This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Dale_Lobb
Advisor
‎2020-11-13 12:29 PM
Jump to solution

migrate_server export versus migrate export

"migrate_server" is the new paradigm for upgrading one's management server.  But, it appears as of R80.40, the migrate command still exists.

SK135172 appears to specifically decry the use of migrate_server for R80.40 to R80.40 migration, since that is not an allowed upgrade path.

 

So, my question is: Which command does one use if instructed by TAC to upload a management export or if one is migrating hardware platforms but staying in the same version?

 

 

0 Kudos
1 Solution

Accepted Solutions
Eran_Habad
Employee
Employee
‎2021-12-01 12:35 AM
Jump to solution

Hi @Dale_Lobb ,

Indeed in sk135172 when looking at upgrade from R80.40 to R80.40 it shows the upgrade path is not supported, but note the focus of the SK is upgrade (i.e. advance your Management from version x to version >x), and since R80.40 to R80.40 is not considered as upgrade we declared there is no upgrade path. We consider R80.40 to R80.40 as migration (which wasn't the scope of this SK). That might be the cause of the confusion, we'll think how to make it more clear, obviously we take the blame for the confusion.

To your question:

  • migrate is a legacy tool that can be used today for quick migration (within same version only), if you try to use it for upgrade to newer version you'll get clear message that this tool cannot be used for upgrade and you'll see a reference to use the new tool (migrate_server).
  • migrate_server is the new tool for upgrade, but even if you use it for migration within the same version - behind the scenes it will automatically run the legacy migrate for you (which can also be ran manually).

Bottom line, you can't go wrong either way. Either you're blocked with clear error message, or we do the work for you behind the scenes. So no worries, you can use both for TAC.

Also I strongly recommend taking a look at sk163814 which has all the above information and more. From the SK:

=====

New upgrade command for advanced upgrade method

To upgrade your Management Server (advanced upgrade via CLI), use a new command.
The migrate_server command should be used instead of the migrate command that was used in upgrades to R80.20 or lower. For the new upgrade paths, refer to sk135172.
Make sure services are up when running the upgrade commands.

Example: 
Instead of migrate export or migrate import, we will use migrate_server export or migrate_server import

======

Also from the SK:

Scenario 3: Migrate of a Security Management server within the same version

When the source and target servers are on the same major version, migrate_server uses an accelerated flow to migrate the data.

To force the full migration flow use the following flag on both export and import commands:
-force-new-upgrade
For example:

on the source server run:

./migrate_server export -v R81 -force-new-upgrade [-l | -x] /<Full Path>/<Name of Exported File>

on the target server run:
./migrate_server import -v R81 -force-new-upgrade [-l | -x] /<Full Path>/<Name of Exported File>

 

View solution in original post

12 Replies
PhoneBoy
Admin
Admin
‎2020-11-13 10:51 PM
Jump to solution

I think a migrate may still be used for same-version migration (e.g. to different hardware).
It's even mentioned in the R81 docs: https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_CLI_ReferenceGuide/Topics-CLIG/SEC... 
Which suggests TAC may want this (versus migrate_server output).

David_C1
Advisor
‎2021-11-30 07:31 AM
In response to PhoneBoy
Jump to solution

I'm getting ready to do my own lifecycle of management hardware, staying on R80.40. The Installation and Upgrade Guide R80.40 specifically says to use the migrate_server command when moving from one R80.40 management server to another R80.40 management server (in section "Migrating Database Between R80.40 Security
Management Servers"). I've always used the old "migrate export" command. Seems SK135172 contradicts the published Installation and Upgrade Guide. What command did you end up using?

0 Kudos
Dale_Lobb
Advisor
‎2021-11-30 11:36 AM
In response to David_C1
Jump to solution

Hello David,

  Sorry, at the time of this post, I was not migrating between hardware platforms, but had been instructed by TAC to "upload an export" so that they could replicate my environment.   As you can see, the request was loosely stated, which prompted my query here,   Eventually, TAC clarified that they wanted a migrate_server export.

  Having said that, I think it indicates that "migrate_server export/import" can be used to move between hardware platforms, But as Damian said above, the R81 CLI Reference still lists "migrate export" as an option for transitioning between hardware platforms.

Best Regards,

Dale

0 Kudos
the_rock
Legend
Legend
‎2021-11-30 11:49 AM
In response to Dale_Lobb
Jump to solution

I will just share my experience...so yes, if you are doing migrate policies say from R80.40 to another R80.40 box, you can use migrate export and works fine. BUT...say if you are doing from R80.40 to R81.10, its recommended to use migrate_server as per below:

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

I tested both scenarios and got exact results I expected.

0 Kudos
David_C1
Advisor
‎2021-11-30 11:55 AM
In response to the_rock
Jump to solution

Thanks very much for the responses. When you tested both, any difference in speed or file size?

 

Dave

0 Kudos
the_rock
Legend
Legend
‎2021-11-30 11:59 AM
In response to David_C1
Jump to solution

No problem. Regardless of the process, speed depends on the size of the file.

Matlu
Advisor
‎2023-12-17 06:29 AM
In response to the_rock
Jump to solution

Hello,

One question, the "migrate_server export...." will make a backup of the logs that you have up to that moment?

Do you have to do another process to extract the logs and take them to the new version (for example if you are upgrading from R81 to R81.10)?

Cheers.

0 Kudos
the_rock
Legend
Legend
‎2023-12-17 11:49 AM
In response to Matlu
Jump to solution

I believe so.

Andy

0 Kudos
PhoneBoy
Admin
Admin
‎2023-12-18 05:47 AM
In response to Matlu
Jump to solution

By default, logs are not captured with migrate_server export.
You can include the logs (with or without indexes) with different command line switches (-l and -x).
https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_SecurityManagement_AdminGuid...
However, this isn't recommended if you have a lot of logs to move.

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2021-11-30 12:25 PM
In response to Dale_Lobb
Jump to solution

migrate_server export/import is the current tool

migrate export/import is the legacy tool

 

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Eran_Habad
Employee
Employee
‎2021-12-01 12:35 AM
Jump to solution

Hi @Dale_Lobb ,

Indeed in sk135172 when looking at upgrade from R80.40 to R80.40 it shows the upgrade path is not supported, but note the focus of the SK is upgrade (i.e. advance your Management from version x to version >x), and since R80.40 to R80.40 is not considered as upgrade we declared there is no upgrade path. We consider R80.40 to R80.40 as migration (which wasn't the scope of this SK). That might be the cause of the confusion, we'll think how to make it more clear, obviously we take the blame for the confusion.

To your question:

  • migrate is a legacy tool that can be used today for quick migration (within same version only), if you try to use it for upgrade to newer version you'll get clear message that this tool cannot be used for upgrade and you'll see a reference to use the new tool (migrate_server).
  • migrate_server is the new tool for upgrade, but even if you use it for migration within the same version - behind the scenes it will automatically run the legacy migrate for you (which can also be ran manually).

Bottom line, you can't go wrong either way. Either you're blocked with clear error message, or we do the work for you behind the scenes. So no worries, you can use both for TAC.

Also I strongly recommend taking a look at sk163814 which has all the above information and more. From the SK:

=====

New upgrade command for advanced upgrade method

To upgrade your Management Server (advanced upgrade via CLI), use a new command.
The migrate_server command should be used instead of the migrate command that was used in upgrades to R80.20 or lower. For the new upgrade paths, refer to sk135172.
Make sure services are up when running the upgrade commands.

Example: 
Instead of migrate export or migrate import, we will use migrate_server export or migrate_server import

======

Also from the SK:

Scenario 3: Migrate of a Security Management server within the same version

When the source and target servers are on the same major version, migrate_server uses an accelerated flow to migrate the data.

To force the full migration flow use the following flag on both export and import commands:
-force-new-upgrade
For example:

on the source server run:

./migrate_server export -v R81 -force-new-upgrade [-l | -x] /<Full Path>/<Name of Exported File>

on the target server run:
./migrate_server import -v R81 -force-new-upgrade [-l | -x] /<Full Path>/<Name of Exported File>

 

Dale_Lobb
Advisor
‎2021-12-01 03:03 AM
In response to Eran_Habad
Jump to solution

Thanks, Eran!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events