Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2109
Views
0
Helpful
4
Replies

Ironport ESA Physical-toVirtual Migration

zsmithtek
Level 1
Level 1

‎07-12-2018 12:04 PM - edited ‎03-08-2019 07:39 PM

Let me preface with - I'm fairly new to the world of IronPorts and thanks for your help.

 

I'm going to migrate a set of 4 ESAs (an inbound/outbound located at two different data centers) and the one SMA appliance all to VMware.  

 

I found this:

https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/117803-configure-esa-00.html

 

I'm thinking i'm going to do the following.  I'd like your input as to whether or not you think i'll have a nice and relaxing time doing this :)

 

Build out the 4 in/out VMs and 1 SMA with the same code as the physicals.

Backup the config per the link above I pasted in.

Restore one at a time to the corresponding virtual.  Keep the same IP/Hostname

Disconnect the physical from the network / Commit changes on the virtual.

 

do that x5 and done.  

 

What do you think?  Have you done this before- what was your method?

 

Thanks again.

Labels:
0 Helpful
4 Replies 4

Ken Stieers
VIP
VIP

‎07-12-2018 01:07 PM

Make sure all of the content engines (CASE, AV, etc. ) are the same version before you import the XML also.  I've had issues there, along with the others that the document shows.

 

With ESAs I've had better luck setting up the new stuff on new IPs, clustering them (aka configuration replication), un-cluster, shutdown old box, and then re-IP the new boxes.

 

I haven't had to do an SMA replacement yet, so I'm not so helpful there...

 

 

 

0 Helpful

svgeorgi
Cisco Employee
Cisco Employee

‎07-12-2018 01:31 PM

Your plan seems fair. I would just add the new vESAs to the same cluster/s of the physical appliances instead though. After that the physical appliances can be removed from the cluster.

Consider this when you are migrating configurations from physical to virtual appliances:

https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118065-maintainandoperate-esa-00.html

 

If you you are not going to migrate anything out of the old SMA, the plan for SMA is also looking fine.

0 Helpful

zsmithtek
Level 1
Level 1
In response to svgeorgi

‎07-13-2018 05:24 AM

Thanks for the help guys.  So from a check-list style approach i'd be doing something like the following:

Build new VMs, same OS level

Ensure all content databases are same versions

Add them to the cluster / config copy

Shut down old physicals

re-ip virtuals to the old physicals' IPs

Verify virtuals using correct update URL per link provided

Done (excluding tasks for SMA)

0 Helpful

Ken Stieers
VIP
VIP
In response to zsmithtek

‎07-13-2018 09:53 AM

Exactly.




0 Helpful
Customers Also Viewed These Support Documents