Description
This document contains steps necessary to migrate EMS to a new server based on 3 scenarios.
Scope
Solution
Same IP address
Different IP address
Using an IP address for FortiClient registration
This document contains steps necessary to migrate EMS to a new server based on 3 scenarios.
Scope
- New EMS will have the same IP address as the existing EMS
- New EMS will have a different IP address than the existing EMS
- Using IP address for registration
- Using FQDN for registration
- Current EMS is not accessible
- Using IP address for registration
- Using FQDN for registration
Solution
Same IP address
- Create a backup of the EMS database. This will create a .ENC file which can only be restored to an EMS of the same version. Meaning, a backup from a 1.2.5 EMS can only be restored to another 1.2.5 EMS.
- Install the same version of EMS on a new server and apply your license. See “Licensing FortiClient EMS” in the EMS admin guide.
Note: You will have to call in to customer service (1-866-648-4638) to have your license file updated to reflect the new Hardware ID of the server. Hardware ID can be found under Administration > Upgrade License. If you are logged into the support site, you will have to log out and back in after the license is updated. - Restore the database backup.
- Cut over so the old EMS is no longer reachable and the new one is.
- Clients will register to the new EMS transparently.
Different IP address
Using an IP address for FortiClient registration
- Existing EMS is on IP x.x.x.x.
- Create a backup of the EMS database. This will create a .ENC file which can only be restored to an EMS of the same version. Meaning, a backup from a 1.2.5 EMS can only be restored to another 1.2.5 EMS.
- Install the same version of EMS on a new server with IP address y.y.y.y and apply your license. See “Licensing FortiClient EMS” in the EMS admin guide.
Note: You will have to call in to customer service (1-866-648-4638) to have your license file updated to reflect the new Hardware ID of the server. Hardware ID can be found under Administration > Upgrade License. If you are logged into the support site, you will have to log out and back in after the license is updated. - Restore the database backup.
- Update the “Listen on IP” and FortiClient download URL settings
- Create a Gateway List on the old server which has y.y.y.y specified in "IP addresses/Hostnames".
- Apply this gateway list to endpoints which you wish to migrate.
Using FQDN for FortiClient registration
Note: To use FQDN for FortiClient connections, please review “Configuring Server settings” section of the EMS admin guide.
- Existing EMS is on IP address x.x.x.x, using FQDN "EMS.domain.com".
- Create a backup of the EMS database. This will create a .ENC file which can only be restored to an EMS of the same version. Meaning, a backup from a 1.2.5 EMS can only be restored to another 1.2.5 EMS.
- Install the same version of EMS on a new server with IP address y.y.y.y and apply your license. See “Licensing FortiClient EMS” in the EMS admin guide.
Note: You will have to call in to customer service (1-866-648-4638) to have your license file updated to reflect the new Hardware ID of the server. Hardware ID can be found under Administration > Upgrade License. If you are logged into the support site, you will have to log out and back in after the license is updated. - Restore the database backup.
- Update the “Listen on IP” and FortiClient download URL settings.
- Update your DNS record so EMS.domain.com now resolves to y.y.y.y.
Current EMS is not accessible
In some cases, EMS will no longer be accessible. For example if you've forgotten/lost the password or your server has crashed and is not recoverable.
Using an IP address for FortiClient registration
- Existing EMS is on IP address x.x.x.x.
- Install EMS on IP address y.y.y.y and apply your license. See “Licensing FortiClient EMS” in the EMS admin guide.
Note: You will have to call in to customer service (1-866-648-4638) to have your license file updated to reflect the new Hardware ID of the server. Hardware ID can be found under Administration > Upgrade License. If you are logged into the support site, you will have to log out and back in after the license is updated. - Create any profiles you wish to have assigned to endpoints after migrating.
- Import domain (if applicable) and assign profiles to groups/OUs as appropriate.
- Redirect the registration/keep-alive traffic to the new IP address. If the endpoint traffic uses a FortiGate to route to the EMS, use a VIP as follows:
- Create a Gateway List which has the EMS’ IP address specified in "IP addresses/Hostnames".
- When the endpoints sync this Gateway List, they will begin to communicate directly with y.y.y.y and so you may delete the VIP.
Note: To use FQDN for FortiClient connections, please review “Configuring Server settings” section of the EMS admin guide
- Existing EMS is on IP x.x.x.x.
- Install EMS on IP address y.y.y.y and apply your license. See “Licensing FortiClient EMS” in the EMS admin guide.
Note: You will have to call in to customer service (1-866-648-4638) to have your license file updated to reflect the new Hardware ID of the server. Hardware ID can be found under Administration > Upgrade License. If you are logged into the support site, you will have to log out and back in after the license is updated. - Create any profiles you wish to have assigned to endpoints after migrating.
- Import domain (if applicable) and assign profiles as appropriate.
- Update the DNS record so it now resolves to y.y.y.y.
