practice. Washington University, UC Irvine, Vanderbilt University, their employees, and students shall have no liability with respect to the infringement of copyrights, trade secrets or any patents by DOC software or any part thereof. Moreover, in no event will Washington University,
UC Irvine, or Vanderbilt University, their employees, or students be liable for any lost revenue or profits or other special, indirect and consequential damages.
DOC software is provided with no support and without any obligation on the part of Washington
University, UC Irvine, Vanderbilt University, their employees, or students to assist in its use, correction, modification, or enhancement. A number of companies around the world provide commercial support for DOC software, however. DOC software is Y2K-compliant, as long as the underlying OS platform is Y2K-compliant. Likewise, DOC software is compliant with the new US daylight savings rule passed by Congress as "The Energy Policy Act of 2005," which established new daylight savings times (DST) rules for the United States that expand DST as of March 2007.
Since DOC software obtains time/date and calendaring information from operating systems users will not be affected by the new DST rules as long as they upgrade their operating systems accordingly.
The names ACE
™
, TAO
™
, CIAO
™
, DAnCE
™
, CoSMIC
™
, Washington University, UC Irvine, and
Vanderbilt University, may not be used to endorse or promote products or services derived from
24
server to server migration guide this source without express written permission from Washington University, UC Irvine, or Vanderbilt
University. This license grants no permission to call products or services derived from this source
ACE
™
, TAO
™
, CIAO
™
, DAnCE
™
, or CoSMIC
™
, nor does it grant permission for the name
Washington University, UC Irvine, or Vanderbilt University to appear in their names.
If you have any suggestions, additions, comments, or questions, please let me know.
Douglas C. Schmidt
Apache
The Sophos software that is described in this document may include some software programs that are licensed (or sublicensed) to the user under the Apache License. A copy of the license agreement for any such included software can be found at http://www.apache.org/licenses/LICENSE-2.0
Boost C++ Libraries
Boost Software License - Version 1.0 - August 17th, 2003
Permission is hereby granted, free of charge, to any person or organization obtaining a copy of the software and accompanying documentation covered by this license (the “Software”) to use, reproduce, display, distribute, execute, and transmit the Software, and to prepare derivative works of the Software, and to permit third-parties to whom the Software is furnished to do so, all subject to the following:
The copyright notices in the Software and this entire statement, including the above license grant, this restriction and the following disclaimer, must be included in all copies of the Software, in whole or in part, and all derivative works of the Software, unless such copies or derivative works are solely in the form of machine-executable object code generated by a source language processor.
THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT
SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE
FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR
OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR
THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Common Public License
The Sophos software that is referenced in this document includes or may include some software programs that are licensed (or sublicensed) to the user under the Common Public License (CPL), which, among other rights, permits the user to have access to the source code. The CPL requires for any software licensed under the terms of the CPL, which is distributed in object code form, that the source code for such software also be made available to the users of the object code form. For any such software covered under the CPL, the source code is available via mail order by submitting a request to Sophos; via email to [email protected]
or via the web at https://www.sophos.com/en-us/support/contact-support.aspx
. A copy of the license agreement for any such included software can be found at http://opensource.org/licenses/cpl1.0.php
25
Sophos Enterprise Console
ConvertUTF
Copyright 2001–2004 Unicode, Inc.
This source code is provided as is by Unicode, Inc. No claims are made as to fitness for any particular purpose. No warranties of any kind are expressed or implied. The recipient agrees to determine applicability of information provided. If this file has been purchased on magnetic or optical media from Unicode, Inc., the sole remedy for any claim will be exchange of defective media within 90 days of receipt.
Unicode, Inc. hereby grants the right to freely use the information supplied in this file in the creation of products supporting the Unicode Standard, and to make copies of this file in any form for internal or external distribution as long as this notice remains attached.
Loki
The MIT License (MIT)
Copyright
©
2001 by Andrei Alexandrescu
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR
OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
OTHER DEALINGS IN THE SOFTWARE.
OpenSSL Cryptography and SSL/TLS Toolkit
The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the OpenSSL License and the original SSLeay license apply to the toolkit. See below for the actual license texts. Actually both licenses are BSD-style Open Source licenses. In case of any license issues related to
OpenSSL please contact [email protected].
OpenSSL license
Copyright
©
1998–2011 The OpenSSL Project. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
26
server to server migration guide
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
3. All advertising materials mentioning features or use of this software must display the following acknowledgment:
“This product includes software developed by the OpenSSL Project for use in the OpenSSL
Toolkit. ( http://www.openssl.org/ )”
4. The names “OpenSSL Toolkit” and “OpenSSL Project” must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact [email protected]
.
5. Products derived from this software may not be called “OpenSSL” nor may “OpenSSL” appear in their names without prior written permission of the OpenSSL Project.
6. Redistributions of any form whatsoever must retain the following acknowledgment:
“This product includes software developed by the OpenSSL Project for use in the OpenSSL
Toolkit ( http://www.openssl.org/ )”
THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT “AS IS” AND ANY EXPRESSED
OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR
ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
DAMAGE.
This product includes cryptographic software written by Eric Young ( [email protected]
). This product includes software written by Tim Hudson ( [email protected]
).
Original SSLeay license
Copyright
©
1995–1998 Eric Young ( [email protected]
) All rights reserved.
This package is an SSL implementation written by Eric Young ( [email protected]
). The implementation was written so as to conform with Netscape’s SSL.
This library is free for commercial and non-commercial use as long as the following conditions are adhered to. The following conditions apply to all code found in this distribution, be it the RC4,
RSA, lhash, DES, etc., code; not just the SSL code. The SSL documentation included with this distribution is covered by the same copyright terms except that the holder is Tim Hudson
).
Copyright remains Eric Young’s, and as such any Copyright notices in the code are not to be removed. If this package is used in a product, Eric Young should be given attribution as the author of the parts of the library used. This can be in the form of a textual message at program startup or in documentation (online or textual) provided with the package.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer.
27
Sophos Enterprise Console
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
3. All advertising materials mentioning features or use of this software must display the following acknowledgement:
“This product includes cryptographic software written by Eric Young ( [email protected]
)”
The word “cryptographic” can be left out if the routines from the library being used are not cryptographic related :-).
4. If you include any Windows specific code (or a derivative thereof) from the apps directory
(application code) you must include an acknowledgement:
“This product includes software written by Tim Hudson ( [email protected]
)”
THIS SOFTWARE IS PROVIDED BY ERIC YOUNG “AS IS” AND ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN
NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
The license and distribution terms for any publically available version or derivative of this code cannot be changed. i.e. this code cannot simply be copied and put under another distribution license [including the GNU Public License.]
WilsonORMapper
Copyright
©
2007, Paul Wilson
All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
■
Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
■
Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
28
server to server migration guide
OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
zlib data compression library
Copyright
©
1995–2013 Jean-loup Gailly and Mark Adler
This software is provided 'as-is', without any express or implied warranty. In no event will the authors be held liable for any damages arising from the use of this software.
Permission is granted to anyone to use this software for any purpose, including commercial applications, and to alter it and redistribute it freely, subject to the following restrictions:
1. The origin of this software must not be misrepresented; you must not claim that you wrote the original software. If you use this software in a product, an acknowledgment in the product documentation would be appreciated but is not required.
2. Altered source versions must be plainly marked as such, and must not be misrepresented as being the original software.
3. This notice may not be removed or altered from any source distribution.
Jean-loup Gailly [email protected]
Mark Adler [email protected]
29
advertisement
Related manuals
advertisement
Table of contents
- 3 1 About this guide
- 3 2 Terminology
- 3 3 Assumptions
- 4 4 Prerequisite
- 4 5 What are the key steps?
- 5 6 Prepare the old server for migration
- 5 6.1 Check Update Manager password
- 6 6.2 Stop Sophos services
- 6 6.3 Back up data, registry and Secure Store
- 8 7 Install Enterprise Console database component
- 8 8 Restore database and certificate registry key
- 9 9 Install Enterprise Console server and console components
- 10 9.1 Stop Sophos services
- 10 10 Back up data on the new server
- 11 11 Import registry and Secure Store
- 15 11.1 Start all Sophos services
- 15 12 Redirect endpoints to the new Update Manager
- 16 13 Configure updating policy
- 16 14 Redirect endpoints to the new Enterprise Console
- 17 15 Redirect any unprotected child SUMs to the new Update Manager
- 18 16 Redirect remote consoles to the new server
- 19 17 Decommission the old server
- 20 18 Appendices
- 20 18.1 Appendix A: Prepare a new server
- 22 18.2 Appendix B: Modify exported registry files
- 23 19 Technical support
- 23 20 Legal notices