Database migration (Export Data)
Use the database migration (Export Data) feature of ESET Secure Authentication On-Prem 3.0 and later to:
•Move from Active Directory Integration mode to Standalone mode
•Switch from the built-in database to an external database when the Authentication Server is installed in Standalone mode
|
Supported database types; Moving from ADI mode to Standalone mode; Backing up Master Recovery Key for Windows Login Migration is possible only to supported database types. When moving from Active Directory Integration mode to Standalone mode, the information about ESA components connecting in Active Directory Integration mode is not migrated. Such components must be reinstalled using Standalone mode after the migration. The Master Recovery Key (MRK) for Windows Login can be requested after the migration. However, you should back up your MRK for Windows Login before you start the migration. |
|
Restoring an old backup The backup contains authentication counters if you use Export Data to back up the Authentication Server's data. Suppose you keep using the particular ESA instance, and later you restore the backup data or use it in a new ESA instance; the users will be able to log in using old OTPs (used before the backup). This is a security issue. |
How to export data
1.Log in to the ESA Web Console.
2.Navigate to Settings > Export Data.
3.Select a database type for Target Database Type:
▪SQLite
oCreate a directory on the computer where the Authentication Server is installed.
oType the path leading to that directory in the SQLite Directory field.
▪Microsoft SQL Server, PostgreSQL
oDefine the database connection information in the Connection string field. Click Show examples to display the correct format.
4.Click Export.
|
Two-factor authentication has to be stopped during the database migration It is essential to stop the ESACore (Authentication Server) service to avoid migration issues. Therefore, Two-Factor Authentication will not work during the migration. |
Sample scenario on moving to another deployment type (Active Directory Integration mode to Standalone mode) or database type
1.Export data.
2.Stop the ESACore (Authentication Server) service in Windows Services.
3.Install the new Authentication Server in Standalone mode:
a.In the Advanced Configuration screen, select the Database type you used when exporting data.
•SQLite
oCopy the exported database files to C:\ProgramData\ESET Secure Authentication On-Prem\db and continue the installation
•Microsoft SQL Server, PostgreSQL
oDefine the connection details of the database containing the exported data
b.Define new Web Console Administrator Account information if prompted by the installer.
c.Go through the remainder of the steps as prompted by the installer and close the installer when complete.
4.Remove the previous installation of the Authentication Server:
•Do not select Remove all program and user data including product configuration if you wanted to return to the previous installation later.
5.If Remove all program and user data including product configuration was selected in the previous step, re-activate your ESA subscription on your new Authentication Server.
6.If moving from Active Directory Integration mode, re-install all ESA Components in Standalone mode.
7.Make Certificates Trusted on computers where ESA Components are installed.
8.If old Authentication Server entries appeared in the ESA Web Console, remove them.
Sample scenario on moving the Authentication Server to another computer
Active Directory Integration mode
1.Stop the ESACore (Authentication Server) service in Windows Services
2.Install the Authentication Server to the new computer belonging to the same Windows Domain
3.Remove the old Authentication Server.
Standalone mode
1.Stop the ESACore (Authentication Server) service in Windows Services.
2.Install the new Authentication Server to the new computer:
•In the Advanced Configuration screen, select the Database type that the original installation of the Authentication Server uses:
oSQLite (built-in database):
1.Copy the content of C:\ProgramData\ESET Secure Authentication On-Prem\db directory to the target computer to the same location.
2.Define new Web Console Administrator Account information if prompted by the installer.
3.Go through the remainder of the steps as prompted by the installer and close the installer when complete.
4.In the ESA Web Console, remove the old Authentication Server entry.
oMicrosoft SQL Server, PostgreSQL
1.Define the connection string of the external database.
2.Go through the remainder of the steps as prompted by the installer and close the installer when complete.
3.Make Certificates Trusted on computers where ESA Components are installed.