Hello Henk Fictorie - Ulrich,
You would be required to do migration of the configuration on both SMAs. Moving the configuration file involves the same process as between two physical appliances.
Both appliances would need to be on the same Async OS version.
The configuration file would need to be exported with passwords unmasked to that the import can be performed.
http://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/117841-technote-esareplace-00.htmlYou may need to remove the interface and Ethernet parts from the configuration file if there are any errors at the time of importing the configuration due to the difference in the number of ports/interfaces between the two models. Please find below few high level steps:
SMA Migration High Level Steps:
===========================
i. Build Virtual SMA
a. DNS Name resolution
i. Get DNS record created (A + PTR)
ii. Get Certificate
b. Ensure AsyncOS version of the source and target Security Management appliances must be the same.
c. Deploy virtual appliance
d. Configure interface settings
e. Upgrade current SMA to Version same as of Virtual SMA
f. Prevent the target application from pulling data directly from managed appliances
i. Access the command-line interface of the target appliance
ii. Run the suspendtransfers command.
iii. Wait for the prompt to reappear.
iv. Run the suspend command.
v. Wait for the prompt to reappear.
vi. Exit the command-line interface of the target appliance.
g. Cancel scheduled configuration publishing job on backup/target appliances
i. Run the suspendtransfers and suspend commands on the backup/target appliance.
ii. Validate & Manage Disc space
a. On source machine run backupconfig and select Verify
b. Enter a name and IP address of target system and press enter
c. Review results and ensure no issues are reported
iii. Take SMA backup to Virtual SMA
- There will be minor disruption during Phase 2 of backup, at this time delta's are backed up
- During the backup, data availability reports may not work, and when viewing the message tracking results, the hostname for each message may be labeled as ‘unresolved’.
a. Initiate full backup from the old/primary/source appliance.
b. Wait for the backup to complete.
c. Run the suspendtransfers and suspend commands on the old/primary/source appliance.
d. Run a second backup to transfer last-minute data from the old/primary/source to the new/backup/target appliance.
iv. Promote Virtual SMA as Active
a. Save a copy of the configuration file from your old/primary/source appliance
b. Run the System Setup Wizard on the new/backup/target appliance.
c. Import the configuration file into the new/backup/target appliance.
d. Run the resumetransfers and resume commands on the new/backup/target appliance.
*Do NOT run this command on the old/original primary/source appliance.
e. Establish the connection between the new/backup/target appliance and the managed email security appliances:
i. Select Management Appliance > Centralized Services > Security Appliances.
ii. Click an appliance name.
iii. Click the Establish Connection button.
iv. Click Test Connection.
v. Return to the list of appliances.
vi. Repeat for each managed appliance.
v. Verify that the new/target appliance is now functioning as the primary appliance:
a. Select Management Appliance > Centralized Services > System Status and check the status of data transfers.
vi. Monitor virtual SMA for couple of weeks
I hope the above helps.
Cheers,
Pratham