[KB7732] Migrate ESET PROTECT Virtual Appliance to ESET PROTECT Server (Windows)

Solution

1. Prerequisites
2. Create a Server certificate
3. Create and apply a policy to redirect ESET Management Agents to the new ESET PTORECT Server
4. Migrate the ESET PROTECT database to the target Windows server
5. Set up the ESET PROTECT Server

I. Prerequisites

• Verify the ESET PROTECT Server version used by your Virtual Appliance. If it is not running the latest version, upgrade the Virtual Appliance.

II. Create a Server certificate

1. Open the ESET PROTECT On-Prem Web Console.

2. Open the Peer Certificates view: click More → Peer Certificates. Click Add.

   

3. Under Basic, type the Description of the certificate. In the Product drop-down menu, select Server. Leave the Host field set to the default value (*) and leave the Passphrase and Confirm passphrase fields empty. Click Continue.

   

4. Under Sign. Below Signing method, select the radio button next to Certification authority. Below Certification authority, click Select certification authority.

   

5. Select the certification authority that you want to use to sign the certificate. Click OK.

   

6. In the Certification Authority passphrase field, type the password you use to log in to the ESET PROTECT Virtual Appliance Web Console. Click Finish.

   

III. Create and apply a policy to redirect ESET Management Agents to the new ESET PTORECT Server

1. Open the ESET PROTECT On-Prem Web Console.

2. Open the Policies view: click Policies. Click Add.

   

3. Under Basic, type a name for the policy and click Continue.

   

4. Under Settings, select ESET Management Agent from the drop-down menu and click Edit server list.

   

5. In the Servers dialog box, click Add. In the Host field, type the IP address of the target ESET PROTECT Server; use the format xxx.xxx.xxx.xxx. If you do not use the default ESET PROTECT Server port 2222, type your custom port number in the Port field. Click OK. Ensure that the new ESET PROTECT Server address is listed first in the Server dialog box. Click Save.

   

6. Click Assign → Assign.

   

7. In the Groups list, select the checkbox next to All and click OK.

   

8. Click Finish.

   

9. The time to apply the policy will vary depending on your ESET PROTECT Server configuration. When the policy is applied, migrate the ESET PROTECT database to the target Windows server.

IV. Migrate the ESET PROTECT database to the target Windows server

1. Log in to the ESET PROTECT Virtual Appliance Management Console.

2. Create a database backup.

3. Enable remote access. When enabled, you can access the Webmin management interface.

4. Connect to the Webmin management interface: in the web browser, access your ESET PROTECT Virtual Appliance's IP address on port 10000 (for example, https://xxx.xxx.xxx.xxx:10000) and log in using the root user and your ESET PROTECT Virtual Appliance password.

   

5. In Webmin, click Tools → File Manager → opt → appliance → conf. Click the three dots in the row with the db-backup.sql file and click Download.

   

6. Copy the downloaded db-backup.sql file to a location accessible from the target Windows server machine.

7. Log in to the ESET PROTECT Virtual Appliance Management Console. Select Shut down system → Yes.

8. Unless already prepared, on the target Windows Server, install and configure MySQL Server. For the root user, we recommend using the same password that you use for the ESET PROTECT Virtual Appliance.

9. Unless already created, create an empty database named era_db on the target MySQL Server. In Command Prompt, run:

   cd C:\Program Files\MySQL\MySQL Server x.x\bin
   mysql --host TARGETHOST -u root -p "--execute=CREATE DATABASE era_db /*!40100 DEFAULT CHARACTER SET utf8 */;"

   Replace C:\Program Files\MySQL\MySQL Server x.x\bin with the correct path to your MySQL server bin folder and TARGETHOST with the hostname or IP address of the target database server.

10. Restore the database. In Command Prompt, run:

    mysql --host TARGETHOST -u root -p era_db < PATHTOBACKUPFILE

    Replace PATHTOBACKUPFILE with the path to the database backup file (for example, C:\db-backup.sql).

11. Create a MySQL account that allows the root user to access the database remotely. In Command Prompt, run:

    mysql --host TARGETHOST -u root -p "--execute=CREATE USER root@'%' IDENTIFIED BY 'TARGETERAPASSWD';"

    Replace TARGETHOST with the hostname or IP address of the target database server and TARGETERAPASSWD with the password to be used for the account. We recommend using the password that you use for the ESET PROTECT Virtual Appliance.

12. Grant full access to the era_db database for the root user. In Command Prompt, run:

    mysql --host TARGETHOST -u root -p "--execute=GRANT ALL ON era_db.* TO root;"

    Replace TARGETHOST with the hostname or IP address of the target database server.

V. Set up the ESET PROTECT Server

1. Download the ESET PROTECT Server standalone installer. Run the downloaded installer.

2. On the Database server connection screen, verify that the MySQL Server and MySQL ODBC Driver are detected correctly and that the database name is era_db. In the Database account section, type root into the Username field and the account password into the Password field. If you followed the password recommendations in the Migrate the ESET PROTECT database to the target Windows server section, the password should be the same as the one you use for the ESET PROTECT Virtual Appliance.

   

3. Click Next. In the Database user dialog box, click Yes to confirm using the provided root account as a database account for ESET PROTECT On-Prem.

4. On the Web Console user & server connection screen, select the check box next to Use Administrator password already stored in the database and verify that the Agent and Console ports match the settings in the ESET PROTECT Virtual Appliance. The default Agent port is 2222, and the default Console port is 2223. Click Next.

   

5. On the Certificates screen, select the radio button next to Keep currently used certificates and click Next.

   

6. Proceed through the installer and complete the installation.

7. After the installation is completed, install the ESET PROTECT On-Prem Web Console.

8. When installed, open the ESET PROTECT On-Prem Web Console. Use your ESET PROTECT Virtual Appliance password. Verify that the agents have migrated successfully and are connecting to the new server. Do not uninstall your old ESET PROTECT Virtual Appliance until you have verified the migration was successful.