VMware Workspace ONE Community
BentonRolfes
Contributor
Contributor
‎06-26-2019 02:05 PM

SEGv1 and SEGv2 running together

We are running the SEGv1 on an internal server right now. However, we will be moving that to a different server in our DMZ with the implementation of SEGv2. My question is can the SEG and SEGv2 be run in tandem or do we have to cut straight over to SEGv2?
Labels (1)
Labels
0 Kudos
6 Replies
ChristophBaecke
Contributor
Contributor
‎06-27-2019 03:37 AM

You can run them parallel, even on the same Windows Server as long as they are not using the same port. Just add a second SEG-Config accordingly

The ' switch'  for the users happens once and when you change the specific profiles/Boxer-Configs to the SEG2-URL and port.
0 Kudos
chengtmskcc
Expert
Expert
‎06-27-2019 06:12 AM

Christoph is spot on. That's how I handled my migration from SEG to SEG v2.
0 Kudos
BentonRolfes
Contributor
Contributor
‎06-27-2019 06:21 AM

Thanks, gentlemen! Just to recap, I can add a second SEG config for v2. Then, when we're ready to switch over, I just make the appropriate changes in the Boxer profile through the Airwatch console?

Do you have any worthwhile tips or tricks I should keep in mind on this migration?
0 Kudos
ChristophBaecke
Contributor
Contributor
‎06-27-2019 07:09 AM

You should keep in mind that individual settings in Boxer might get wiped instead of simply committing the URL-Change, as the old configuration gets removed before the new one gets pushed. Or having endusers to re-enter their AD-Credentials on the device after the change make the helpdesk explode. So you should check the behaviour before.

My initial post describes a good way, to migrate over time by enrolling new users to SEGv2.

For example, you could run the SEGv2 in parallel on a different machine with a different host name (seg2.domain.com), do some testing with a couple of devices and then simply change your external and Split-DNS-Records for the old SEG to the new SEGv2. In that case you woudln`t need to touch any profiles/boxer-configs at all.

Although it sounds quite simple, there are things that might go wrong depending on you individual settings, if clusterig is in place, cert base auth, SMIME, bazillion numbers of users and differen devices/Operating systems.

However, being able to switch back to the classic SEG - just in case things go south - is a good safetynet. Test it (per Device-Type/OS) and migrate users in smaller Chunks. Different devices might behave different.
0 Kudos
Stansfield
Enthusiast
Enthusiast
‎06-27-2019 08:25 AM

You do not need to do a gradual transition to be able to switch back to classic, if you switch to v2 in the config and it does not work just switch the config and server back the devices will not care (assuming you use the same server) the only thing they will see is downtime.  As a reminder SEG v2 must go on its own server it can no longer live on the DMZ like SEG v1 could (although frankly that was always inadvisable anyways) Be sure your ens server is proprerly configured for the new server if you were using any SEG proxying components (I am not familiar with this part just have seen notices about it in updates).  Note I am assuming you tested this in a replicated setup in your test environment before doing so in Prod.
0 Kudos
BentonRolfes
Contributor
Contributor
‎06-27-2019 08:58 AM

Do I need to make any settings/configuration changes in our Airwatch Console prior to installing SEGv2?


0 Kudos