Data Migration to Rehost a Matched Version Instance of ExtremeCloud IQ Site Engine

You can migrate data across the same version of ExtremeCloud IQ Site Engine to a new instance running on a new host. Use this procedure if you need to migrate your data across the matched version of ExtremeCloud IQ Site Engine 24.7 or later. Use this procedure for scenarios such as migrating from VM to physical, from physical to virtual, for a host OS change, or to migrate to a new host on a different network environment or location.

If you need to migrate data from an old version to a new version of ExtremeCloud IQ Site Engine for an upgrade, go see MySQL to PostgreSQL Data Migration (For Upgrades from ExtremeCloud IQ Site Engine 24.2 to 24.7 or up to 25.8)

Data Migration Steps:

  1. Ensure you have a backup of the ExtremeCloud IQ Site Engine configuration with Administration > Backup/Restore.

  2. Install a new ExtremeCloud IQ Site Engine, use the ExtremeCloud IQ Site Engine Suite Installation procedure.

  3. Complete the installation wizard. If you need original values then check these files in your migration source:
    /usr/postinstall/dnetconfig.properties
    /usr/postinstall/snmpconfig.properties

  4. Copy the backup to the new installation.

  5. Restore the backup onto the new system through CLI, see Restoring the Database Using the CLI.

  6. As necessary, re-create local accounts in the Operating System of the new installation. The local accounts defined in the Operating System are not part of the backup.
    For reference, the /etc/passwd file contains local accounts known to the operating system.

  7. If SCP is used for inventory manager, copy the SSH keys and settings with the command:
    sudo scp -r root@<IP-of-the-source>:/etc/ssh /etc/

  8. Copy additional files from the source instance that are not part of the backup:

    • Custom Mibs (~/NetSight/appdata/System/mibs/MyMibs)

    • TFTP Firmware files (path is defined in Administration > Options > Inventory Manager > File Transfer)

    • FTP Firmware files (path is defined in Administration > Options > Inventory Manager > File Transfer)

    • SCP Firmware files (path is defined in Administration > Options > Inventory Manager > File Transfer)

    • SFTP Firmware files (path is defined in Administration > Options > Inventory Manager > File Transfer)

    • Licenses (~/NetSight/appdata/license)

    • Events/logs (the path is in Alarms & Events > Event Configuration > Event Logs)

    • TFTPd settings (~/NetSight/services/nstftpd.cfg)

    • SNMPtrapd settings (~/NetSight/appdata/snmptrapd.conf)

    • NAT config settings (~/NetSight/appdata/nat_config.txt)

    • Custom CLI scripts (~/NetSight/appdata/CommandScriptTool/overrides)

    • Custom FlexViews not part of the VendorProfiles (~/NetSight/appdata/System/FlexViews/My FlexViews)

    • Logs (~/NetSight//appdata/logs and all subdirectories)

  9. Check and transfer any custom modifications you might have in:

    • NSJBoss.properties (~/NetSight/appdata/NSJBoss.properties)

    • snmptrapd.conf (~/NetSight/appdata/snmptrapd.conf)

    • If you customized the file ~/NetSight/services/nstftpd.cfg. Verify it matches the Firmware Directory Path specified in the TFTP Transfer Settings option in Inventory Manager (Tools > Options > Inventory Manager > File Transfer Settings > TFTP Transfer Settings).

  10. Check for and transfer over any other customizations, such as custom scripts in the file system.

  11. Configure the server certificate trust mode on the ExtremeCloud IQ Site Engine to handle the certificates it receives from other servers. Required if you have Access Control Engines or Application Analytics Engines or connect to LDAP servers, and you want the server certificate trust mode to be "Locked." For more information, see the Server Certificate Trust Mode section of the ExtremeCloud IQ Site Engine and ExtremeControl Secure Communication Help topic.

    1. Configure the ExtremeCloud IQ Site Engine with the Server Certificate Trust Mode set to "Trust All" (the default). Trust All avoids certificate trust problems while the server is being configured.

    2. Once the server is configured and communicating with other servers and engines as necessary, you can transition the Server Certificate Trust Mode to "Trust And Record" where the server learns the certificates it expects to receive, and then transition to "Locked" when the certificate learning is completed.

Reinstall the Instance of Access Control Engine

You can use the following procedure for replacing an Access Control Engine. For example, to migrate from a physical server to a hypervisor-based deployment, to perform a clean Operating System installation after a security incident, or to skip multiple inline version upgrades.

The new Access Control Engine will obtain the original configuration from the ExtremeCloud IQ Site Engine if the IP address of the new Access Control Engine matches the decommissioned original Access Control Engine.

Reinstall Steps:

  1. Install a new Access Control Engine. For more information, see the procedure in the ExtremeControl Engine Configuration chapter of the ExtremeCloud IQ Site Engine, ExtremeControl, and ExtremeAnalytics Virtual Engine Installation Guide.

  2. Complete the installation wizard. If you need the original configuration values, check the /user/postinstall/network.properties file from your original Engine.

  3. If access to the Operating System is not managed by ExtremeCloud IQ Site Engine, manually recreate the local accounts in the Operating System. The Operating System accounts are only part of the ExtremeCloud IQ Site Engine configuration if the accounts were created in Control > Access Control > Engine Settings > Global & Engine Settings > Engine Settings > Network Settings > Manage SSH Configuration. For reference, the /etc/passwd file contains local accounts known to the Operating System. This scenario also applies to the NTP, SNMP, and DNS settings.

  4. If your system does not use the default web credentials in Control > Access Control > Engine Settings > Global & Engine Settings > Engine Settings > Credentials > Admin Web Page Credentials, then configure the new credentials with /opt/nac/configWebCredentials <username> <password>.  If the password contains special characters, you must enclose the entire password in single quotes  /opt/nac/configWebCredentials <username> '<password>'. Activate the new credentials with nacctl restart.

  5. Ensure the ExtremeCloud IQ Site Engine with the Server Certificate Trust Mode is in the default setting of "Trust All".

  6. After the Access Control Engine establishes a connection to ExtremeCloud IQ Site Engine, then enforce your settings from Control > Access Control > Engines > All Engines.

  7. If you had a non default Server Certificate Trust Mode, you can restore your previous Server Certificate Trust Mode settings now.