Prepare remote Update Managers before migration

You may have "remote" Update Managers (Update Managers that aren't on the same server as the Sophos Enterprise Console management server).

If you want to use Sophos Central Migration Tool to migrate these remote Update Managers, you must configure them manually before you start.

Why do you need to configure Update Managers?

You need a "migration package" to migrate computers. The package includes the installer and information needed for each migration.

Sophos Central Migration Tool automatically creates this package for Update Managers on the server where it's installed (as soon as you start your first migration). It puts the package in the folder \SophosUpdate\CloudMigrationPackage.

It also updates the package each time you select and migrate more computers.

However, Sophos Central Migration Tool doesn’t do this automatically for Update Managers on other servers. You need to run a tool called Sophos Migration Agent to do it.

Configure Update Managers

To configure Update Managers:

  1. After you've installed Sophos Central Migration Tool, select computers (including those that update from remote Update Managers) and click Migrate.

    You’ll see a message in Sophos Central Migration Tool that says that one or more Update Managers can't migrate computers.

  2. Click the message. This shows the status of all Update Managers, including the local one (you can also see this by selecting View > Update Manager Status.)

    When an Update Manager has the status Not Ready (spanner icon) or Out of Date (hourglass icon), go to the server where that Update Manager is installed and run Sophos Migration Agent, as described in the next step.

    Icon

    Status

    Description



    Ready

    The Update Manager can migrate computers.



    Not ready (fixable)

    The Update Manager can't migrate computers until you run Sophos Migration Agent.



    Out of date

    The Update Manager has a migration package that is out of date. It can't migrate newly-selected computers.



    Error

    The Update Manager can't migrate computers because there was a problem creating or updating the migration package.

  3. On the server with the remote Update Manager, run Sophos Migration Agent as follows:
    • Open a command prompt. If User Account Control (UAC) is on, use the option Run as administrator.
    • Change to "%programfiles(x86)%\Sophos\Migration Agent" (64-bit) or "%programfiles%\Sophos\MigrationAgent" (32-bit)
    • Find SophosMigrationAgent.exe
    • Run Sophos Migration Agent with the –p parameter for the path (UNC or local) to the location from which the agent gets the package. For example, if the package is in the default location:

      SophosMigrationAgent.exe –p “\\MySecServer\SophosUpdate\CloudMigrationPackage”

    Note If access to UNC paths is restricted, Sophos Migration Agent can't get the package from the default folder. Copy the contents of CloudMigrationPackage to a new folder on the remote Update Manager and use -p with the new, local path.
  4. Go back to the migration tool. After some time (usually up to 10 minutes), the Update Manager's status should change to Ready. Computers that update from it can now be migrated.
    Note The dialog showing SUM status doesn't automatically refresh. You must close and re-open it to see the updated status. If you can't open the dialog, it means that all your SUMs are ready.

If you plan to migrate computers in batches, we recommend that you now schedule Sophos Migration Agent to run regularly to update packages.

Schedule updates for the migration package

Each time that a new migration starts, the packages on remote Update Managers become out of date, and newly-selected computers can't be migrated.

To keep the migration packages up to date, we recommend that you set up a Windows scheduled task on the remote Update Manager.

Set the task to run every 15-30 minutes. By default, computers that are Pending time out after 2 hours, so this scheduled task ensures that the migration package always gets updated before the computer times out.

If the source of the package is trusted, set the task to run as an Administrative account with impersonation privileges. Select "Run with highest privileges".

If the source of the package isn't trusted, or you need to comply with strict security policies, we recommend that you schedule two tasks:

  • One task runs with a non-privileged account and copies the migration package from the network to a local folder.
  • One task runs Sophos Migration Agent and uses the local folder as the package source.

The task that copies the package must finish before the Sophos Migration Agent task starts.

Note After you've migrated all your computers, delete the scheduled task(s).