Link to home
Create AccountLog in
Avatar of Leo
LeoFlag for Australia

asked on

Sophos Database move

Current Configuration

SERVER1
Sophos Enterprise Console v4.0.0.2362
Deploys Sophos Endpoint Client v9.5
Approximately 95% of clients and servers using this client.

Server2
Sophos Enterprise Console v5.2.0.644
Deploys Sophos Endpoint Client v10

SQL1
Sophos Enterprise Console v5.2.0.644 Database Server


We want to move all clients and servers to v10 as soon as possible.  The problem with Server2 is that the database is on SQL1.  So with that in mind, the ideal results is the following:

Desired Configuration

Server2
Sophos Enterprise Console v5.2.0.644
Deploys Sophos Endpoint Client v10

SQL3
Sophos Enterprise Console v5.2.0.644 Database Server


Is it possible to migrate the database from SQL1 to SQL3 for the Enterprise console installed on Server2?

Once the console is installed and running, a migration plan for clients and servers will be required.
ASKER CERTIFIED SOLUTION
Avatar of btan
btan

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of Leo

ASKER

So it seems like its possible? have you came across any web forms where people have done it, and something brake down during the move of Sophos from one Server to another.

Also regarding your last point " How to redirect Windows endpoint to a new management Server" Sophos will be on the same server, its just the DB for Sophos needs to be moved, so what will be the migration plan for clients to the new version?  Testing, migration process, computers to migrate etc.
Avatar of btan
btan

Yes it should be possible but migration is also not trivial - I suggest you seek your professional expertise service from Sophos or SI on the specific step to suite actual environment - it is always to be more cautions and prepared (murphy's law)

What are the key steps?
To migrate Control Center to a new server, you carry out these steps:

Collect existing information from the old server.
Prepare the new server.
Install Control Center on the new server.
Import database to new server.
Update database information with your new server information.
Download endpoint security software on the new server.
Change the account used by endpoints for updates from the server.
Remove management software from 'old server'.
Redirect endpoint computers to report to the new server.
Redirect any remote consoles to the new management server.
These steps are described in the sections below.

Known to apply to the following Sophos product(s) and version(s)

Sophos Control Center 4.0.0
Sophos Control Center 4.1
Sophos Control Center 4.0.1

http://www.sophos.com/en-us/support/knowledgebase/117150.aspx
Avatar of Leo

ASKER

Thanks for your information.

I just want to move the DB from one server to another, for that do i have to Install Control Center on the new one? and take it out from the old one?
or i can  just import DB to new SQL server and then update the registry settings, and leave everything else.
The control center will just need to point to the database server..thought the link already spell out the importing and backup and pointing for new server. As mentioned already  you will need to backup as long as you want to install or upgrade in existing or new server...the link in last posting states those and will preach you to see through.
Avatar of Leo

ASKER

I am writing a complete procedure to move the DB, i will post it soon kindly review it and let me know if i had missed something.
In the mean while, I logged on to old SQL server, there are 5 DBs related to Sophos, which one i have to move and restore?
DB.jpg
You will want to check this out first and d ohave backup first as it is suggested below too. They started from 5.0 (backup, restore, test "database" account) then 5.1 (create db), then run 5.1 installer to upgrade srv and console. I am not so savvy with Sophos but if you already backup then do try to also test in staging - best get the site support on your contracted service to advise ...

http://community.sophos.com/t5/Sophos-EndUser-Protection/changing-SQL-instance-for-Enterprise-console/m-p/35023

And this PDF on upgrade version
http://www.sophos.com/en-us/medialibrary/PDFs/documentation/sec_52_ugeng.pdf

But I do see that this below of more relevance esp the UpgradeDB.exe in 2nd link (it is executed from old db ver to copy over to new ver)
http://www.sophos.com/en-us/support/knowledgebase/28276.aspx
http://www.sophos.com/en-us/support/knowledgebase/65420.aspx
Avatar of Leo

ASKER

Thanks.
I am going to do it tomorrow, i have put a guidline on how i am planning to do it, kindly check it and let me know if i have missed anything or if there is anything which needs amendment.
Sophos-DB.docx
Quite detailed and I assumed you have done it  or rehearsed in staging environment.  If not pls do so as migrating db  may not always be trival. The old server should not be tampered  and be always ready to rollback as active instance till the new server is proven ok. Performance will only be gauge to run probably for a week or two depending on user base size.

Actually it will always be good to have expected outcome and the observed outcome checklist rather than steps. Remarks to highlight steps not to be skip and abandoned if not completed. The db team need to be on standby.

Also when db is down, will error from client polling for it be served with or flooded with errors causing unnecessary alarm to users and operation admin. This is to manage the comms side before any major upgrade etc...

Best to have sophos support on standby please as always preached to be wary for worst case and preemptive action.

ault comes if the restore from backup failedas never been verified but assume
Ignore the last statement as it simply meant to verify the backup which I heard of case recovery failed and versioning caused data corruption due to unknown backup version for full and increment.
Avatar of Leo

ASKER

just a quick question, under Sophos Enterprise Console, in Policies--> Anti-Virus and HIPS, i have created a policy, how can i attach it to Group Policy OU? because when i right click on this Policy and select View Groups using Group Policy i get a message that the policy is not assigned to any group.
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
just curious how is it going if possible to share ...thanks