Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Cesar_Santos
Explorer

Full HA R77.30 to R80.40 Distributed architevture with VM Open server

Hi Checkmates,

I would like to have your thougs on a migration from a deployment of a Full HA of two 5100 in R77.30 to a Distributed deployment in R80.40. On the new deployment I'll have a VM on Hyper-V dedicated as the management station.

So far I've installed the VM with the R77.30 software and with the same Jumbo version of my Full HA deployment on the production environment. 

I've read some quite of the documentation available on this in the security knowledge base and here in Checkmates, but I'm still not comfartable with the whole process.

I know that first I need to go with the conversion to the Distributed architecture. But how can I proceed safely? Should I migrate export on the HA cluster first and migrate import on the VM and then disable the management role on my 5100? Or should I go the other way around?

What should be my approach on this? It is possible to avoid any downtime on this? If it was just an upgrade I know it is possible to have different versions on the cluster members, avoiding downtime. But with conversion I don't know if it is possible to achieve that.

Thanks in advance.

0 Kudos
7 Replies
PhoneBoy
Admin
Admin

I would suggest making the change to distributed prior to upgrading to R80.40.
The procedure on R77.30 is: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...,
There is no “zero downtime” option for this sort of conversion.

0 Kudos
Cesar_Santos
Explorer

Hi PhoneBoy,

Thanks for your reply. I've already checked the sk44201 and my question here is not about the steps, but about the process. Can I do it remotely in one member at a time? Or should I do it on site? What is the expected time window to do this? Please be aware this is a customer on the public healthcare system. 

Regards,

César Santos

0 Kudos
G_W_Albrecht
Legend Legend
Legend

I would not suggest to do this remotely ! The important step is to get the SMS database from the primary Management node and install it in a VM.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Cesar_Santos
Explorer

Hi G_W_Albrecht,

Thanks for your input. I'll schedule a maintenance window to run the procedure on site.

About the important step, should I import the SMS database on the VM right now? Or only after the "Convert to host..." step of the procedure.

Regards 

0 Kudos
G_W_Albrecht
Legend Legend
Legend

According to sk44201, you will perform migrate export only after cp_conf fullha disable, Convert to Host... and Install Database... 😎

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Cesar_Santos
Explorer

In between those moments, the cp_conf gullah disable and the import Database on the VM, will I've downtime? In that case, how can I reduce that?

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Not if you follow the steps. The Secondary Full HA cluster member will run as the Active member in the cluster to continue passing traffic.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events