Migrate a Discover appliance

When you are ready to upgrade your existing Discover appliance, you can easily migrate to a new hardware without losing business critical metrics and time-consuming system configurations.

The following customizations and resources are not saved when you create a backup or migrate to a new appliance.

  • License information for the appliance. If you are restoring settings to a new target appliance, you must manually license the new appliance.
  • Metrics stored on the local datastore. If you are restoring a backup file to the same appliance that created the backup, and the datastore is intact, existing metrics are retained.
  • Precision packet captures. You can download saved packet captures manually by following the steps in View and download packet captures.
  • When restoring a Command appliance that has a tunneled connection from a Discover appliance, the tunnel must be reestablished after the restore is complete and any customizations on the Command appliance for that Discover appliance must be manually recreated.
  • User-uploaded SSL keys for traffic decryption.
  • Secure keystore data, which contains passwords. If you are restoring a backup file to the same appliance that created the backup, and the keystore is intact, you do not need to re-enter credentials. However, if you are restoring a backup file to a new appliance or migrating to a new appliance, you must re-enter the following credentials:
    • Any SNMP community strings provided for SNMP polling of flow networks.
    • Any bind password provided to connect with LDAP for remote authentication purposes.
    • Any password provided to connect to an SMTP server where SMTP authentication is required.
    • Any password provided to connect to an external datastore.
    • Any password provided to access external resources through the configured global proxy.
    • Any password provided to access ExtraHop Cloud services and Atlas services through the configured ExtraHop cloud proxy.
    • Any secret key provided to configure Microsoft Azure and Amazon AWS Open Data Stream targets.

Before you begin

Important:If the source appliance has an external datastore and the datastore is configured on a CIFS (SMB) server requiring password authentication, contact ExtraHop Support to assist you with your migration.
  • Source and target appliances must be running the same firmware version.
  • Migrate only to same-edition appliances, such as Reveal(x). If you need to migrate between editions, contact your ExtraHop sales team for assistance.
  • Supported migration paths are listed in the following table.
Table 1. Compatibility Matrix
Source Appliance Target Appliance
  EDA 6200 EDA 8200 EDA 9200 EDA 10200
EH3000 YES YES YES YES
EH6000 YES YES YES YES
EH8000 NO YES YES YES
EDA 1100 YES YES YES YES
EDA 3100 YES YES YES YES
EDA 6100 YES YES YES YES
EDA 8100 NO YES YES YES
EDA 9100 NO NO YES YES
EDA 6200 NO YES YES YES
EDA 8200 NO NO NO YES
EDA 9200 NO NO NO YES
EDA 10200 NO NO NO NO

Prepare the source and target appliances

  1. Follow the instructions in the deployment guide for your appliance model to deploy the target appliance.
  2. Register the target appliance.
  3. Make sure that the target and the source appliance are running the exact same firmware version. You can download current and previous firmware from the ExtraHop Customer Portal.
  4. Choose one of the following networking methods to migrate to the target appliance.
    • (Recommended) To complete the migration in the fastest time possible, directly connect the appliances with 10G interfaces or configure a bond of available 1G interfaces. With the appropriate network cables, directly connect the available port or ports on the source appliance to similar ports on the target appliance. The figure below shows an example configuration with bonded 1G interfaces.

      Important:Make sure that your IP address and subnet configuration on both appliances route management traffic to your management workstation and migration traffic to the direct link.
    • Migrate the appliance over your existing network. The source and target appliance must be able to communicate with each other over your network. Note that migration might take significantly longer with this configuration.

Start the migration

Migration can take several hours to complete. During this time, neither the source nor the target appliance can collect data. The migration process cannot be paused or canceled.

  1. Log into the Admin UI on the source Discover appliance.
  2. In the Network Settings section, click Connectivity.
  3. Write down the IP address of the management interface, DNS servers, and any static routes. You will configure these settings on the target appliance after the migration completes.
  4. In the Appliance Settings section, click Appliance Migration.
  5. In the Target Appliance field, type the IP address of the interface you configured for migration on the target appliance.
  6. In the Setup User Password field, type the password of the setup user on the target appliance. The default password is the system serial number of the target appliance.
  7. Click Continue.
  8. On the Confirm Fingerprint page, make sure that the fingerprint that appears on this page exactly matches the fingerprint that appears on the Fingerprint page in the Admin UI on the target appliance. If the fingerprints do not match, make sure that you specified the correct hostname or IP address of the target appliance that you entered in step 5.
  9. Click Start Migration.
    Wait for the migration success message to appear, which can take several hours. During the migration, the Web UI and Admin UI on the target appliance is inaccessible. If you inadvertently close the Appliance Migration Status page on the source appliance, you can return to https://<source hostname>/admin/appliance_migration_status/ to continue monitoring the migration.

    If the migration fails for any reason, restart the migration. If the migration continues to fail, contact ExtraHop Support for assistance.

    Note:The target appliance automatically reboots after the migration completes.
  10. Click Shut Down to power off the source appliance.
    Important:To prevent appliance ID conflicts, do not power on the source appliance while it is connected to the same network where the target appliance is located unless you reset the appliance through the ExtraHop Rescue Media.

Configure the target appliance

If appliance networking is not configured through DHCP, make sure connectivity settings are updated, including any assigned IP addresses, DNS servers, and static routes. Connections to Command, Explore, and Trace appliances on the source appliance are automatically established on the target appliance when network settings are configured.

  1. Log into the Admin UI on the target appliance.
  2. In the Network Settings section, click Connectivity.
  3. In the Interfaces section, click the management interface (typically interface 1 or interface 3, depending on the appliance type).
  4. Type the IP address of the source appliance in the IPv4 Address field.
  5. If static routes were configured on the source appliance, click Edit Routes, add any required route information, and then click Save.
  6. Click Save to save the interface settings.
  7. If you had to change any interface settings to perform the migration with bonded interfaces, make sure that the interface modes are configured as you expect them to be.
  8. Restore any additional settings that are not automatically restored.
Published 2019-06-12 14:47