Migration of ERA 5 to ESMC 7

Before the update

ESET Security Management Center (ESMC) 7 uses a different architecture from ESET Remote Administrator (ERA) version 5. It is important that existing ERA users verify that their network is ready to upgrade and that the upgrade process will not result in any loss of functionality. Consider the following before upgrading:

ESMC 7 uses a new configuration layout that is optimized for use with ESET Endpoint version 7 products. It is possible to manage ESET Endpoint version 5 products (and earlier ESET Business Edition products) using ESMC 7, but you can only manage the settings that exist in all versions. For this reason, we strongly recommend that you arrange to upgrade client workstations to ESET security products of version 7 when you upgrade to ESMC 7.

If you have password-protected settings on version 5 endpoints, we highly recommend disabling password protection before upgrading to ESMC 7.x to avoid issues during uninstallation.

Important information

When ESET Management Agent 7 is installed on a client using 5.x or earlier endpoint products, the Remote administration setting for that client is automatically changed to localhost / 2225. As a result, the client will no longer connect to your ERA 5.x server after the Agent is installed.

Limitations of migration

Only policies from the upper ERA server are migrated.

Only the policy definitions are migrated.

You need to manually assign the migrated policies to their appropriate groups after completing the migration.

The policy hierarchy is lost. If there was an override flag in your previous ERA version, this flag is converted to Force tag in the ESMC 7 policy for that same setting.

If there are settings for multiple products within a single policy in your ERA, an individual policy for each product is created in ESMC 7.

Parametric Groups, Static groups synchronized from Active Directory and tasks from earlier versions of ERA cannot be migrated to ESMC 7 due to the changes in the configuration layout. We strongly recommend that you record your policy settings for reference when upgrading to ESMC.

 

Differences between ERA 5 and ESMC 7

ESMC 7 is a new generation of remote management software. The architecture of the software was significantly improved and changed. One of the principal changes is the transition to a stand-alone Management Agent. The ESET Management Agent is a stand-alone application that connects to the <%ESCM%> Server using a proprietary, encrypted, replication protocol. Instead of Endpoint products communicating directly with ERA 5, the Management Agent communicates with the Server and manages locally installed ESET security products. Agent manages local computer settings and Third-party applications.

See the comparison of the ERA 5 and ESMC 7 architecture:

Another major change is the conversion of Web Console from a Windows application to a web application. You can view the Web Console in any compatible web browser. The ESMC Web Console can also be run on another machine, not necessarily the same as the ESMC Server is installed. See the list of critical changes in version 7 below:

Feature

<%OLD_ERA%> 5.x

<%PRODUCT_NAME%> 7

Console

Web Console (Windows application).

Web console (browser-based) with major redesign of the main menu, wizard layout, icons, one-click actions. <%PRODUCT%> Web Console requires Java/OpenJDK.

Database

ODBC-connected MSAccess (default), MSSQL, MySQL, Oracle

Ability to connect to a high availability database in a Failover Cluster and named instances.

Ransomware Shield

Not available in ERA 5.x.

Ransomware Threats are reported (as HIPS threats) from version 7 and later ESET business products.

ESET Dynamic Threat Detection

Not available in ERA 5.x.

ESET Dynamic Threat Detection integration is available with ESET version 7 business products - you can send files to ESET Dynamic Threat Detection for analysis, view file details and the results of malware analysis. You can also view a list of all files submitted to ESET servers.

Hardware inventory management

Only basic hardware information is available in computer details.

Comprehensive information about the hardware of connected devices is now available. You can create custom hardware inventory reports and custom dynamic groups based on the hardware inventory details of connected devices.

A hardware fingerprint is created for each computer with a supported OS. The fingerprint is used to identify computers after cloning.

Virtualized Environments

Not available in ERA 5.x.

Support for VDI environments, automatic detection of computer cloning and hardware changes. Systems with the non-persistent disk are supported.

Installers

Local and remote deployment options.

Ability to create All-in-one installers in the Web Console which includes only <%ESET_MNG%>  Agent.

ESET Enterprise Inspector integration

Not available in ERA 5.x.

You can resolve threats from ESET Enterprise Inspector directly from <%PRODUCT%> Web Console. Single-sign-on between EEI and <%PRODUCT%> is available.

Mobile Device Connector

Not available in ERA 5.x.

ESET Security Management Center MDM 7 allows Android Device Owner enrollment, which elevates the management privileges of ESET products. The computer details screen for mobile devices is different from the Computer details screen for managed computers.

Policies

Tree-structured policy configuration editor.

Redesigned policy editor can force/apply flags. ESET Management Agent merges policies according to a group's structure. Different ways of policy merging can be applied to the final client.

Support for Linux and macOS clients

Not available in ERA 5.x.

ESET Management Agent can be deployed on Windows, macOS, and Linux client machines.

When you have prepared your environment for the migration, start the process with the export of the database.