Jump to content

Migration Case


Recommended Posts

I need to unified many ESMC to a new ESMC. Can i do this?.

My client has many diferent branch offices and non of it has comunication betwen them until now. Then i need to unify all the consoles (5 in total) on one unique console. Can i do this whitout reinstall the agent?

Thanks and regards.

Link to comment
Share on other sites

  • ESET Staff
31 minutes ago, Mauricio Osorio said:

I need to unified many ESMC to a new ESMC. Can i do this?.

My client has many diferent branch offices and non of it has comunication betwen them until now. Then i need to unify all the consoles (5 in total) on one unique console. Can i do this whitout reinstall the agent?

Thanks and regards.

Yes, it is possible, but you have to be careful as it might result in inability of AGENT to connect even to their original ESMC.

Roughly you have to:

  1. choose new ESMC (i. e. one of existing, or install completely new ESMC) -> I will reference it as "primary ESMC"
  2. ensure that ESMC's peer certificate (as set in server settings) contains all required hostnames (or wildcard *), so that AGENTs can connect using various hostnames/IP address.
  3. export CA certificate from "primary ESMC". It has to be CA certificate that has been used to sign certificate used for incoming connections, set in server settings.
  4. import CA certificate from previous steps into all original ESMC instances.
  5. export CA certificates from all original ESMC instances and import them into "master ESMC". 
  6. in this moment, all connecting AGENTs should have all 6 CA certificates (5 original + 1 from new ESMC), which means that they can connect to master ESMC, as they will trust it's certificate. This works also other way around -> master ESMC will trust all original AGENT certificates, which means it will accept connections of AGENTs from all previous instances.
  7. In each original ESMC instance, create new configuration policy for "ESET Management Agent" and specify servers to connect to in a way that list of hostnames is used, where first in list is hostname of master ESMC, and second is hostname of original server. This is just to be sure that in case AGENT cannot reach new hostname, it will be still connecting to original ESMC. In case hostname will be the same for all AGENTs, you can simplify process by export/import capability. Policies should be assigned to all clients.
  8. From this moment, AGENTs should start connecting to master ESMC. You could optionally create policy for "ESET Management Agent" which changes list of server to connect to and AGENT peer certificate so those available in master ESMC, so all remnants of original ESMC servers is removed.
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...