Lift & Shift? - Airwatch SEG 8.4 -> 2.18

I'm looking for advice on how to install a supported Airwatch SEG version. We have a couple of things at play:

1) I'm a sysadmin whose responsibilities don't include AirWatch - that's the domain of our security guy. I can bumble my way around the interface however.

2) We run AirWatch SEG 8.4.7 on Windows 2008 (virtualized). We sign into the Workspace UEM via. LDAP integration. No judgement please 🙂

What I would like to do is: Build a new Windows 2019 server (virtual) and install SEG 2.18 on it. (v. 2.18 is what my security guy provided me with, although I know there's at least 2.19 out now). Do a planned cutover - remove the [current/old] SEG server and put the new one in place. Make sure the URLs, MEM config, etc are the same, which should result in a seamless transition for our users (~150).

I did a mock cutover one evening last month and had big problems.

I build a new 2019 server with SEG 2.18. I setup a separate MEM with a separate namespace ( I had a couple of Helpdesk staff test against this new profile, and everything seemed great. One evening, I shutdown the old server, moved the new one into production (mirroring IPs, servername, certificates, etc) and recreated our production MDM config. A test connection was successful, however, I couldn't authenticate to Workspace UEM with my LDAP creds.  My security guy suggested installing the Cloud Connector (21.2), but when we did that, email flow quit working (as verified by 'test connection'). We couldn't get LDAP & email working simultaneously, so I deleted the new VM, and brought our old server back online.

I'm hoping that the community can either point out a solution (or troubleshooting suggestions), or if the above plan is against best practices, give me some guidance on how I can upgrade both the underlying OS and SEG.


Labels (1)
0 Kudos
1 Reply

I'll reply to my own post 🙂

I redid all the steps of building a fresh SEG server:

- install the OS & prerequisites

- install SEG

- install the certificate

- install cloud connector

And redid the migration:

- powered down the old SEG

- mapped the IP/name onto the new SEG

- checked that cloud connector was working

- created new MEM profile (v2), tested it worked & set as default

- disabled the old MEM

- confirm clients were receiving mail.


Everything worked properly this time. I'm not sure what the problem really was on the first attempt.

0 Kudos