5 Replies Latest reply on May 27, 2020 12:59 AM by sbenkel

    Migrate/Replace Device Services Server W2008 to a new W2016 Server -Method/HowTo?

    sbenkel Novice

      Hi lovely Community,

      I got the task to move/replace an existing Device Services Server W2008 to a new fresh installed Windows 2016 Server and want to make sure that im not missing something and im well prepared for that project. I would really appreciate your advice !

       

      Situation:

      I have an airwatch environment with the following components/versions:

      Airwatch installed in Version 18.11.0.5 (18.11)

      1x Device Services Server (is in the DMZ and from the Internet reachable) - W2008

      1 x Console Server (Internal LAN)

      1 x SQL Database Server (Internal LAN)

       

      Project:

      The goal is to replace the Device Services Server W2008 and migrate/replace it with a new and fresh installed W2016 Server also in DMZ but in a different VLAN (so the new Server will get a different IP Adress i assume). First step is just to get/replace the Device Services Server to a new Server and in the future we are going to update it.

       

      Method/Steps to do:

      Like i found already in the forum (https://communities.vmware.com/thread/625596) i would to the following steps:

       

      1. Stop services on the old W2008 server
      2. Set up Airwatch in the same version (Main Install 18.11 + Hotfix) on the new W2016 Server and than point it to the same DB Server + Set Up the same Firewall Rules for the new W2016 Server like for the W2008 Server
      3. If the connection and everything is working to the new Server (how do i check that?) than i would to the following:

                -Change the internal DNS record so that the devices will communicate over the official DNS Name with the new IP of the new 2016 Server in the Background instead of the W2008 Server (Or would you recommend to keep the same IP?)

       

      I think with this method i would set up a N+1 Scenario for the Device Services Server and than i can shut down the W2008 Server easily or? Like someone wrote everything is stored in the database so it should be no problem to set up Airwatch Device Services Server and let it point to the same DB.

       

      Do i have to install also a new SSL Cert on IIS on the new Server? Is there any other step to take care of?

      Couldn`t realy find an official Document from Airwatch for that.

       

      Thanks a lot everybody for your help !

       

      Cheers and have a lovely day

       

      Sven

        • 1. Re: Migrate/Replace Device Services Server W2008 to a new W2016 Server -Method/HowTo?
          sbenkel Novice

          Anybody out there wo could shortly check if my steps are correct? Never did all of this before and would need some expert to tell me shortly if my planning is correct or not.

           

          Thanks a lot and have a great day

           

          Sven

          • 2. Re: Migrate/Replace Device Services Server W2008 to a new W2016 Server -Method/HowTo?
            VegardAarseth Novice

            Hi.

             

            I just did this, but I put I gave the new server the same IP as the old server. That way I did not have to change DNS etc, and I could easily check if everything worked just by changing IP-adresses (i.e. I didn't have to wait for DNS to update).

             

            You will have to install the same SSL-certificate on the new server, assuming you are using the same domain name.

             

            I had to renew our Apple tokens (DEP and VPP) for it to work on the new server.

            • 3. Re: Migrate/Replace Device Services Server W2008 to a new W2016 Server -Method/HowTo?
              sbenkel Novice

              Hi VegardAarseth,

               

              thanks for your reply! So it is absolutely neccesary to renew the DEP & VPP on the new Server?

              Thanks for the hint & your comment

               

              Best wishes

               

              Sven

              __

              UPDATE:

              My Colleague told me that the VPP/DEP Token is also stored in the SQL Database. So there is normaly no need to exchange the certificates when there is an additional Device Services Server added or migrted. (Even when the new Server has new IP/Name)

               

              Important is that you import the SSL Certificates from the old Server and that the site URL for the DSS is matching the new Server (You find the settings under Groups & Settings - All Settings - System - Advanced - Site URL). The new DSS installation should of course have the same Airwatch version than the old DSS. Thats all i think.

               

              Best wishes

               

              Sven

              • 4. Re: Migrate/Replace Device Services Server W2008 to a new W2016 Server -Method/HowTo?
                RogerDeane Enthusiast
                VMware Employees

                Sven,

                 

                Please check out this forum entry  Moving to new UEM server .   LukeDC outlined a very good list of things to consider plus there are some links to document about load balancing.   You can do this multiple ways:

                 

                1. Rip and Replace the server with the new one, give it the same IP.  Your DS will be down for a while during the transition but that shouldn't be an issue at least for the device users.

                2. Keep the existing server running. Stand up a new DS server on 2016 with a different IP.   When you are ready, change the DNS entries to point to the new server's IP.   Once you confirm everything is working you can shut down the original server.

                3. Like #2, keep the original running and setup a new server.   Stand up a load balancer that points to both servers using the guidelines in the HA document.   Change the DNS entry for DS to point to the VIP of the load balancer.   When you are happy things are working, shut down the 2008 server and possible stand up a 2nd 2016 server behind the load balancer.

                 

                As was mentioned in the other post, the DS and other servers are just application servers.   All of the data is in the SQL DB so you can add/remove application servers as you see fit.   You just need to make sure all the certificates are correct and all the connections through various firewalls are correct.

                 

                Hope that helps!

                 

                Roger

                1 person found this helpful
                • 5. Re: Migrate/Replace Device Services Server W2008 to a new W2016 Server -Method/HowTo?
                  sbenkel Novice

                  Thank you so much RogerDeane! That helped a lot! Im right now setting up everything.

                  It´s my first migration of that kind. So thanks again for the help!