In some scenarios, such as virtualizing physical hardware, it is necessary to migrate the Endpoint Encryption Management Server to a new system. Doing so can disrupt the communication between Endpoint Encryption clients and the server, so this article provides assistance on doing this without the need of updating all of the clients.
Before migrating the server, consider the configuration of the server, and current communication settings for your clients:
Is the SEEMS database on the server, or is it on an external server?
Do clients communicate with the server via TLS\SSL?
Do clients communicate with the server via an external load balancer or proxy; or do they use the server's FQDN, hostname, or IP address?
What credentials do the clients use to authenticate to the server?
What settings are used on the Management Server for AD Sync?
Ideally, if clients use an external load balancer or proxy to reach the Management Server, then a new server can have a different hostname and IP address, and the load balancer/proxy can point to the replacement server seamlessly.
If no Load Balancer etc. is being used, and moving to a new server is necessary, go through the following steps:
Back up the SEEMS Database; if the database is hosted on an external SQL Server, the backup is just in case a problem occurs. If the database is hosted on the Management Server, it will need to be restored during the migration process.
Verify the SSL certificate is backed up, including its private key and trust chain.
Remove the existing Management Server, by shutting it down or disconnecting it from the network. Note: If the server is VM, it is handy to keep it available just in case you need to rollback.
Ready the new Management Server, changing its IP address, hostname, and domain membership, if necessary.
Install IIS and other prerequisites for Endpoint Encryption Management Server. Tip: Using the SymDiag application will allow you to easily check that prerequisites are met.
Import the SSL certificate into IIS\SEEMS.
Verify the credentials used for client access and server access are configured as they were on the old server.
If SQL Server was running on the old Management Server, and will be running on the new server, install it and import the existing SEEMS Database into the server, setting up access credentials for SEEMS to use.
Install the SEE Server Suite x64 package to the server.
Step through the Endpoint Encryption Configuration Manager, configuring the system as previously set up.
After the installation is complete, log in to the Symantec Endpoint Encryption Manager and verify that existing client data appears. Check the client communication URL to verify it responds, and make sure clients are able to communicate with the new server.
Imported Document ID: TECH157899
Subscribing will provide email updates when this Article is updated. Login is required.