Re: Migrating an MDS Appliance

Matlu

Hello,
Is it possible to migrate a current MDS appliance in production between different hardware models, replicating the configuration and “transferring” the existing logs?
We have a Smart-1 225 and will be upgrading to a Smart-1 3050
Thank you for your feedback.

Chris_Atkinson

Hopefully you are aware that both of those appliances are EOL and should no longer be in "production".

CCSM R77/R80/ELITE

Martijn

Hi,

The new Upgrade Tools (migration tools) should support Multi Domain. So what you are doing seems to me as a advanced migration.

In the past I have migrated a Smart-1 3050 MDM to VMware without any problems.

Martijn

Matlu

Hello.
Is “migration tools” a command that can be run from the MDS CLI?
Does this also help me transfer the logs from the device?
Thanks for your feedback.

Martijn

Yes, but make sure you have the latest tools and deployment agent. And you are in the correct MDS directory.

$MDS_FWDIR/scripts/migrate_server verify -skip_upgrade_tools_check -v R81.20

"On a Multi-Domain Security Management Server, the "migrate_server" command covers all Domains, as opposed to the previous "migrate" script that only collected the local Domain, to which you were currently logged in"

sk135172 - Upgrade Tools package

Not sure there is a include log option but I would not advice that. The export will take a long time if you have a lot of domains and a lot of logs. The same for the import. Not to mention the size of the export file.

Decide how much log (retention) you need to keep and copy them manually. And that can also take a lot of time via SFTP.

Martijn

Matlu

Before performing the procedure using the “migration tools,” is it necessary to ensure that the new box has the same license as the box being decommissioned?

Martijn

Hi,

The whole management database is migrated. Including licences and SIC. But the new appliance needs to have the same name and IP-address as the current one.

Martijn

Matlu

This method of migrating an MDS also applies when the new environment will be Open Server, right?
For this migration, would you consider performing it during a “maintenance window”?
Could there be any service disruptions at any point?

Martijn

You can migrate to an Open Server and I would advice a maintenance window.

Because SIC and licenses are in the database, there should be no disruption and once the migration is completed, gateways should connect to the 'new' server again.

Keep in mind, during migration, gateways will start to log locally if your MDM server is the only log server in your environment.

Martijn

Hi,

You can also use mds_backup which has an option to include logs. I have used this in the past in R77.X environments.

mds_backup

Good point from @Chris_Atkinson about the hardware!

Martijn

Hugo_vd_Kooij

In short the procedure we use for Advanced upgrades of MDS

Spin up new machine with $IP+10. Do NOT run first time wizard.
Start Change freeze
Run migrate export
Do full MDS stop on old MDS and keep it down through mdsconfig
Move old MDS to $IP+20
Move New MDS to $IP
Run First time wizard
Copy export file from old to new
Run migrate import (Sit back, enjoy a movie, ...)
Start tests of new MDS
Once happy we start the copy of the old logs and let it run while we call it a day.

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>

Are you a member of CheckMates?

Migrating an MDS Appliance