- CheckMates
- :
- Products
- :
- General Topics
- :
- Re: Checkpoint SMS Migration from R77.30 to R80.30...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Checkpoint SMS Migration from R77.30 to R80.30 licensing requirement.
Hello Team,
We are planning to migrated R77.30 SMS which is currently running on Smart-1 225 appliance to R80.30. Since, we are having only one physical device available we are planning to install R80.30 on a VM and migrate existing R77.30 database to it. Later on we will migrate the physical box.
My concern is, is it possible to do so? If yes, is there any difference in license for physical appliance and VM (Open server). Do we need any additional licensing for VM or same license will work?
Thanks for your help in advance.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you have a Smart-1 and are looking to migrate into VMWare, the process is the following with your reseller:
1) Say that you want to "turn in" your Smart-1 and associated licensing. What rate you will get for this will depend on various promotions that are in effect.
2) This will create some level of credit that can be used to offset the purchase of a new open server SMS license. The cost drivers of this license will be:
- How many gateways you need to manage with the new SMS
- Whether you want to do more than one domain/CMA (a.k.a. Provider -1/MDMS)
- Any special add-ons (separate correlation units, separate log servers, ability to manage an unlimited number of gateways, etc.)
3) So for example the lowest SMS license you could purchase is:
CPSM-NGSM5 - Next Generation Security Management Software for 5 gateways (SmartEvent & Compliance 1 year)
next up the chain is:
CPSM-NGSM10 - Next Generation Security Management Software for 10 gateways (SmartEvent & Compliance 1 year)
These both include the following management blades which should be all you need, it is rare to need any add-ons:
Including Blades: Network Policy Management, Endpoint Policy Management, Logging and Status, Monitoring, SmartWorkflow, SmartProvisioning, User Directory, Management Portal, SmartEvent for 1 year, Compliance for 1 year.
4) As far as VM resource provisioning, if you can swing it I'd recommend at least 8 cores and 16GB RAM (32GB of RAM if you have a large configuration or more than 10 gateways). However the most important factor for virtualized SMS performance is disk I/O speed. Having your SMS share a disk channel with 50 database VMs that are also pounding that same disk channel will lead to absolutely terrible SMS performance, no matter how many cores and how much RAM you allocate. Talk to your VM guy, usually there is a choice of different physical disk paths for your new VM, you want to be on the one that is fastest and/or least loaded. Trust me on this one. There are a few extra optimization strategies here as well: sk104848: Best Practices - Performance Optimization of Security Management Server installed on VMwar....
now available at maxpowerfirewalls.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It is technically possible to do. But as you have mentioned yourself, your license should be changed. This is not a technical, but a legal requirement.
Using an appliance license on a virtual machine is a breach of EULA
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you have a Smart-1 and are looking to migrate into VMWare, the process is the following with your reseller:
1) Say that you want to "turn in" your Smart-1 and associated licensing. What rate you will get for this will depend on various promotions that are in effect.
2) This will create some level of credit that can be used to offset the purchase of a new open server SMS license. The cost drivers of this license will be:
- How many gateways you need to manage with the new SMS
- Whether you want to do more than one domain/CMA (a.k.a. Provider -1/MDMS)
- Any special add-ons (separate correlation units, separate log servers, ability to manage an unlimited number of gateways, etc.)
3) So for example the lowest SMS license you could purchase is:
CPSM-NGSM5 - Next Generation Security Management Software for 5 gateways (SmartEvent & Compliance 1 year)
next up the chain is:
CPSM-NGSM10 - Next Generation Security Management Software for 10 gateways (SmartEvent & Compliance 1 year)
These both include the following management blades which should be all you need, it is rare to need any add-ons:
Including Blades: Network Policy Management, Endpoint Policy Management, Logging and Status, Monitoring, SmartWorkflow, SmartProvisioning, User Directory, Management Portal, SmartEvent for 1 year, Compliance for 1 year.
4) As far as VM resource provisioning, if you can swing it I'd recommend at least 8 cores and 16GB RAM (32GB of RAM if you have a large configuration or more than 10 gateways). However the most important factor for virtualized SMS performance is disk I/O speed. Having your SMS share a disk channel with 50 database VMs that are also pounding that same disk channel will lead to absolutely terrible SMS performance, no matter how many cores and how much RAM you allocate. Talk to your VM guy, usually there is a choice of different physical disk paths for your new VM, you want to be on the one that is fastest and/or least loaded. Trust me on this one. There are a few extra optimization strategies here as well: sk104848: Best Practices - Performance Optimization of Security Management Server installed on VMwar....
now available at maxpowerfirewalls.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
For a new installation, you have a PnP Evaluation license generated automatically - so there should be no issue with the VM as long as it is only using the PnP license for some days.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Not exactly. After DB import, the old license will apply, and PnP will no longer be active
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @_Val_, thanks for your help. So VM option is not possible. As this is my first migration and I don't want to take any risk, could you please suggest the best way to migrate?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I did not say that it would be impossible.
You can always get an evaluation license during migration. Another option is to keep the same IP address of the new management server. As mentioned before, technically it will work. For legal purposes, you will have to purchase a new final license for your management, once migrated.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If your going to import back into your existing Smart-1 525, it will be fine.