Solved: Migrating to Virtual SMA from Physical

Paul Cardelli · ‎02-13-2015

Is there a way to migrate the Users Blacklist/Whitelist, Queues, Report data, and anything else from my physical appliance while moving to the virtual appliance?

This is about where I'm stuck at this point, everything else looks good. Will be nice to shut down this last physical appliance in my environment.

Mathew Huynh · ‎02-15-2015

Maybe these might help:

Backing up SMA datasets:

http://www.cisco.com/c/en/us/support/docs/security/content-security-management-appliance/118459-technote-sma-oo.html

http://www.cisco.com/c/en/us/support/docs/security/content-security-management-appliance/118441-technote-sma-00.html

View solution in original post

Ken Stieers · ‎02-13-2015

Blacklist/whitelist: yes. Go to System Administration/Configuration File. Near the bottom there's a section to Backup / Restore the End User Safelist/Blocklist. Save it on your old box, it will get dumped into the /configuration directory... FTP to the old box, and download it. FTP to the new box and upload it. Then go restore it...

Queues? do you mean quarantines? Can't move them, unless you centralized them onto a SMA. I'd let them age out, then shut down the box...

Reports yes (they're in /periodic_reports). Data, I don't think so. If I remember correctly, data for the reports is pulled out of the log files and put into a db on the box, and that can't be moved.

Ken Stieers · ‎02-13-2015

Duh, just realized you're doing an SMA... there's a way to use one SMA as a backup to the other... I'm not sure how that restore or failover process works....

Mathew Huynh · ‎02-15-2015

Maybe these might help:

Backing up SMA datasets:

http://www.cisco.com/c/en/us/support/docs/security/content-security-management-appliance/118459-technote-sma-oo.html

http://www.cisco.com/c/en/us/support/docs/security/content-security-management-appliance/118441-technote-sma-00.html

Paul Cardelli · ‎02-17-2015

Just what I needed,

Almost worked just need to set my disk allocation on the target machine and I should be able to start migration.

Paul Cardelli · ‎02-17-2015

Figured out what was wrong with the disk space. Some how my source physical SMA had more disk allocated then existed. So I fixed it to match the target SMA, and the back up is now working. I'll check everything out, if it is working, I'll start migrating all my ESAs to the new SMA and point my spam Q dns records to the new SMA.

I'll probably setup a second SMA and schedule regular backups from the new SMA, pretty nice feature. Could be improved for better HA, but we can manage.

Mathew Huynh · ‎02-17-2015

I'm glad to hear it's working out for you now.

Paul Cardelli · ‎02-18-2015

So just a quick outline for making the migration to another SMA Appliance (also if you are doing a recovery from backup):

1. Build the new SMA applaince setup all basic configurations.

2. review Disk Quotas on the new target SMA so it matches or exceeds the source SMA

3. Disable Central Services on ESAs and WSAs(I don't have a WSA so assumption made here)

4. Remove Security appliances from Source SMA (e-mail will continue to flow and all reporting data will remain locally on the ESA until it is reattached to the new SMA)

5. In the command line on the source SMA run the backupconfig command and schedule a backup now to the target sma. http://www.cisco.com/c/en/us/support/docs/security/content-security-management-appliance/118459-technote-sma-oo.html

6. Once backup completes (this can take 30-60 minutes depending on size) Reattache ESA to new SMA appliance. Also update your DNS that you use for SPAM Queues to point to the new SMA.

Validate that reports are being updated. You may need to reschedule reports on the new appliance.