Mauricio Osorio 2 Posted February 28, 2019 Share Posted February 28, 2019 I need to unified many ESMC to a new ESMC. Can i do this?. My client has many diferent branch offices and non of it has comunication betwen them until now. Then i need to unify all the consoles (5 in total) on one unique console. Can i do this whitout reinstall the agent? Thanks and regards. Link to comment Share on other sites More sharing options...
ESET Staff MartinK 383 Posted February 28, 2019 ESET Staff Share Posted February 28, 2019 31 minutes ago, Mauricio Osorio said: I need to unified many ESMC to a new ESMC. Can i do this?. My client has many diferent branch offices and non of it has comunication betwen them until now. Then i need to unify all the consoles (5 in total) on one unique console. Can i do this whitout reinstall the agent? Thanks and regards. Yes, it is possible, but you have to be careful as it might result in inability of AGENT to connect even to their original ESMC. Roughly you have to: choose new ESMC (i. e. one of existing, or install completely new ESMC) -> I will reference it as "primary ESMC" ensure that ESMC's peer certificate (as set in server settings) contains all required hostnames (or wildcard *), so that AGENTs can connect using various hostnames/IP address. export CA certificate from "primary ESMC". It has to be CA certificate that has been used to sign certificate used for incoming connections, set in server settings. import CA certificate from previous steps into all original ESMC instances. export CA certificates from all original ESMC instances and import them into "master ESMC". in this moment, all connecting AGENTs should have all 6 CA certificates (5 original + 1 from new ESMC), which means that they can connect to master ESMC, as they will trust it's certificate. This works also other way around -> master ESMC will trust all original AGENT certificates, which means it will accept connections of AGENTs from all previous instances. In each original ESMC instance, create new configuration policy for "ESET Management Agent" and specify servers to connect to in a way that list of hostnames is used, where first in list is hostname of master ESMC, and second is hostname of original server. This is just to be sure that in case AGENT cannot reach new hostname, it will be still connecting to original ESMC. In case hostname will be the same for all AGENTs, you can simplify process by export/import capability. Policies should be assigned to all clients. From this moment, AGENTs should start connecting to master ESMC. You could optionally create policy for "ESET Management Agent" which changes list of server to connect to and AGENT peer certificate so those available in master ESMC, so all remnants of original ESMC servers is removed. Mauricio Osorio 1 Link to comment Share on other sites More sharing options...
Mauricio Osorio 2 Posted March 1, 2019 Author Share Posted March 1, 2019 Good news for my client!!... I going to try and I will tell you how it is going. Thanks!. Link to comment Share on other sites More sharing options...
Mauricio Osorio 2 Posted March 4, 2019 Author Share Posted March 4, 2019 This works very well... Thanks! you save me from reinstall all the machines. Regards!. Thank you @MartinK Link to comment Share on other sites More sharing options...
Recommended Posts