Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
ashish_verma
Contributor
Jump to solution

Checkpoint SMS Migration from R77.30 to R80.30 licensing requirement.

Hello Team,

We are planning to migrated R77.30 SMS which is currently running on Smart-1 225 appliance to R80.30. Since, we are having only one physical device available we are planning to install R80.30 on a VM and migrate existing R77.30 database to it. Later on we will migrate the physical box.

My concern is, is it possible to do so? If yes, is there any difference in license for physical appliance and VM (Open server). Do we need any additional licensing for VM or same license will work?

Thanks for your help in advance.

0 Kudos
1 Solution

Accepted Solutions
Timothy_Hall
Champion
Champion

If you have a Smart-1 and are looking to migrate into VMWare, the process is the following with your reseller:

1) Say that you want to "turn in" your Smart-1 and associated licensing.  What rate you will get for this will depend on various promotions that are in effect.

2) This will create some level of credit that can be used to offset the purchase of a new open server SMS license.  The cost drivers of this license will be:

    - How many gateways you need to manage with the new SMS

    - Whether you want to do more than one domain/CMA (a.k.a. Provider -1/MDMS)

   - Any special add-ons (separate correlation units, separate log servers, ability to manage an unlimited number of gateways, etc.)

3) So for example the lowest SMS license you could purchase is:

CPSM-NGSM5 - Next Generation Security Management Software for 5 gateways (SmartEvent & Compliance 1 year)

next up the chain is:

CPSM-NGSM10 - Next Generation Security Management Software for 10 gateways (SmartEvent & Compliance 1 year)

These both include the following management blades which should be all you need, it is rare to need any add-ons:

Including Blades: Network Policy Management, Endpoint Policy Management, Logging and Status, Monitoring, SmartWorkflow, SmartProvisioning, User Directory, Management Portal, SmartEvent for 1 year, Compliance for 1 year.

4) As far as VM resource provisioning, if you can swing it I'd recommend at least 8 cores and 16GB RAM (32GB of RAM if you have a large configuration or more than 10 gateways).  However the most important factor for virtualized SMS performance is disk I/O speed.  Having your SMS share a disk channel with 50 database VMs that are also pounding that same disk channel will lead to absolutely terrible SMS performance, no matter how many cores and how much RAM you allocate.  Talk to your VM guy, usually there is a choice of different physical disk paths for your new VM, you want to be on the one that is fastest and/or least loaded.  Trust me on this one.  There are a few extra optimization strategies here as well: sk104848: Best Practices - Performance Optimization of Security Management Server installed on VMwar....

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com

View solution in original post

0 Kudos
8 Replies
_Val_
Admin
Admin

It is technically possible to do. But as you have mentioned yourself, your license should be changed. This is not a technical, but a legal requirement. 

Using an appliance license on a virtual machine is a breach of EULA

0 Kudos
epexspot
Explorer
I have the same issue... Can you tell me which license I need? Or how to find this out?
0 Kudos
Timothy_Hall
Champion
Champion

If you have a Smart-1 and are looking to migrate into VMWare, the process is the following with your reseller:

1) Say that you want to "turn in" your Smart-1 and associated licensing.  What rate you will get for this will depend on various promotions that are in effect.

2) This will create some level of credit that can be used to offset the purchase of a new open server SMS license.  The cost drivers of this license will be:

    - How many gateways you need to manage with the new SMS

    - Whether you want to do more than one domain/CMA (a.k.a. Provider -1/MDMS)

   - Any special add-ons (separate correlation units, separate log servers, ability to manage an unlimited number of gateways, etc.)

3) So for example the lowest SMS license you could purchase is:

CPSM-NGSM5 - Next Generation Security Management Software for 5 gateways (SmartEvent & Compliance 1 year)

next up the chain is:

CPSM-NGSM10 - Next Generation Security Management Software for 10 gateways (SmartEvent & Compliance 1 year)

These both include the following management blades which should be all you need, it is rare to need any add-ons:

Including Blades: Network Policy Management, Endpoint Policy Management, Logging and Status, Monitoring, SmartWorkflow, SmartProvisioning, User Directory, Management Portal, SmartEvent for 1 year, Compliance for 1 year.

4) As far as VM resource provisioning, if you can swing it I'd recommend at least 8 cores and 16GB RAM (32GB of RAM if you have a large configuration or more than 10 gateways).  However the most important factor for virtualized SMS performance is disk I/O speed.  Having your SMS share a disk channel with 50 database VMs that are also pounding that same disk channel will lead to absolutely terrible SMS performance, no matter how many cores and how much RAM you allocate.  Talk to your VM guy, usually there is a choice of different physical disk paths for your new VM, you want to be on the one that is fastest and/or least loaded.  Trust me on this one.  There are a few extra optimization strategies here as well: sk104848: Best Practices - Performance Optimization of Security Management Server installed on VMwar....

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
G_W_Albrecht
Legend
Legend

For a new installation, you have a PnP Evaluation license generated automatically - so there should be no issue with the VM as long as it is only using the PnP license for some days. 

CCSE CCTE CCSM SMB Specialist
0 Kudos
_Val_
Admin
Admin

Not exactly. After DB import, the old license will apply, and PnP will no longer be active

0 Kudos
ashish_verma
Contributor

Hello @_Val_, thanks for your help. So VM option is not possible. As this is my first migration and I don't want to take any risk, could you please suggest the best way to migrate?

0 Kudos
_Val_
Admin
Admin

I did not say that it would be impossible. 

You can always get an evaluation license during migration. Another option is to keep the same IP address of the new management server. As mentioned before, technically it will work. For legal purposes, you will have to purchase a new final license for your management, once migrated.

0 Kudos
Michael_Curtin1
Employee
Employee
"Later on we will migrate the physical box."

If your going to import back into your existing Smart-1 525, it will be fine.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events