Solved

Sophos Database move

Posted on 2013-05-19
13
1,573 Views
Last Modified: 2016-02-25
Current Configuration

SERVER1
Sophos Enterprise Console v4.0.0.2362
Deploys Sophos Endpoint Client v9.5
Approximately 95% of clients and servers using this client.

Server2
Sophos Enterprise Console v5.2.0.644
Deploys Sophos Endpoint Client v10

SQL1
Sophos Enterprise Console v5.2.0.644 Database Server


We want to move all clients and servers to v10 as soon as possible.  The problem with Server2 is that the database is on SQL1.  So with that in mind, the ideal results is the following:

Desired Configuration

Server2
Sophos Enterprise Console v5.2.0.644
Deploys Sophos Endpoint Client v10

SQL3
Sophos Enterprise Console v5.2.0.644 Database Server


Is it possible to migrate the database from SQL1 to SQL3 for the Enterprise console installed on Server2?

Once the console is installed and running, a migration plan for clients and servers will be required.
0
Comment
Question by:Leo
  • 8
  • 5
13 Comments
 
LVL 61

Accepted Solution

by:
btan earned 500 total points
Comment Utility
Suggest the following

How to back up and restore your Sophos Management Server
- backing up and restoring have been separated out depending on whether you have a default or non-default installation.
http://www.sophos.com/en-us/support/knowledgebase/27265.aspx

Information on how to migrate (move) your existing Sophos Management Server installation to a new server. The following product migrations are not supported:
-Sophos Enterprise Console to Sophos Enterprise Manager.
-Sophos Enterprise Console to Sophos Control Center.
-Sophos Enterprise Manager to Sophos Control Center.
-Sophos Control Center to Sophos Enterprise Manager.
http://www.sophos.com/en-us/support/knowledgebase/28276.aspx

How to install/upgrade the Sophos Management Database component on to a different (remote) computer
http://www.sophos.com/en-us/support/knowledgebase/33980.aspx

Using the UpgradeDB.exe tool to upgrade the Sophos database
- 'UpgradeDB.exe' is run as part of the management server installer and not as part of the database installer. It calls the SQL stored procedure 'dbo.FromXto4' or 'dbo.FromX' (depending on version) in the new database to initiate the transfer.
http://www.sophos.com/en-us/support/knowledgebase/65420.aspx

How to redirect Windows endpoints to a new management server
- use the Sophos endpoint migration utility to create a VBScript file that you use to redirect Windows endpoint computers to a new Enterprise Console
http://www.sophos.com/en-us/support/knowledgebase/116737.aspx
0
 
LVL 8

Author Comment

by:Leo
Comment Utility
So it seems like its possible? have you came across any web forms where people have done it, and something brake down during the move of Sophos from one Server to another.

Also regarding your last point " How to redirect Windows endpoint to a new management Server" Sophos will be on the same server, its just the DB for Sophos needs to be moved, so what will be the migration plan for clients to the new version?  Testing, migration process, computers to migrate etc.
0
 
LVL 61

Expert Comment

by:btan
Comment Utility
Yes it should be possible but migration is also not trivial - I suggest you seek your professional expertise service from Sophos or SI on the specific step to suite actual environment - it is always to be more cautions and prepared (murphy's law)

What are the key steps?
To migrate Control Center to a new server, you carry out these steps:

Collect existing information from the old server.
Prepare the new server.
Install Control Center on the new server.
Import database to new server.
Update database information with your new server information.
Download endpoint security software on the new server.
Change the account used by endpoints for updates from the server.
Remove management software from 'old server'.
Redirect endpoint computers to report to the new server.
Redirect any remote consoles to the new management server.
These steps are described in the sections below.

Known to apply to the following Sophos product(s) and version(s)

Sophos Control Center 4.0.0
Sophos Control Center 4.1
Sophos Control Center 4.0.1

http://www.sophos.com/en-us/support/knowledgebase/117150.aspx
0
 
LVL 8

Author Comment

by:Leo
Comment Utility
Thanks for your information.

I just want to move the DB from one server to another, for that do i have to Install Control Center on the new one? and take it out from the old one?
or i can  just import DB to new SQL server and then update the registry settings, and leave everything else.
0
 
LVL 61

Expert Comment

by:btan
Comment Utility
The control center will just need to point to the database server..thought the link already spell out the importing and backup and pointing for new server. As mentioned already  you will need to backup as long as you want to install or upgrade in existing or new server...the link in last posting states those and will preach you to see through.
0
 
LVL 8

Author Comment

by:Leo
Comment Utility
I am writing a complete procedure to move the DB, i will post it soon kindly review it and let me know if i had missed something.
In the mean while, I logged on to old SQL server, there are 5 DBs related to Sophos, which one i have to move and restore?
DB.jpg
0
Do email signature updates give you a headache?

Do you feel like all of your time is spent managing email signatures? Too busy to visit every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

 
LVL 61

Expert Comment

by:btan
Comment Utility
You will want to check this out first and d ohave backup first as it is suggested below too. They started from 5.0 (backup, restore, test "database" account) then 5.1 (create db), then run 5.1 installer to upgrade srv and console. I am not so savvy with Sophos but if you already backup then do try to also test in staging - best get the site support on your contracted service to advise ...

http://community.sophos.com/t5/Sophos-EndUser-Protection/changing-SQL-instance-for-Enterprise-console/m-p/35023

And this PDF on upgrade version
http://www.sophos.com/en-us/medialibrary/PDFs/documentation/sec_52_ugeng.pdf

But I do see that this below of more relevance esp the UpgradeDB.exe in 2nd link (it is executed from old db ver to copy over to new ver)
http://www.sophos.com/en-us/support/knowledgebase/28276.aspx
http://www.sophos.com/en-us/support/knowledgebase/65420.aspx
0
 
LVL 8

Author Comment

by:Leo
Comment Utility
Thanks.
I am going to do it tomorrow, i have put a guidline on how i am planning to do it, kindly check it and let me know if i have missed anything or if there is anything which needs amendment.
Sophos-DB.docx
0
 
LVL 61

Expert Comment

by:btan
Comment Utility
Quite detailed and I assumed you have done it  or rehearsed in staging environment.  If not pls do so as migrating db  may not always be trival. The old server should not be tampered  and be always ready to rollback as active instance till the new server is proven ok. Performance will only be gauge to run probably for a week or two depending on user base size.

Actually it will always be good to have expected outcome and the observed outcome checklist rather than steps. Remarks to highlight steps not to be skip and abandoned if not completed. The db team need to be on standby.

Also when db is down, will error from client polling for it be served with or flooded with errors causing unnecessary alarm to users and operation admin. This is to manage the comms side before any major upgrade etc...

Best to have sophos support on standby please as always preached to be wary for worst case and preemptive action.

ault comes if the restore from backup failedas never been verified but assume
0
 
LVL 61

Expert Comment

by:btan
Comment Utility
Ignore the last statement as it simply meant to verify the backup which I heard of case recovery failed and versioning caused data corruption due to unknown backup version for full and increment.
0
 
LVL 8

Author Comment

by:Leo
Comment Utility
just a quick question, under Sophos Enterprise Console, in Policies--> Anti-Virus and HIPS, i have created a policy, how can i attach it to Group Policy OU? because when i right click on this Policy and select View Groups using Group Policy i get a message that the policy is not assigned to any group.
0
 
LVL 61

Assisted Solution

by:btan
btan earned 500 total points
Comment Utility
You must a  group and computer within that group before you can assign the policy to the group. In the Policies pane, highlight the policy. Click the policy and drag it onto the group to which you want to apply the policy. Alternatively, you can right-click a group and select View/Edit Group Policy Details. You can then select policies for that group from drop-down menus.

Note that if you use role-based administration, you must have the Computer search, protection and groups right to perform above task.

You can check whether all the computers in a group comply with the policies for that group. Select the group which you want to check. In the computer list, Endpoints view, on the Status tab, look in the Policy compliance column. If you see the words “Same as policy”, the computer complies with the policies for its group. If you see a yellow warning sign and the words “Differs from policy”, the computer is not using the same policy or policies as other computers in its group.

Section 4 has most info -
http://www.sophos.com/en-us/medialibrary/PDFs/documentation/sec_51_heng.pdf

13.5 Computers are not managed by the console
Note: Unless you use Active Directory synchronization, new computers added to the network are not displayed or managed by the console automatically.

13.6 Cannot protect computers in the Unassigned group
The Unassigned group is only for holding computers that are not yet in groups created by you, to which policies can be applied. You cannot protect computers until you place them in such a group.
0
 
LVL 61

Expert Comment

by:btan
Comment Utility
just curious how is it going if possible to share ...thanks
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Join & Write a Comment

By the time you finish reading this article, you may have already lost all your money because you don't know the simple steps to securing your BitCoin wallet. BitCoin is an incredible invention. It is a decentralized currency system, which is the…
We recently had an issue where out of nowhere, end users started indicating that their logins to our terminal server were just showing a "blank screen." After checking the usual suspects -- profiles, shell=explorer.exe in the registry, userinit.exe,…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now