Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Migrating the Deep Security or Vulnerability Protection database

    • Updated:
    • 17 Sep 2021
    • Product/Version:
    • Deep Security 10.0
    • Deep Security 10.1
    • Deep Security 10.2
    • Deep Security 10.3
    • Deep Security 11.0
    • Deep Security 11.1
    • Deep Security 11.2
    • Deep Security 11.3
    • Deep Security 12.0
    • Vulnerability Protection 2.0
    • Platform:
    • N/A
Summary

Learn how to migrate the Deep Security or the Vulnerability Protection database. This article discusses the migration of the following:

  • From SQL Server Express to Microsoft SQL Server Enterprise
  • From Microsoft SQL Server Enterprise to another SQL Server Enterprise
Details
Public

To migrate the database from SQL Server Express to Microsoft SQL Server Enterprise:

  1. Stop the Deep Security Manager service so that it stops writing to the database.
    Deep Security Agents will continue to apply their current protection policies while the manager is stopped. Events will be kept and transmitted when Deep Security Manager returns online.
  2. Back up the database(s).
  3. Back up the database connection settings file:
        [Deep Security install directory]/webclient/webapps/ROOT/WEB-INF/dsm.properties
        
  4. Move the database to the new database engine. Restore the backup.
  5. Edit dsm.properties to connect to the migrated database:
    • database.SqlServer.user
    • database.name
    • database.SqlServer.instance
    • database.SqlServer.password
    • database.type
    • database.SqlServer.server

    If using the default instance, you can delete the database.SqlServer.instance setting.

    You can enter a plain text password for database.SqlServer.password; Deep Security Manager will encrypt it when the service starts, like this:

        database.SqlServer.password=!CRYPT!20DE3D96312D6803A53C0D1C691FE6DEB7476104C0A
        
  6. Restart the Deep Security Manager service.
  7. To verify that it has successfully reconnected to the database, log in to Deep Security Manager.
    Existing protected computers and event logs should appear. As new events such as administrator logins or policy changes occur, they should be added. If not, verify that you have granted permissions to the database user account on the new database server.

If you are using a non-English SQL server, follow this KB article to change the language settings of the SQL admin for the DSM: Issues might occur when installing the Deep Security Manager (DSM) with non-English SQL server.

To migrate from one SQL Server Enterprise to another SQL Server Enterprise:

  1. Use the backup function from the Deep Security Manager.
     
    Backup option is no longer available in Deep Security 12.0. If you are using this version, backup the data using SQL Management Studio. Make sure to shut down the Deep Security services before performing the SQL backup.
    1. Go to Administration > Scheduled Task > New.
    2. Select Once Only as the frequency.
    3. Select the Backup task type and set the path (i.e. C:\dbbackup).

    Select Backup

  2. Restore the database backup using the SQL commands below:
     
    Before restoration, ensure the DB name is not yet existing in DR DB table. Make sure to replace the DB name and the mdf/ldf location accordingly.

    USE master
    RESTORE DATABASE test FROM DISK = 'e:\DB\1612131027.dsm-backup'
    /*test is original DSM DB name, ‘e:\DB\1612131027.dsm-backup’ is DSM db copy file*/
    WITH MOVE 'test' TO 'c:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\DATA\test.mdf',
    MOVE 'test_log' TO 'c:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\DATA\test_log.ldf'
    /* c:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\DATA is location of DB mdf/ldf*/
    GO

  3. After migrating the database, you need to point your Deep Security Manager (DSM) or Vulnerability Protection Manager (VPM) to the new database.
  4. Edit the following file on the DSM/VPM server host:

    Open the [Deep Security/Vulnerability Protection install directory]\webclient\webapps\ROOT\WEB-INF\dsm.properties file to see the database connection properties. Make sure to create a backup first before modifying the file.

  5. Update the file.

    Sample dsm.properties file looks like this:

     #Wed Jun 11 16:19:19 EDT 2008
    database.SqlServer.user=sa
    database.name=IDF
    database.directory=null\\
    database.SqlServer.password=$1$87251922972564e6bb3e2da917463fb1de
    4a5fcea848e688cd4ceb42b9bfb17a942c3c8ad99ff05938c81a60a2a11f4c3c6
    c1af5c9d01f3c8bfa60e634502aba112b9394ee4f73c970a6970fc9db6f96ba0cc
    80600ad4e36869881bddc3bdfc1abf8a7b2be459ff92c5dfeabbd8e7fd8
    database.SqlServer.instance=DSM
    mode.demo=false
    database.SqlServer.namedPipe=true
    database.type=SqlServer
    database.SqlServer.server=.
    manager.node=1

    It should be modified to look like this:

    #Wed Jun 11 16:19:19 EDT 2008
    database.SqlServer.user=sa
    database.name=idf-restore1
    database.directory=null\\
    database.SqlServer.password=<type the password of the sql account>
    database.SqlServer.instance=
    mode.demo=false
    database.SqlServer.namedPipe=false
    database.type=SqlServer
    database.SqlServer.server=<name of the sql server>
    manager.node=1

     
    Your options may vary, but be sure that if you chose named pipes, the proper windows authentication/trust exists between the DSM/VPM server host and the database host. If you chose TCP, make sure that it is enabled on the database.
  6. Start the Deep Security Manager or Vulnerability Protection Manager service.

If the DSM database was migrated from an SQL Server that does not enforce SSL encryption to a new one that does, the connection to the database may fail. As a result, the Deep Security Manager (DSM) console cannot be opened and the web browser displays "HTTP Status 412 Error". From the server0.log sample, it shows the following:

    WARNING: ThID:15|TID:0|TNAME:Primary|UID:-1|UNAME:|Unable to connect to the database. Retrying in 10 seconds.  java.sql.SQLException: I/O Error: DB server closed connection.

On a fresh installation of Deep Security or Vulnerability Protection with SSL-enforced SQL Server, the entry "database.SqlServer.ssl=require" is normally added in the [Deep Security/Vulnerability Protection install directory]\webclient\webapps\ROOT\WEB-INF\dsm.properties file. Since the SSL encryption was only enforced during the database migration to the new SQL server, the said entry will not exist. Thus, the issue occurs.

To address the issue:

  1. Stop the Deep Security Manager or Vulnerability Protection Manager service.
  2. Go to the [Deep Security/Vulnerability Protection install directory]\webclient\webapps\ROOT\WEB-INF\ directory and open the dsm.properties file.
  3. Add the following line at the bottom and then save the file.

    database.SqlServer.ssl=require

  4. Start the Deep Security Manager or Vulnerability Protection Manager service.
Premium
Internal
Partner
Rating:
Category:
Migrate
Solution Id:
1055707
Feedback
Did this article help you?

Thank you for your feedback!


*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.