Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Bruno_De_Feyter
Explorer

Migrate fro R80.10 to R80.20M2 management server - impact of migration tools on actual server

HI,

We are running an R80.10 Management server who is maintaining our 3200 FW boxes?

We have installing a new Management server R80.20M2 from scratch with a new ip address. We now want to migrate the database from the old R80.10 management server to the newly installed server. We have downloaded the migration tools for R80.20M2 and have installed them on the R80.10 appliance.

We now have some questions related to the migration tools.

On the current R80.10 we will do the export with the following command

./migrate export [-l | -x] [-f] [-n] [--exclude-uepm-postgres-db] [--include-uepm-msi-files] /<Full Path>/<Name of Exported File>

1st question is if there would be any impact or service interruption except from using the smartconsole GUI?

We also noticed in other migrations using this tools that the old IP-address and hostname in the Management DB are getting transferred, is there any way to skip this?

When doing an import on the new machine, does it affect the current configuration in the R80.10 management server?

In other words, are the appliances maintained by the R80.10 management getting moved to the new management server or do we have to re-establish a SIC from the new management server to the appliances? And when doing so the connection between the appliances and the old management server will get lost/broken.

 

0 Kudos
4 Replies
Alejandro_Mont1
Collaborator

Hello. In regards to your question about GUI connectivity-I do not believe that any processes are actually stopped during execution however nobody should be logged into SmartDashboard in write mode as this can cause inconsistencies in the export database. Depending on your hardware users may experience slower performance but as stated should only be read-only. I believe the recommendation is that nobody is connected.

There is not a way to exclude hostname and IP address as these are tied to the Certificate Authority and license files, respectively. You could change afterwards but you'd probably need to engage support at that point.

At that point you will have both an R80.10 and R80.20 server up and running, SIC should not need to be reset to the gateways. You will need to install policy to get the firewalls to switch logging to the new management server. Nothing will happen to your current server, it will operate normally. In theory you could switch back and fourth however I would not recommend that.

0 Kudos
PhoneBoy
Admin
Admin

migrate export will do a cpstop on the management processes, which will mean any SmartConsole sessions are disconnected.

Unless you have an external log server, this means your firewalls will log locally as well until management is brought back up with a cpstart.

However, your firewalls should still continue enforcing policy, etc.

0 Kudos
Bruno_De_Feyter
Explorer

Hi,

Thx for the reply's.

We are having the following setup ...

A Management-server having "Network Policy Management" & "Logging & Status" blades active.

A Smartevent-server having "Logging & Status" & "SmartEvent Server" & "SmartEvent Correlation" blades active.

From the 3200 Appliances we are sending log's to the SmartEvent-server and as a backup to the Management-server.

As from the reply's I understand that:

- running the export does not impact the current system, it will only stop the processes on the Management-server during the export and the migrate export export all configurations

- the 3200 appliances would be connected to both management servers without re-initializing SIC after the import on the new server

- ip-address & host name need to be changed on the new server after importing the db from the old machine

 

The goal is in fact to move the Management & SmartEvent server to a new HW-plaform with new IP-addresses. For now we have setup a new Management-server running on the new HW with a new ip-address.

So same will be done for the SmartEvent server in near future.

Regards,

 

0 Kudos
_Val_
Admin
Admin

>>>1st question is if there would be any impact or service interruption except from using the smartconsole GUI?

migrate export command performs cpstop on your management servers. SmartConsole will be unavailabe during the extraction of migration data. 

>>>We also noticed in other migrations using this tools that the old IP-address and hostname in the Management DB are getting transferred, is there any way to skip this?

The IP of the management object can be edited after migration. If you are moving MGMT to the new IP address, it is much more important to make sure you re-issues all central licenses. If you are replacing your old management, I would recommend considering import in the lab, while using the same MGMT IP, it saves a lot of time.

>>>When doing an import on the new machine, does it affect the current configuration in the R80.10 management server?

No

>>>In other words, are the appliances maintained by the R80.10 management getting moved to the new management server or do we have to re-establish a SIC from the new management server to the appliances? And when doing so the connection between the appliances and the old management server will get lost/broken.

SIC will remain intact. However, if you are moving to a new IP address, I would recommend to add a dummy object with the new MGMT IP address to be added before migration. This will allow MGMT & GWs to communicate through implied rules when the management IP has changed.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events