Moving 3 ESA and 1 SMA

Unanswered Question
Aug 15th, 2008

Hello,
We have 3 ESA (one C300 and 2 C350) working in a cluster mode, two of them with an MX record of 50 and another one with 40. And also a C650 for cetralized management. We need to move them all to another data center. The move will take about 2 or 3 days. they will be given with new MX records in the new location.

What is your recommendation for moving them? Can we take first the two devices with hightest cost (50) leaving only operational one ESA and the SMA? or would you recommend to move first one ESA with the SMA, leaving operational the other 2 ESA?

With respect to configuration, do we need to do something for the movement? I think we will need to disconnect all devices from the cluster before moving them, right? otherwise when the first two devices are moved to the new location there can be issues. I have no expirience on SMA, what should I do in order to move it? what considerations should I take?

Thanks in advance for your help!
Best regards

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
SPAMHater_ironport Fri, 08/15/2008 - 21:50

If you are moving locations then the IP's will change I assume. You will need firewall rules and to modify the MX records. I would do all that stuff ahead of time, probably one appliance at a time to make sure there isn't any interruption. It all depends how careful you want to be.

Hello,
We have 3 ESA (one C300 and 2 C350) working in a cluster mode, two of them with an MX record of 50 and another one with 40. And also a C650 for cetralized management. We need to move them all to another data center. The move will take about 2 or 3 days. they will be given with new MX records in the new location.

What is your recommendation for moving them? Can we take first the two devices with hightest cost (50) leaving only operational one ESA and the SMA? or would you recommend to move first one ESA with the SMA, leaving operational the other 2 ESA?

With respect to configuration, do we need to do something for the movement? I think we will need to disconnect all devices from the cluster before moving them, right? otherwise when the first two devices are moved to the new location there can be issues. I have no expirience on SMA, what should I do in order to move it? what considerations should I take?

Thanks in advance for your help!
Best regards
victor.blanco_i... Sun, 08/17/2008 - 05:42

Hi,

Thank you for your reply SPAMHater. It is a good advice to move one by one to avoid any interruption on the service. My plan is as follows, let's see if you find something wrong:

1- backup config file of one ESA
2- Remove one ESA from the cluster
3- Take it to the new location
4- update the MX record of that device
5- re-configure the ESA with new Net info (IP interface, DNS, gateway, etc)
6- re-join the moved ESA to work with the SMA in the other site.
7- start receiving/sending mails
8- few days later, repeat steps 1 to 6 for another ESA
9- create a new cluster with the two ESA in the new location
10- few days later, move the remaining ESA and the SMA

- Question 1: is it possible to join this ESA remotely to the SMA althoughit is not in the same cluster?
- Question 2: is it possible to move local quarantine files from the ESA to the SMA? I thinking in the we might have alone for one week one ESA, and then we would need to move the local quarantine files to the SMA.

My main worriness is with the SMA, do you where can I find its "user guide"?

Thanks again, and best regards

SPAMHater_ironport Tue, 08/19/2008 - 01:55

Hi Victor,

There is really not much to the SMA, I don't think I have even seen a guide for it!! the SMA can't join your cluster of appliances. All the settings you mention such as IP, Gateway etc. are specific to each ESA anyway, they are not cluster settings with the exception of DNS but you can create a group for it, if the appliance will be talking to each other when they are in different locations. I would not break the cluster just disconnect that one appliance you are taking, once you have two or more appliances in the same location you can reconnect. Just try not to make any major changes that way you don't create inconsistencies in the cluster.

Question 1: is it possible to join this ESA remotely to the SMA althoughit is not in the same cluster? Ans: As long as the SMA can communicate to the designated ESA via one of the protocols specified such as SSH and the right credentials are used, it does not matter where each box resides. Remember your SMA is not joining your cluster, you are simply pointing your SMA to gather info from your ESA and configuring your ESA to send off-box quarantine etc.

Question 2: is it possible to move local quarantine files from the ESA to the SMA? I thinking in the we might have alone for one week one ESA, and then we would need to move the local quarantine files to the SMA.
Ans: I don't think there is a way to move existing quarantined files from the ESA to an SMA I have explored that route before and have been unsuccessful, what I ended up doing was suspending the listener of one appliance at a time so no new incoming mail would come in, leaving the on-box quarantine on so the users can access it, and waiting until the specified purge time, and then after pointing to the SMA for off-box.

Hope it helps in some way. ;-)



Hello,
We have 3 ESA (one C300 and 2 C350) working in a cluster mode, two of them with an MX record of 50 and another one with 40. And also a C650 for cetralized management. We need to move them all to another data center. The move will take about 2 or 3 days. they will be given with new MX records in the new location.

What is your recommendation for moving them? Can we take first the two devices with hightest cost (50) leaving only operational one ESA and the SMA? or would you recommend to move first one ESA with the SMA, leaving operational the other 2 ESA?

With respect to configuration, do we need to do something for the movement? I think we will need to disconnect all devices from the cluster before moving them, right? otherwise when the first two devices are moved to the new location there can be issues. I have no expirience on SMA, what should I do in order to move it? what considerations should I take?

Thanks in advance for your help!
Best regards
kluu_ironport Tue, 08/19/2008 - 05:51


My main worriness is with the SMA, do you where can I find its "user guide"?

Thanks again, and best regards

It's located in the Support Portal. Security Management Appliance(SMA) is another name for the M-series.


1. Go to http://www.ironport.com/support/login.html
2. Log in with your Support Portal Account
3. After you've logged in, on the left side, look for "Appliance Documentation", then click on the "Email" link below that.
4. After the page loads, you'll see likes to the Security Management User Guide and the Release Notes

Security Management Appliance(SMA) is another name for the M-series.

Actions

This Discussion