Sophos Enterprise Console – Multiple Consoles

How to setup multiple Sophos Enterprise Consoles to a single Sophos database.

In some scenarios, there will be a requirement of running multiple consoles to a single database, such as with:

  1. Head Office and a DR site – This is for fail-over, so when Head Office goes down, the DR site takes over and the machines are still managed and protected.
  2. Running two segmented networks with different IP ranges.

 

The first step you will need to do is to install the Sophos database on a central SQL database server.

  1. Run the SEC setup file on the SQL server.
  2. Deselect the following 2 components:
    1. Management console
    2. Management Server
  3. Click next.
  4. Select the SQL instance where you want the database to be installed.
  5. Complete the installation.

 

Once the database is successfully installed, you will need to install the Sophos Enterprise console as a separate server.

To install the console, please do the following:

  1. Run the SEC setup file on the Sever for the console.
  2. Deselect the database component.
  3. Click next.
  4. Specify where the location of the Sophos database is installed.
  5. Specify the account that is going to be used to connect to the database.
  6. Complete the installation.
  7. The console will open once installation is complete.

 

Repeat the above installation process for the secondary console.

Now you should have two operational consoles linked to one Sophos database.

However, there are some limitations to this design of implementation.

Limitations:

  1. If the consoles are on two different IP ranges, you will need to log onto the relevant console to push a policy or remediate an issue on the machine on the same IP range as the console.
  2. You will need to log on to the relevant console to push policies to the machines that are connected to it. You will not be able to push policies or remediate from the other console.
  3. Troubleshooting the console update managers, you will have two locations of update logs. A separate update log for each console.

Sophos Enterprise Console Backup Process

The following backup process is for backing up all relevant Sophos registry keys and databases for the Sophos Enterprise console to ensure full recovery or migration of all the workstations, policies and groups.

Registry Keys

32bit OS:

— Certificate key —

Start | Run | regedit

HK Local Machine | Software | Sophos | certification manager | CertAuthStore

Please export the CertAuthStore, and save it to a location.

— Database-user key —

Start | Run |reg-edit

HK Local Machine | Software | Sophos | EE | Management Tools | database-user

Please export the ‘database-user’, save it to a location.

 

64bit OS:

— Certificate key —

Start | Run |reg-edit

HK Local Machine | software | Wow6432node | Sophos | certification manager | CertAuthStore

Please export theCertAuthStore, and save it to a location.

— Database-user key —

HK Local Machine | Software | Sophos | EE | Management Tools | databaseuser

Please export the ‘database-user’, save it to a location.

 

Sophos Databases

Please stop the Sophos SQL service within the computer services. Please do the following

Start | type ‘run’ and open the run box | type ‘services.msc’ | stop SQL service(SOPHOS)

Once the service has been stopped, please navigate to the following locations:

32/64 bit:

Windows 2008 – C:\program files\microsoft SQL\ Data\Sophos

Windows 2012 – C:\program files\microsoft SQL\ Data\Sophos

Please backup the following databases:

Sophosxx.mdf
Sophosxx.ldf
Sophosenc.mdf
Sophosenc.ldf
Sophospatch.mdf
Sophospathc.ldf
Sophossecurity.mdf
Sophossecurity.ldf

Once all databases have been backed up, please restart the Sophos SQL service again.