How to migrate a Vulnerability Manager Plus server installation from one computer to another without losing any data?

Description

This document will provide you the steps to migrate Vulnerability Manager Plus server from one computer to another without losing any data.

For more information about the operating systems which support Vulnerability Manager Plus, read the Supported Operating Systems section.

Caution!

  1. If you have configured Failover server, contact support team for migration assistance.
  2. You should not download a fresh EXE from the website and install in the new computer; you should only copy the installation directory to the new computer.
  3. Ensure that the patch store and the software repository is reachable from the new Vulnerability Manager Plus Server.
  4. After migration, ensure that the patch store is reachable/accessible from the Vulnerability Manager Plus server.
  5. After migration, ensure that all your agents are contacting the Vulnerability Manager Plus server in the new installation. Until then do not uninstall the server in your old set up.
  6. The below mentioned steps should be followed sequentially as per the specified order. Do not change the sequence of any operation, failing which might cause issues in the server migration process.

Steps to be Performed on the Existing Installation

  1. Ensure that the new location of the patch store and the HTTP repository in software deployment are configured and accessible from the machine where the Vulnerability Manager Plus Server has been moved to.

    For example, if the patch store location is configured as D:\Patches in the existing installation, ensure that the patch store location is configured and this path is available in the new server once migration is complete. If the patch-store location is not configured and the path is not accessible from the new server, the server will not start. Software Repository refers to the HTTP Repository location shown in Software Repository Settings.
  2. Ensure that automatic update of IP Address of the Server has been enabled:
    1. Connect to the web console and click Admin --> Agent Settings
    2. Ensure that you have enabled Automatically detect and save the IP Address change option available beside the Server IP Address field and save.
  3. Configure the New Server Details in Admin>VMP Server Migration page
        Specify the details of the new server like Vulnerability Manager Plus Fully Qualified Domain Name (FQDN), Flat Name, Server IP Address, Secondary IP Address, Server HTTP Port, Server HTTPS Port, etc. and Save.
  4. Stop the Vulnerability Manager Plus Server
  5. Copy the Vulnerability Manager Plus installation directory
    1. Copy the directory named VulnerabilityManagerPlus_Server
    2. Paste it in the new computer where you are going to install the Vulnerability Manager Plus server
      Note : This step is mandatory, ensure that you copy the directory and paste it in the new server. If you try to execute the script in step 6 before copying the directory, the new server will not start.
  6. Open a command prompt as Administrator on your old installation and execute server-migration.bat enable available under <Installation_Dir>/bin>/b> directory.
    (example: C:\Program Files\VulnerabilityManagerPlus_Server\bin>server-migration.bat enable)

    Note : Executing this script will disable the Vulnerability Manager Plus Service and you will not be able to connect to the web console. The MEDC Server Component - Apache service will alone run to migrate the agents and distribution servers.

Steps to be Performed on the New Installation

  1. Open Command Prompt as Administrator and execute the Migrate-DCServer.bat from the bin folder (from the copied location)
    (example : C:\Program Files\VulnerabilityManagerPlus_Server\bin>Migrate-DCServer.bat )
  2. Add TCP ports used by Vulnerability Manager Plus to the Firewall exception list and add the Vulnerability Manager Plus folder to the anti-virus exception list. (List of ports used by Vulnerability Manager Plus)

    Note : If MySQL database is configured to run on a different computer, execute mysql-privilege.bat <new_server_ip> from mysql\ directory from the computer where the database is running.
    (example: C:\Program Files\VulnerabilityManagerPlus_Server\mysql>mysql-privilege.bat 192.168.xx.xxx )
  3. Start the Vulnerability Manager Plus server

    The Vulnerability Manager Plus agents and the distribution servers, during their next contact, will pick up the details of the new server and start communicating with the new server subsequently. You will need to run the Vulnerability Manager Plus Servers at both the installations till all the agents start reporting to the new server.

FAQs

  1. How do I know if the migration process is complete?

    To ensure that all the agents are migrated to the new server, Check the Last contact time column in SoM page. (If you are not seeing this column, choose to view from the Column Chooser). The last contact time must be after the server migration has been enabled.

  2. When should I stop the old server?

    Once all the agents starts reporting to the new server, you can stop and uninstall the Vulnerability Manager Plus server at the previous installation.

  3. How to verify if the migration has been done correctly?

    To cross check whether the server migration has been done correctly, try accessing the web console at http://oldserver:port from a web browser. If the migration process has been successful, it will automatically be redirected to http://newserver:port.

  4. What if I have wrongly entered the server details? How do I change it?

    After enabling server migration, if any changes are to be made about the new server details, then follow the steps below :

    • In the old server, edit server-migrate.conf file present in <Install_Dir>\VulnerabilityManagerPlus_Server\conf\ folder.
    • The file contains the new server details in Key=Value format; make the required changes and save.
    • Execute server-migration.bat enable from the bin folder