EDR: How to migrate endpoints from one server or cluster to another 6.3.X and Lower
search cancel

EDR: How to migrate endpoints from one server or cluster to another 6.3.X and Lower

book

Article ID: 290750

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

Relocate (migrate) endpoint records from one EDR server or cluster to another. 

Environment

  • EDR (Formerly CB Response) Server: 6.0 - 6.3.x

Resolution

  • Original server/cluster:  server1
  • New server/cluster:  server2
  1. Migrate certificates from server1 to server2.
    1. Log into the command line interface for server2 master node
    2. Backup the original sensor certificates:
  • server2# cp /etc/cb/certs/cb-client-ca.crt /etc/cb/certs/cb-client-ca.crt.orig
server2# cp /etc/cb/certs/cb-client-ca.key /etc/cb/certs/cb-client-ca.key.orig
  1. Backup the original server certificates: 
    • server2# cp /etc/cb/certs/cb-server.crt /etc/cb/certs/cb-server.crt.orig 
server2# cp /etc/cb/certs/cb-server.key /etc/cb/certs/cb-server.key.orig
  2. Copy the certificates files from server1 to server2, where <user> is a valid user such as root
  • server2# scp <user>@server1:"/etc/cb/certs/cb-client-ca.crt /etc/cb/certs/cb-client-ca.key /etc/cb/certs/cb-server.crt /etc/cb/certs/cb-server.key" /etc/cb/certs/
  1. Update the new certificate's permissions 
    • server2# chmod 644 cb-server.* cb-client-ca.*
server2# chown root:cb cb-server.* cb-client-ca.*
  2. Repeat steps 1-5 for each node on server2
  1. Migrate endpoints from server1 to server2
    1. Log into the server1 EDR web interface
    2. Create a new sensor migration group
      1. Click Sensors > New Group
      2. Provide a group name and use the sensor Server URL and port from server2
      3. Click "Create Group"
    3. Move the migrating endpoints into the new sensor group
      1. Click Sensors
      2. Check the checkbox next to the names of the endpoints to be migrated
      3. Click Actions > Move to Group
      4. Select the newly-created sensor group
    4. The endpoints in the new sensor group will be directed to send data to server2 at the next check-in

Additional Information

  • It is best practice to move a test sensor to the migration group before migrating all sensors to the group
  • If the certs did not match during the destination server's original installation, any sensor groups that were created before the certificate update will need to have their group certificates revoked. Any sensors previously checking into a group that has the certificate revoked will need to be re-installed in order to receive the new group certificate.
  • Other methods besides scp can be used to transfer the files from server1 to server2
  • If an endpoint fails to check into the new server and sensor logs show check-ins returning 400 errors, most likely the destination servers group certificates were not revoked
Powered by Wolken Software