Issue
- Migrate ESET PROTECT Server from ESET PROTECT Virtual Appliance to Windows Server
Solution
- Prerequisites
- Create a certificate with connection information
- Set a new ESET PROTECT Server IP address and assign the policy
- Enable Webmin interface
- ESET PROTECT Server Setup
I. Prerequisites
- ESET PROTECT Virtual Appliance
- Before the migration, ensure you have the latest version of ESET PROTECT Virtual Appliance
- I do not know what version of ESET PROTECT Virtual Appliance I use
- If you run an earlier version, follow the recommended upgrade instructions for ESET PROTECT Virtual Appliance
- Before the migration, ensure you have the latest version of ESET PROTECT Virtual Appliance
- New MySQL database using the default name era_db and username root
II. Create a certificate with connection information
-
Open ESET PROTECT On-Prem in your web browser and log in.
-
Click More → Peer Certificates → New → Certificate.
-
In Basic, type the Description of the certificate. Select Server from the Product drop-down menu. Leave the Host field set to the default value and leave the Passphrase and Confirm passphrase fields empty.
-
Click Sign. Select the radio button next to Certification authority under Signing method. In the Certification authority options, click <Select certification authority>. A new window will open. Select the certification authority you want to use to sign a new certificate. Click OK to confirm and return to the previous window.
-
Type the Certification Authority passphrase. In this case, it is the same password you use to log into the ESET PROTECT Virtual Appliance Web Console. Click Finish to apply.
III. Set a new ESET PROTECT Server IP address and assign the policy
-
Open ESET PROTECT On-Prem in your web browser and log in.
-
Click Policies → New Policy.
-
In Basic, type a name for your policy.
-
Click the Settings tab, select ESET Management Agent from the drop-down menu, and click Edit server list.
-
In the Servers window, click Add. In the Host field, type the IP address of your new ESET PROTECT Server (on Windows) in the format xxx.xxx.xxx.xxx. If you use a port other than the default ESET PROTECT Server port 2222, specify your custom port number. Click OK. Make sure your new ESET PROTECT Server address is listed first and click Save.
-
Click Assign → Assign to display a new popup window with all Static and Dynamic Groups.
-
Select the Static Group All to assign the policy to all connected agents and click OK.
-
Review the settings for this policy and click Finish to apply. The time to apply the policy will vary depending on your ESET PROTECT Server (on Windows) configuration.
-
When the policy is applied, open ESET PROTECT Virtual Appliance and create a database backup.
IV. Enable Webmin interface
-
In the ESET PROTECT Server Appliance management mode menu, select Enable/Disable Webmin interface to enable the Webmin interface.
-
Connect to the Webmin interface using a web browser with the IP address of ESET PROTECT Virtual Appliance and port 10000. For example, https://xxx.xxx.xxx.xxx:10000. Log into the Webmin interface using the ESET PROTECT Virtual Appliance credentials where root is the login.
-
In the Webmin interface main menu, expand Tools and click File Manager. Click the root folder. Right-click the era-backup.sql file and select Download from the context menu. Save the file to a local drive and copy it to a location accessible from the target Windows machine.
-
Return to the ESET PROTECT Virtual Appliance window, log into the management mode and select Shut down system.
-
On the target Windows Server, prepare a clean installation of MySQL Server. When you are prompted by the MySQL installer to create a Root Account Password, we recommend that you use the same one you used in the ESET PROTECT Server Appliance.
-
Before proceeding, you must import ESET PROTECT Virtual Appliance database backup to an empty database named era_db on the target MySQL Server. Open a Command prompt and navigate to the MySQL Server binaries folder (the default location is
C:\Program Files\MySQL\MySQL Server x.x\bin
). Type the following commands, and replaceTARGETHOST
with the address of the target database server.mysql --host TARGETHOST -u root -p "--execute=CREATE DATABASE era_db /*!40100 DEFAULT CHARACTER SET utf8 */;"​
-
Restore the ESET PROTECT Virtual Appliance backup database to the previously prepared empty database. Make
PATHTOBACKUPFILE
the location where you have stored the ESET PROTECT Virtual Appliance database backup:mysql --host TARGETHOST -u root -p era_db < PATHTOBACKUPFILE
-
Create an ESET PROTECT On-Prem database user named
root
on the target MySQL server. ReplaceTARGETERAPASSWD
with the password you used to log in to ESET PROTECT Virtual Appliance Web Console:mysql --host TARGETHOST -u root -p "--execute=CREATE USER root@'%' IDENTIFIED BY 'TARGETERAPASSWD';"
-
Grant proper access rights for the ESET PROTECT On-Prem database user
- root
, on the target MySQL server:mysql --host TARGETHOST -u root -p "--execute=GRANT ALL ON eradb.* TO root;"​
V. ESET PROTECT Server Setup
-
Download the ESET PROTECT Server standalone component. Execute the installation file and follow the Installation Wizard.
-
In the Database server connection setup screen, ensure that the MySQL Server and MySQL ODBC Driver are detected properly. The database must be named era_db. In the Database account section, type in the Username "root" and Password you created in step 8.
-
Click Next to continue. The installer will ask if you want to use the provided user root as a database user for ESET PROTECT On-Prem, click Yes to apply and continue.
-
Select the check box next to Use Administrator password already stored in the database. Change the Agent and Console port if required to match the settings in the ESET PROTECT Server Appliance. The default value for the Agent port is 2222, and the default value for the Console port is 2223. Click Next.
-
In the following window, select the radio button next to Keep currently used certificates and click Next. Follow the Installation Wizard to finish the Server component installation.
-
Open ESET PROTECT On-Prem in your web browser and log in.Use your ESET PROTECT Server Appliance password. Verify that the agents have migrated successfully and are connecting to the new server. Do not uninstall your old ESET PROTECT Server Appliance until you have verified the migration was successful.