Solved

Sophos Database move

Posted on 2013-05-19
13
1,693 Views
Last Modified: 2016-02-25
Current Configuration

SERVER1
Sophos Enterprise Console v4.0.0.2362
Deploys Sophos Endpoint Client v9.5
Approximately 95% of clients and servers using this client.

Server2
Sophos Enterprise Console v5.2.0.644
Deploys Sophos Endpoint Client v10

SQL1
Sophos Enterprise Console v5.2.0.644 Database Server


We want to move all clients and servers to v10 as soon as possible.  The problem with Server2 is that the database is on SQL1.  So with that in mind, the ideal results is the following:

Desired Configuration

Server2
Sophos Enterprise Console v5.2.0.644
Deploys Sophos Endpoint Client v10

SQL3
Sophos Enterprise Console v5.2.0.644 Database Server


Is it possible to migrate the database from SQL1 to SQL3 for the Enterprise console installed on Server2?

Once the console is installed and running, a migration plan for clients and servers will be required.
0
Comment
Question by:Leo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 5
13 Comments
 
LVL 64

Accepted Solution

by:
btan earned 500 total points
ID: 39183053
Suggest the following

How to back up and restore your Sophos Management Server
- backing up and restoring have been separated out depending on whether you have a default or non-default installation.
http://www.sophos.com/en-us/support/knowledgebase/27265.aspx

Information on how to migrate (move) your existing Sophos Management Server installation to a new server. The following product migrations are not supported:
-Sophos Enterprise Console to Sophos Enterprise Manager.
-Sophos Enterprise Console to Sophos Control Center.
-Sophos Enterprise Manager to Sophos Control Center.
-Sophos Control Center to Sophos Enterprise Manager.
http://www.sophos.com/en-us/support/knowledgebase/28276.aspx

How to install/upgrade the Sophos Management Database component on to a different (remote) computer
http://www.sophos.com/en-us/support/knowledgebase/33980.aspx

Using the UpgradeDB.exe tool to upgrade the Sophos database
- 'UpgradeDB.exe' is run as part of the management server installer and not as part of the database installer. It calls the SQL stored procedure 'dbo.FromXto4' or 'dbo.FromX' (depending on version) in the new database to initiate the transfer.
http://www.sophos.com/en-us/support/knowledgebase/65420.aspx

How to redirect Windows endpoints to a new management server
- use the Sophos endpoint migration utility to create a VBScript file that you use to redirect Windows endpoint computers to a new Enterprise Console
http://www.sophos.com/en-us/support/knowledgebase/116737.aspx
0
 
LVL 8

Author Comment

by:Leo
ID: 39183337
So it seems like its possible? have you came across any web forms where people have done it, and something brake down during the move of Sophos from one Server to another.

Also regarding your last point " How to redirect Windows endpoint to a new management Server" Sophos will be on the same server, its just the DB for Sophos needs to be moved, so what will be the migration plan for clients to the new version?  Testing, migration process, computers to migrate etc.
0
 
LVL 64

Expert Comment

by:btan
ID: 39184308
Yes it should be possible but migration is also not trivial - I suggest you seek your professional expertise service from Sophos or SI on the specific step to suite actual environment - it is always to be more cautions and prepared (murphy's law)

What are the key steps?
To migrate Control Center to a new server, you carry out these steps:

Collect existing information from the old server.
Prepare the new server.
Install Control Center on the new server.
Import database to new server.
Update database information with your new server information.
Download endpoint security software on the new server.
Change the account used by endpoints for updates from the server.
Remove management software from 'old server'.
Redirect endpoint computers to report to the new server.
Redirect any remote consoles to the new management server.
These steps are described in the sections below.

Known to apply to the following Sophos product(s) and version(s)

Sophos Control Center 4.0.0
Sophos Control Center 4.1
Sophos Control Center 4.0.1

http://www.sophos.com/en-us/support/knowledgebase/117150.aspx
0
 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

 
LVL 8

Author Comment

by:Leo
ID: 39186353
Thanks for your information.

I just want to move the DB from one server to another, for that do i have to Install Control Center on the new one? and take it out from the old one?
or i can  just import DB to new SQL server and then update the registry settings, and leave everything else.
0
 
LVL 64

Expert Comment

by:btan
ID: 39186429
The control center will just need to point to the database server..thought the link already spell out the importing and backup and pointing for new server. As mentioned already  you will need to backup as long as you want to install or upgrade in existing or new server...the link in last posting states those and will preach you to see through.
0
 
LVL 8

Author Comment

by:Leo
ID: 39206543
I am writing a complete procedure to move the DB, i will post it soon kindly review it and let me know if i had missed something.
In the mean while, I logged on to old SQL server, there are 5 DBs related to Sophos, which one i have to move and restore?
DB.jpg
0
 
LVL 64

Expert Comment

by:btan
ID: 39207561
You will want to check this out first and d ohave backup first as it is suggested below too. They started from 5.0 (backup, restore, test "database" account) then 5.1 (create db), then run 5.1 installer to upgrade srv and console. I am not so savvy with Sophos but if you already backup then do try to also test in staging - best get the site support on your contracted service to advise ...

http://community.sophos.com/t5/Sophos-EndUser-Protection/changing-SQL-instance-for-Enterprise-console/m-p/35023

And this PDF on upgrade version
http://www.sophos.com/en-us/medialibrary/PDFs/documentation/sec_52_ugeng.pdf

But I do see that this below of more relevance esp the UpgradeDB.exe in 2nd link (it is executed from old db ver to copy over to new ver)
http://www.sophos.com/en-us/support/knowledgebase/28276.aspx
http://www.sophos.com/en-us/support/knowledgebase/65420.aspx
0
 
LVL 8

Author Comment

by:Leo
ID: 39215083
Thanks.
I am going to do it tomorrow, i have put a guidline on how i am planning to do it, kindly check it and let me know if i have missed anything or if there is anything which needs amendment.
Sophos-DB.docx
0
 
LVL 64

Expert Comment

by:btan
ID: 39215388
Quite detailed and I assumed you have done it  or rehearsed in staging environment.  If not pls do so as migrating db  may not always be trival. The old server should not be tampered  and be always ready to rollback as active instance till the new server is proven ok. Performance will only be gauge to run probably for a week or two depending on user base size.

Actually it will always be good to have expected outcome and the observed outcome checklist rather than steps. Remarks to highlight steps not to be skip and abandoned if not completed. The db team need to be on standby.

Also when db is down, will error from client polling for it be served with or flooded with errors causing unnecessary alarm to users and operation admin. This is to manage the comms side before any major upgrade etc...

Best to have sophos support on standby please as always preached to be wary for worst case and preemptive action.

ault comes if the restore from backup failedas never been verified but assume
0
 
LVL 64

Expert Comment

by:btan
ID: 39215392
Ignore the last statement as it simply meant to verify the backup which I heard of case recovery failed and versioning caused data corruption due to unknown backup version for full and increment.
0
 
LVL 8

Author Comment

by:Leo
ID: 39218035
just a quick question, under Sophos Enterprise Console, in Policies--> Anti-Virus and HIPS, i have created a policy, how can i attach it to Group Policy OU? because when i right click on this Policy and select View Groups using Group Policy i get a message that the policy is not assigned to any group.
0
 
LVL 64

Assisted Solution

by:btan
btan earned 500 total points
ID: 39218305
You must a  group and computer within that group before you can assign the policy to the group. In the Policies pane, highlight the policy. Click the policy and drag it onto the group to which you want to apply the policy. Alternatively, you can right-click a group and select View/Edit Group Policy Details. You can then select policies for that group from drop-down menus.

Note that if you use role-based administration, you must have the Computer search, protection and groups right to perform above task.

You can check whether all the computers in a group comply with the policies for that group. Select the group which you want to check. In the computer list, Endpoints view, on the Status tab, look in the Policy compliance column. If you see the words “Same as policy”, the computer complies with the policies for its group. If you see a yellow warning sign and the words “Differs from policy”, the computer is not using the same policy or policies as other computers in its group.

Section 4 has most info -
http://www.sophos.com/en-us/medialibrary/PDFs/documentation/sec_51_heng.pdf

13.5 Computers are not managed by the console
Note: Unless you use Active Directory synchronization, new computers added to the network are not displayed or managed by the console automatically.

13.6 Cannot protect computers in the Unassigned group
The Unassigned group is only for holding computers that are not yet in groups created by you, to which policies can be applied. You cannot protect computers until you place them in such a group.
0
 
LVL 64

Expert Comment

by:btan
ID: 39255001
just curious how is it going if possible to share ...thanks
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A procedure for exporting installed hotfix details of remote computers using powershell
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question