HOW TO: Migrate SGE/SDE Policy Editor to a new server

  • Article ID: 114271
  • Updated: 04 Dec 2014

This article explains how to migrate SafeGuard Easy (SGE) or SafeGuard Disc Encryption (SDE) Policy Editor v. 5.x and above, to a new machine. 

Known to apply to the following Sophos product(s) and version(s)

Sophos SafeGuard Disk Encryption
SafeGuard Easy

What To Do

1. Back up SafeGuard certificates

  1. On the existing (old) server, click Start | All Programs | Sophos | SafeGuard | SafeGuard(R) Policy Editor and sign on as the Security Officer.
  2. Select Tools | Options | Certificates.
  3. Click on 'Export' for Company Certificate, and you will be prompted to define a password to secure the file. (optional step but recommended)
  4. Select a destination to save the file to.
  5. Repeat the process from point 3 to save the certificate of the Security Officer.

2. Back up the SafeGuard database

  1. On the existing (old) server, in the Policy Editor, browse to Tools | Options | Database backup/restore.
  2. Click on Backup database.
  3. Click Yes to the prompt
  4. The database will be stored in the path specified on the tab:

     5. Close the Policy Editor

3. Restore the SafeGuard database to the new server. (Perform these steps on the new server.)

Restore the database through the SQL Management Studio GUI:

  1. Install a supported version of SQL Server and SQL Server Management Studio.
  2. Open the SQL Server Management Studio and connect to the installed instance.
  3. Right-click 'Databases' and select 'Restore Database...'
  4. Under the section 'Destination for restore', in the 'To database:' type 'SafeGuard'
  5. Under the section 'Specify the source and location of backup sets to restore', enable the radio button for ''From Device' and click on the '...' button
  6. Click 'Add'.
  7. Locate the SGNDBBackup.bak file from the previous Policy Editor and click OK.
  8. Click OK again to specify the backup.
  9. Place a tick in the 'Restore' check box.
  10. Click OK to restore the database.
  11. The database will now be restored to the new SQL Server install.
  12. Close SQL Server Management Studio

Restore the database using a SQL Query:

  1. Install a supported version of SQL Server and SQL Server Management Studio.
  2. Place the SGNDBBackup.bak to the root of the C drive.
  3. Copy the following to a text file and save as migrate.sql

    -----------------------------

    RESTORE DATABASE SafeGuard FROM DISK = 'C:\SGNDBBackup.bak'

    WITH MOVE 'oldDBname_Data' TO 'path of data folder\Safeguard.mdf',

    MOVE 'oldDBname_Log' TO 'path of data folder\SafeGuard.ldf'


    ----------------------------

  4. Edit the following in the SQL Query for your environment:
    'oldDBname' is the name of the database on the old server
    'path to data folder' is the location of the DATA folder in the SQL instance install e.g: 'C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\DATA'
  5. Execute the SQL Query by double clicking the migrate.sql file.
  6. Check the SafeGuard database has been attached to the instance by checking under Databases in the SQL Management Centre. A database called 'SafeGuard' should be present.

4. Migrate the Policy Editor to the new server. (Perform these steps on the new server.)

  1. After extracting the Policy Editor install files, run the SGNPolicyEditor.msi:
    C:\...\install\SGNPolicyEditor.msi
  2. Follow the on-screen prompts to install the Policy Editor.
  3. Once complete click on the finish button and open the Policy Editor by clicking:
    Start | All Programs | Sophos | SafeGuard | SafeGuard(R) Policy Editor
  4. Click on Next when the wizard opens.
  5. Click on the drop-down menu and select the existing SafeGuard database and click Next and continue from point 8. If this database is not available, continue from point 6.
  6. If the database is not detected, click on 'Change' and type in the database server 'server\instancename'.
  7. Click on 'Check connection'. Once successful click OK and the database should now be selected.
  8. Import the Security Officer p12 certificate exported from the previous installation above. You will need to type in the password you secured it with when exporting.
  9. Provide a secure password to be used to sign into the new Policy Editor installation, click Next.
  10. Complete the wizard and the new Policy Editor will open.

5. Finalising the migration.

  1. On the new server, create a new shared folder.
  2. In the Policy Editor select Tools | Configuration Package Tool...
  3. Select the Key Backup Location of the existing package and change it to the new share.
  4. Define a configuration package output path, and create the new configuration package.
    This can be used for new client installations, so make sure that you copy the files from the old share to ensure that recovery of existing clients is possible. Alternatively, install the new configuration package to the existing clients.
  5. If you install the new client configuration package, run the following in a script to backup the files to the new share:
    C:\Windows\System32\sgmcmdintn.exe -keybackup 'foldername'
  6. Once complete you can then decommission the old Policy Editor and the migration is now complete

Note: Ensure you make backups once migration is complete.


 
If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent

Comments