ESET Online Help

Search English
Select the topic

Database migration (Export Data)

Use the ESET Secure Authentication On-Prem 3.0 and later database migration (Export Data) functionality to:

Move from Active Directory Integration mode to Standalone mode

Switch from a built-in database to an external database when the Authentication Server is installed in Standalone mode


note

Supported database types; Moving from Active Directory Integration mode to Standalone mode; Backing up Master Recovery Key for Windows Login

Migration is only available for supported database types.

When moving from Active Directory Integration mode to Standalone mode, the information about ESA components connecting in Active Directory Integration mode is not migrated. These components must be re-installed using Standalone mode after the migration is complete.

Master Recovery Key (MRK) for Windows Login can be requested after the migration. Back up your MRK for Windows Login before you start the migration.


important

Restoring an old backup

If you use Export Data to back up the Authentication Server's data, the backup contains authentication counters. Suppose you keep using the specific ESA instance, and later you restore the backup data or use it in a new ESA instance; the users will be able to log in using old OTPs (used before the backup). This is a security issue.

How to export data

1.Log in to the ESA Web Console.

2.Select Settings > Export Data.

3.Select a database type for Target Database Type:

SQLite

oCreate a directory on the computer where the Authentication Server is installed.

oType the path leading to that directory in the SQLite Directory field.

Microsoft SQL Server, PostgreSQL

oDefine the database connection information in the Connection string field. Click Show examples to display the correct format.

4.Click Export.


note

Two-factor authentication is inactive during database migration

It is essential to disable the ESACore (Authentication Server) service to avoid migration issues. Because of this, two-factor authentication will not work during the migration.

Sample scenario for moving to another deployment type (Active Directory Integration mode to Standalone mode) or database type

1.Export data.

2.Stop the ESACore (Authentication Server) service in Windows Services.

3.Install the new Authentication Server in Standalone mode:

a.In the Advanced Configuration screen, select the Database type you used when exporting data.

SQLite

oCopy the exported database files to C:\ProgramData\ESET Secure Authentication On-Prem\db and continue the installation

Microsoft SQL Server, PostgreSQL

oDefine the connection details of the database containing the exported data

b.Define new Web Console Administrator Account information if prompted by the installer.

c.Navigate through the remaining steps as prompted by the installer and close the installer when complete.

4.Remove the previous installation of the Authentication Server:

Do not select Remove all program and user data including product configuration if you want to return to the previous installation later.

5.If Remove all program and user data including product configuration was selected in the previous step, re-activate your ESA license on your new Authentication Server.

6.If moving from Active Directory Integration mode, re-install all ESA Components in Standalone mode.

7.Make the new Authentication Server certificates trusted on computers where ESA Components are installed.

8.If old Authentication Server entries appear in the ESA Web Console, remove them.

Sample scenario on moving the Authentication Server to another computer

Active Directory Integration mode

1.Stop the ESACore (Authentication Server) service in Windows Services

2.Install the Authentication Server to the new computer belonging to the same Windows Domain

3.Remove the old Authentication Server.

Standalone mode

1.Stop the ESACore (Authentication Server) service in Windows Services.

2.Install the new Authentication Server to the new computer:

In the Advanced Configuration screen, select the original Authentication Server installation Database type:

oSQLite (built-in database):

1.Copy the content of the C:\ProgramData\ESET Secure Authentication On-Prem\db directory to the target computer to the same location.

2.Define new Web Console Administrator Account information, if prompted by the installer.

3.Navigate through the remaining steps as prompted by the installer and close the installer when complete.

4.In ESA Web Console, remove the old Authentication Server entry.

oMicrosoft SQL Server, PostgreSQL

1.Define the external database's connection string.

2.Navigate through the remaining steps as prompted by the installer and close the installer when complete.

3.Make the new Authentication Server certificates trusted on computers where ESA Components are installed.