VMware Workspace ONE Community
VegardAarseth
Enthusiast
Enthusiast

Moving to new UEM server

I need to move from our old 2012 (not R2) server to a new one (2016).
Both have the same version of the console and both are linked to the same database. SSL-certificate for the domain is installed and everything looks ok.


The plan is to turn off the old one and then change the IP on the new one to the IP of the old one. So that mdm.ourdomain.com points to the new server.
Will this work? Am I missing something?

Labels (2)
14 Replies
LukeDC
Expert
Expert

That sounds good here. The console and DS are simply application servers, so just install the console and start it up once you change the IP address.

Reply
0 Kudos
VegardAarseth
Enthusiast
Enthusiast

Thank you.

I did a quick test earlier. (Changed the IPs) and I could send messages, profiles etc to my devices. Great.

But when I opened the intelligent hub on my ipad, I was asked to log in (they are DEP-enrolled, so the users never know the username and password).
Also, about 100 devices were stuck on the first page of the device list view. Every one of them had "last connection 1ms ago". Very weird..

So I got cold feet and changed back to the old server. I than removed and re-installed intelligent hub on my device and I was logged in again.

Not sure if I should just commit to the new server and maybe update the console / application version from 1907 to something newer and hope that solves the issues.

Reply
0 Kudos
LukeDC
Expert
Expert

I guessing you had caching issues on the devices. Cookies were probably generated and the sessions were ended prematurely. Do you only have one server in this setup? Or are you using a load balancer with several?

Reply
0 Kudos
VegardAarseth
Enthusiast
Enthusiast

Yes, we only have one server that acts as a console and application server. The plan is to spin up another vm once the migrations is complete, than put both behind netscaler. I can find very little information on how to set up multiple servers and load balancing. I asked support how I could do the migration and how I should set up the load balancing, but they said I had to pay for that service.

If you have any suggestion to how I should do this, that would be much appreciated.

-Vegard

Reply
0 Kudos
RogerDeane
VMware Employee
VMware Employee

Vegard,

You should be able to move to a new server without issue.   As mentioned, the Console/DS/API/etc.. servers are just application servers, all of the important information is in the database.  Make sure that the new server has the same access to all the resources that the old server had and all the firewall rules are in place to allow for communication.   Are you using Workspace ONE Access and if so is it in SaaS or On-Prem?  You need to make sure that Access and UEM on the new server can communicate using APIs, again going back to communications and firewall rules.   Here are some resources that address your questions about load balancing.

Guide in product documentation for HA:

High Availability Support for Workspace ONE UEM Components

Reference Architecture on Tech Zone:

https://techzone.vmware.com/vmware-workspace-one-and-vmware-horizon-reference-architecture

Roger

LukeDC
Expert
Expert

The parts you want to pay attention to are cookie persistence when using a load balancer. That gives me a headache if the LB admins don't get it set right. RogerDeane​ beat me to posting the doc's on HA. They are useful and pretty straight forward. Since you are using an all-in-one type setup it should be fairly easy. Also not, the Device Scheduler service will only run on one server at a time, so whatever server it starts up on first will be the active one. It will attempt to load on the other and fail. That is by design as well.

VegardAarseth
Enthusiast
Enthusiast

Thank you so much for your help! 🙂

Since the new server will have the same IP and DNS-name as the old one, all the firewall rules will work as before.  We don't use WS1 Access.

The plan is to use Netscaler as a load balancer in front of the two servers for Device Service (port 443) and AWCM (port 2001). Does that sound correct?
What do you use?

When upgrading multiple server, is there a specific procedure to follow? Or do you just turn off the services on both and do the upgrade on both at the same time?

-Vegard

Reply
0 Kudos
LukeDC
Expert
Expert

So for my upgrades I follow this basic structure where stopping any writes to SQL is the priority goal during the dB update:

  1. Distribute the installation files
  2. Stop IIS, this stops outside/inside communications
  3. Take a snapshot or run a SQL backup depending on your preference. Key is to have. a backup of SQL prior to starting.
  4. Snapshot your Application server if possible
  5. Run the Application installer on your server until it tells you to stop and go work on your dB
  6. Drop all connections to your SQL database by taking it offline and the back online to be safe
  7. If you are using ETL (connector for intelligence) make sure to stop that as well
  8. Once you have all the connections dropped, Run the SQL DB installer
  9. If the dB install was a success, say yes on the application server and let the install complete
    • you may have to restart server(s) based on the installer and requirements
  10. Start IIS again if it is not started
  11. Now login to your console (which may seem slower than usual after an update due to SQL doing it's ramp up)
  12. That wraps up your install

I do the following after each install for testing

  1. enroll a device(s) based on your use cases
  2. send some commands like a lock etc to verify things are active
  3. I also look at my device list view and see if devices are checking in
  4. Do some of your daily activities to try and stave off any complaints before actual admins and users come back into play

If you use other components like an ACC, tunnel etc then you can move forth to update/check on them for needed updates. The components usually can wait a bit if you are not in a rush.

RogerDeane​ was my mentor back in the day, so I have been successful with my updates using this process.

Of course you may run into kinks and general strange occurrences during your install. There are also many requirements needing to be met in any upgrade. Make sure to read the release notes before starting etc. Server requirements do change on occasion. New versions of .Net etc will be needed and installed for you, etc.

RogerDeane
VMware Employee
VMware Employee

Great process LukeDC​!   I would add one step between 5 and 6 (it is optional but has saved me a ton of time).    After stopping all the services and before launching the DB installer I go to the DB server and take the DB offline, being sure to check the box to disconnect any active connections.   This usually only takes a few seconds.   Once that is complete, bring it back online.   I'm sure there is a cleaner way to drop any active connections but this works for me.   If there are any lingering connections the DB installer may take a very long time as it attempts to get locks on tables.   Also note that if you are using the Dell Factory Provisioning service or the Intelligence ETL connector service you will have to stop these manually as the application installer will not stop them.

Roger

LukeDC
Expert
Expert

Yes, yes. I will add that in. Forgot about ETL. And dropping connections is also a great way to go.

Reply
0 Kudos
VegardAarseth
Enthusiast
Enthusiast

Thansk for all the input.

I did the "switch" and almost everything seems to work great. The only problem I'm having is enrolling Android Work devices. I scan the QR code and the device gets enrolled, it shows up in the console and it downloads the apps. But It's stuck at the "Please wait while we process the enterprise EULA" and I can briefly see this message "Unable to reach console for license key".

I've searched the KB and found a couple of "resolutions", but nothing has worked so far. It's a Samsung Xcover 4 that is locked down with the launcher. Everything except the launcher gets installed and the hub will not go past the EULA process..


Any suggestions?

I installed the latest patch to the 1907 version. I was planning to upgrade to 2001, but I want to wait until everything works on the old version after  the server migration.

-Vegard

Reply
0 Kudos
HimanshuMishra
Enthusiast
Enthusiast

Hi Vegard,

I am also planning to move servers from 2012 to 2016. Can you please share the steps/documentation to migrate the servers. We are running 1907 and will be performing a cut-over migration. We have 2 web and 2 DS servers. We will be adding another DS after the migration. I have upgraded the existing servers before but never migrated them. So looking for all the help I can get.

Thanks,

Manshu

Reply
0 Kudos
LukeDC
Expert
Expert

Hi! Sounds like you probably have a load balancer involved here. If you do you can easily just set up your 2016 servers and add them to the pool(s). Then when you're satisfied they are working fine, remove the 2012 servers from the pool. Not really migrating at all. Done this a few times with success.

VegardAarseth
Enthusiast
Enthusiast

I've contacted support regarding the issues.

I've found two more.

AWCM services stops (Same issue on the old server).
I can't remove og change DEP-profiles.

Reply
0 Kudos