This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Kryten
Collaborator
2 weeks ago

Separating Endpoint Management from SMS

Hello!

I am currently trying to find out the neccessary steps for separating an EPM from a SMS. 

At the moment the SMS is doing the Endpoint Management, but our customer plans to separate that into two servers for better redundancy and to get rid of that limitation with DB revisions (Not possible to use revisions when SMS is also doing the EPM). 

Apart from an old Post (2017) that ended with "PS needs to be involved", I did not find anything...So I came here to see if anyone has done this before and could give some useful hints.

 

I guess at first I should be installing a second management server, importing the DB and then activating the EPM blade. But what then? I guess I cannot just disable that blade on the first server and everything will work, that sounds too easy. 🙂

Somehow the Clients will need to know that they have to connect to a different server now and that will probably bring other issues like changed fingerprint and/or certificates...and probably more stuff that I do not think of yet. 

 

So...is there a Guide or SK that I missed? Or someone who did this already? 

 

 

Best Regards,

Alex

0 Kudos
7 Replies
Don_Paterson
MVP Gold
MVP Gold
2 weeks ago

Can you do it the other way?

The existing server stays there for EPM (and remove firewalls and policy) and the new one is installed (import) for the gateway management.

I guess EPMaaS  is not an option to move the EPM to the Infinity Portal?

You have to plan around licenses too.

Another option is to leave the current server as EPM (as above) and build a new SG management server (SMS) and then build that up from scratch.

You would need to do a SIC reset on the SGs and can use API to make policy 'migration' more efficient.

Just initial thoughts. Hopefully someone who has done it picks this up too.

Regards,

Don

 

0 Kudos
PhoneBoy
Admin
Admin
2 weeks ago

The reconnect tool is what is used to associate Endpoint clients with a different server.
migrate_server does have options to exclude Endpoint configuration, so this could be the basis for creating a new management server without Endpoint. 
Associating the firewalls with the new management server might require a small adjustment to the active policy to allow policy installation from the new management server, but after the policy install, they'll effectively be migrated to the new management server.

the_rock
MVP Diamond
MVP Diamond
2 weeks ago
In response to PhoneBoy

Interesting...never knew of that tool.

Best,
Andy
0 Kudos
Vincent_Bacher
MVP Silver
MVP Silver
a week ago
In response to the_rock

This tool is nice, we used that to migrate thousands of clients from on prem endpoint management to harmony cloud.

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
the_rock
MVP Diamond
MVP Diamond
a week ago
In response to Vincent_Bacher

Nice. Will see if I can test it in the lab.

Best,
Andy
0 Kudos
the_rock
MVP Diamond
MVP Diamond
a week ago

Hey Alex,

Were you able to figure this out? Had client ask me the same question today and I remembered this post, but told them would follow up.

Best,
Andy
0 Kudos
Kryten
Collaborator
a week ago
In response to the_rock

Not yet, we are still in the planning stage(long term project). So far it sounds like it would be easier to create a new management for the Gateways, but we still have not decided.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events