cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6601
Views
5
Helpful
12
Replies

How to migrate IronPort email security from C350 (6.5) to C370 (7.6)

endpoint
Level 1
Level 1

Hello

i have two IP C350 running ios version 6.5, in a cluster mode and would need to know what would be the best (and quickest) way to replace existing units and migrate current configuration from both IPs and have established cluster again.

Old IPs are C350, running AsyncOS 6.5.3-007. New units are two C370, running IOS AsyncOS 7.6.1

If there is any how-to with steps required that you guys are aware of and would like to share would be awesome.

Appreciated.

12 Replies 12

So, first off, any chance the 350's can be upgraded to 7.6.1? 

If that's doable...

     Remove one from the cluster (not disconnect, it should will take a "flattened" version the config along with it)

     Upgrade that box

     Create a new cluster with that box

     Join the 370s to that cluster

     Remove the 350 from the cluster.

If upgrading one of the boxes isn't really feasible, I'd set up the 370s in a cluster and start configing them with the 350 in one window and the 370 in the other...

You could export the config file, edit it and upload snippets of your old config to the 370s and then commit them, but that may be more work than just doing it by hand...

Ken

Yes, i was planning to upgrade C350 to 7.6.1

Here is my plan (pls correct if needed):

Break the cluster

upgrade "backup" C350 to 7.6.1

export config from upgraded C350

import config to C370 (already on 7.6.1)

check if all config on C370 are migrated correctly

upgrade "main" c350 to 7.6.1

export config from upgraded C350

import config to C370 (already on 7.6.1)

check if all config on C370 are migrated correctly

Create cluster and test email flow.

What is your opinion?

That will work too... but remember, when you add a box to a cluster, the new box gets the cluster's config, and there isn't a "primary/backup" concept in the cluster, just in how you get mail to them, so you can use either one as a root for new cluster.  Also, you won't have to upgrade the second 350...

Get one 350 to 7.6.1, move its config to the 370 using export/import, then join the other 370 to the first 370 in a cluster, and you're done... (other than moving the flow around).

I just did this myself it went pretty well but you need to modify the config file a bit the 370s have an additional data port the 350 don't. Basically got throught the interfaces, port and ethernet section in the config file and match them up to the 370 hardware. Other than that you should be good to go.

I have completed upgraded of the one ironport out of two. I had issues with clustering since i run upgrade from the GUI (GUI inform you that it would need to disconnect the unit from the cluster in order to perform the upgrade).

Answering Yes to this the upgrade starts and finishes with no issue. But when you try to migrate config from old unit to the new unit, whole bunch of messages pops out related to cluster, ports, Ethernet, etc. And i put netwrok config part from new unit to the config.

The CLI at the old unit shows that unit is disconnected from the cluster and not removed, so command to remove the unit from the cluster was issued. After reboot, i export the config from the old unit, made changes to the network part (ports, ethernet, MAC address) and import the config into new unit with no issues.

Now, i have one new unit handling email and one old unit waiting for replacement. No cluster existis between these units at this point.

So, for second unit, i will do:

from CLI remove old unit from the cluster.

run the upgrade

reboot

export configuration and make changes to the network part.

import config to the new unit and cross fingers (the cross finger method works very well from time to time).

recreate a cluster.

Will update the thread once all is done.

This procedure worked well.

jokkmeister
Level 1
Level 1

Couldn't you just as easily do this by just removing one of the 350's and then config a 370 with the network config from the removed 350 and then join it to the cluster? Shouldn't it then inherit all the cluster settings and then you do the same to the second 350 and 370? and then voila, an upgraded cluster?

I mean instead of using the configuration file that is.

Joacim,

Yes, as long as the code is the same version on both boxes.  Sometimes that's an issue...

Ken

Both version have to be the same ios version.

Both methods work and are described a bit more in detail in here:

Article #1116: Steps on replacing an appliance that is in a cluster Link: http://tools.cisco.com/squish/1bf2f

I usually suggest method two, but it's always a matter of 'taste' ;-)

Regards,

Enrico

Dear Enrico

  how about replace two ironport c350(OS6.5) to c370(OS7.6) in cluster with no downtime ?

Hello Netcrafteng,

just follow the steps given in the link Enrico provided in his last response, first administratively removing all C350 appliances from the cluster, then upgrading them to 7.6, one after another. The important thing to understand is that removing an appliance from the cluster does not mean the system stops processing messages. It will still work as usual. Also during an upgrade, the only downtime you will have on each appliance is when it has to be restarted at the end of the upgrade. While fetching the upgrade files, mail flow will be as usual. So upgrading one appliance at one time only will ensure that mail flow will not be interrupted. Once all C350 appliances have been upgradet, proceed with replacing them with the C370s according to the article, also one by one, and there will be not interruption.

Hope that helps,

Andreas