Summary
You want to migrate the PolicyServer Application Server due to any of the following reasons:
- Move a single server application to a distributed installation with roles separated by server type.
- Replace or upgrade the current application server hardware platform.
- Migrate the application server to a different physical or logical network.
- Migrate the application from physical to virtual hardware.
Details
Requirements to migrate:
- Existing PolicyServer
- SQL Server database available from source and destination application servers
- Source and destination application servers available from existing Endpoint Encryption clients
- Control of applicable DNS zones
To prepare Endpoint Encryption for migration:
- Adjust the following policies to avoid interruption of client operations:
- MobileSentinel > Common > Compliance > Synchronization Timeout (5 is the recommended value)
- MobileSentinel > PC > MobileSentinelSyncInterval (1440 is the recommended value)
- Full Disk Encryption > Common > Login > AccountLockoutPeriod (180 is the recommended value)
- Make sure that the clients received the new settings.
To migrate the PolicyServer:
- Back up the Endpoint Encryption databases.
- Build a new Application Server.
- Install the PolicyServerInstaller.exe file on the target application server, using the same settings as the existing PolicyServer.
- Create a DNS alias for the source server FQDN referencing the target server FQDN.
- Disable PolicyServer Windows Service on the source server.
- Migrate existing clients to use the target URI.
To verify the migration:
- Use the PolicyServer MMC Snap-in to connect to the target PolicyServer identified by its FQDN.
- Use the PolicyServer MMC Snap-in to connect to the target PolicyServer identified by the source PolicyServer alias.
- Install a new Endpoint Encryption client application on the target PolicyServer identified by its FQDN.
- Ensure that the existing clients have pre-boot connectivity. The clients must be able to log in and sync policies.
