Issue:
How to migrate the WithSecure Policy Manager Server to the new Linux Server?
Resolution:
How to migrate / move the F-Secure Policy Manager Server to a new Linux host.
- Backup the current Policy Manager database:
- Stop the F-Secure Policy Manager Server service (CMD: # /etc/init.d/fspms stop)
- Create a backup of the following directories:
Mandatory:
/var/opt/f-secure/fspms/data/h2db
(As reference)/etc/opt/f-secure/fspms/fspms.conf
- Start the F-Secure Policy Manager Server service (CMD: # /etc/init.d/fspms start)
- Install the Policy Manager Server on to the new host
- Apply the backed up Policy Manager database folder to the new Policy Manager:
- Stop the F-Secure Policy Manager Server service (CMD: # /etc/init.d/fspms stop)
- Replace the directories with the backed up versions from step 1
- Restart F-Secure Policy Manager Server service (CMD: # /etc/init.d/fspms start)
- Run /opt/f-secure/fspms/bin/fspms-config
- Configure both, new and old, Policy Manager Server address value in the policy to point to the new Policy Manager Server
- For Policy Manager Version 14 and higher
- Open Policy Manager Console
- Go to Settings > Windows > Centralized management
- In the Policy Manager Server address text field, type in the new Policy Manager Server address and in the respective HTTP/HTTPS text fields the designated values for these ports
- Set the padlock icons tailing these text fields to the locked position, which will ensure to enforce the new value
- Distribute (Ctrl+D) the new policy
- For Policy Manager Version 13
- Open Policy Manager Console
- Go to Settings > Centralized management
- In the Policy Manager Server address text field, type in the new Policy Manager Server address including the HTTP port (for example: http://myserver.local:80) and in the HTTPS text fields the designated values for these ports
- Set the padlock icons tailing these text fields to the locked position, which will ensure to enforce the new value
- Distribute (Ctrl+D) the new policy
- Once the managed hosts have fetched the new communication settings from the old Policy Manager, they will start to communicate with the new Policy Manager Server.
Note #1: If the WithSecure clients continue communicating with the old Policy Manager Server, be sure to verify connectivity from the clients to the new Policy Manager Server's designated ports (HTTP/HTTPS).
Note #2: If the new host will preserve the DNS name of the old Policy Manager Server host and you are using that address the as main management server address, you can simply paste the H2-Database file from step 1 to the new Policy Server Manager host.
Article no: 000002090