Merging of FSPM servers including whitelist of device policies
Can I merge database of 3 FSPM server into once, 3 servers were catering for different sets of clients. And each having many clients which are whitelisted to use HDD. If I make all clients to report into one server, how can I import the same setting from different servers to single?
Comments
-
Hi sonu
I will need to check with the product team and get back to you.
Are you using v13 or v14 clients, or mix of both ?
0 -
What exactly did you do?
Whitelist internal HDDs each to the host's node?
What is that good for?
I am trying to understand the concept. Maybe there is a way simpler solution to your problem.
0 -
Hi Sonu,
Starting from PM 14.10, policy settings can be exported to a file and then imported into another Policy Manager instance. So, you can replicate policies from 3 PM instances to the single one and move all hosts there.
If all PMs are using same admin pub/prv key pair, host migration would be easy: just specify new PM address in all PMs (including target one) and that’s it. In case you use unique key pairs, key replacer should be used for migration.
Regards,
Alex
2 -
While exporting the settings for one host does include the device blocked, exporting a subdomain does not include individual settings for the hosts belonging to that subdomain.
Thus the effort to newly add the HDDs on the new sever would be equal to export/import the setting for each individual host.
I am still not sure if @_sonu really means "block all local HDDs except one"1 -
Thanks for all replies.
I would like to explain my whole scenario.
I have around 40k clients and 04 FSPM servers for each 10k clients. In each server, there are around 1000 clients which have been allowed to use HDD, scanners or some other external devices. But for each clientes there is different HDD and scanner as these clients are at separate geo locations.
Now we plan to merge all 04 FSPM into One with enhanced server configuration, I expect 16gb RAM and 12 core cpu for all 40k clients.
So I require a solution which can migrate all 04fspm to a new or 03 to one existing with all policies whether it is applied to root, a whole policy domain or on individual client.
Is it possible?
Thanks in advance.
0 -
Hi,
this is what I expected. You are talking about some 4000 external HDDs (possible some large USB-Sticks as well?!) and each may only serve one (or two) hosts.What threat are you fearing? You allow one external drive to connect to one controlled host, but you can not disallow this drive to connect to a foreign (external, private, unmanaged) host. What is the idea of that extenal HDD (or did you mean USB-Sticks)
F-Secure Device Control is not ready to serve that amount of individual configurations. While on the Host nothing more is needed, the PMSs UI for that module is "rudimentary" only. You should rather think about a more common, less complex setup like a subdomain of systems to use external media". Yes, these would be allowed to swap the drives, but why not (see above, what is the idea)?
Apart for the sheer amount Windows has changed the way external drives are identified from "USB\Class_08" to "USBSTOR\GenDisk". This might urge you to start from scratch anyway, but may depend on the exact way how you identified the drives.
Apart from that you want to manage 40.000 Hosts on one PMS?
IMHO PMS is currently hardly ready to serve that. E.g. each client has a life connection to the PMS, which means you will need 40.000 sockets plus those for updates and PMS internal connections. The limit of 64k sockets will cause trouble!
Thus I have to warn you about to proceed without an F-Secure Engineer at your side. R&D will also be happy to learn about the results.
We have a quite long experience with customers running 23.000 hosts on a Linux based PMS. We can assist you, but the Community Forum is the wrong place.0
