Migrating Client Security topologies
Applies To: Forefront Client Security
After you deploy Client Security to your organization, it may become necessary to change the deployed topology or to move components from one computer to another. This is called migrating the Client Security components. Migration could be necessary for performance reasons or to recover from a hardware failure.
The migration to a new Client Security topology involves installing the required Client Security components on the target server, transferring data stored on the source server to the target server, and then removing the Client Security components from the source server.
Prior to beginning the migration process, you must choose your target topology. For more information about Client Security topologies, see Choosing your topology in the Planning and Architecture Guide (https://go.microsoft.com/fwlink/?LinkId=91871).
If the migration to your new topology requires that more than one Client Security component is migrated, the components must be migrated in the following order:
Collection database component
Collection server component
Reporting database component
Reporting server component
Distribution server component
Management server component
For example, if migrating from a two-server topology to a four-server topology, you need to migrate the collection server, collection database, reporting server, and reporting database components. The correct order for this migration would be to migrate the collection database component first, followed in order by the collection server, the reporting database, and finally the reporting server.
Client Security supports migration from smaller topologies to larger topologies; migrating from a larger topology to a smaller topology is not supported and requires re-installing Client Security.
Note
Changing the installation language of Client Security during migration is not supported. To change the installation language of Client Security, you must uninstall Client Security and re-install it in the chosen language.
You must identify the Client Security components installed on each source server before beginning the migration. Additionally, you should prepare the target servers with the appropriate prerequisites prior to beginning the migration process. For more information, see Verifying your system requirements.
Important
You must install the same edition and version of prerequisite software on the target servers that is installed on the source servers.
Important
Before you begin the migration procedures, it is highly recommended that you back up all non–Client Security data on all Client Security servers affected by this migration.
Determining your migration path
When determining which Client Security components to migrate, you must first determine your source topology and your target topology. Then you must determine which Client Security components you are migrating from the source servers, as well as the target servers for these components in the target topology.
Important
When you select or configure target computers for the migration, it is very important to consider the system requirements and recommendations for each Client Security component. Do not migrate Client Security components to computers that do not satisfy the hardware recommendations for the combinations of components to be installed.
Consider, for example, a single-server topology.
.gif "Client Security Single-server topology")
When you migrate this topology to a three-server topology, the following occurs:
The distribution server component is migrated to its own server.
The reporting database component is migrated to its own server.
.gif "Client Security Three-server topology")
The remaining components stay on the third, original server. Thus you migrate two components when migrating to a three-server topology.
Migration checklist
To facilitate the migration process, it is highly recommended that you collect information about your current topology and the target topology. This includes information about service accounts used by Client Security.
The following is a table to record information prior to beginning the migration
| Component | Source server | Target server |
|---|---|---|
Collection database |
|
|
Collection server |
|
|
Reporting database |
|
|
Reporting server |
|
|
Distribution server |
|
|
Management server |
|
|
Management group name |
|
|
Additionally, the steps for migrating each component include instructions to retrieve the account names for Client Security accounts. The following table provides a location to record these.
| Account | Account name |
|---|---|
DAS account |
|
DTS account |
|
MOM action account |
|
Reporting account |
|