Sophos Enterprise Console Migration to Sophos Cloud - Check List

Moving antivirus management console to cloud may not be rich with all the features currently you are enjoying in the on-prem console but cloud management consoles are now and will be added with all on-prem features and more.

If you are planning to migrate the on-prem sophos AV management console to Sophos cloud, here is a quick check list to get start.

We were faced many issues during the initial phase of migration which was started mid of august 2017 but sophos support helped to get it sorted all.

Sophos documentations are very handy even though the below sheet provides a quick overview of plans and actions needed.

QUICK CHECK LIST

The sheet is Just for the reference and not a complete list.

1	Pre-requisites & Planning
1.A	Ensure the OS compatibility before migration. OS migration using tool - Windows XP, Windows 2003, Windows Vista, Windows 7, Windows 2008 Server, Windows 2008 Server R2 , Windows 8, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows Small Business Server 2011. Machines with MAC OS cannot be migrated using Migration tool – MAC endpoint migration need to be perform manually. Supported MAC OS versions - Mac OS X 10.10, 10.11, 10.12
1.B	A primary update location that is not the default update location is not supported by migration tool. The default update location is a UNC share \\<ComputerName>\SophosUpdate.
1.C	Ensure that the following ports and domains are white-listed in proxy/firewall device *.sophos.com *.sophosupd.com *.sophosupd.net *.sophosxl.net ocsp2.globalsign.com crl.globalsign.com 80 (HTTP) 443 (HTTPS)
1.D	Unsupported features needs to be disabled or uninstall before migration or the migration of that device fails. Unsupported Features - Sophos Client Firewall, Network Access Control, Patch, Full disk encryption
1.E	Ensure the machines are with Sophos endpoint security and control 10.0 or later (We’ve upgraded SEC to 5.5)
1.F	Ensure cloud account have admin privilege and accessibility.
1.G	Disable the Tamper protection during migration even though this feature is supported by cloud
1.H	Before Migration disable the AD Sync if it is enabled.
1.I	During migration, machines remain unprotected. So advised perform migration when the machines are not in use.
1.J	As the policy cannot be migrated to cloud review the on-prem console policies and pre-create necessary policies in the cloud console
2	Migration Pre-requisites
2.A	Install Sophos cloud migration tool on the server having Enterprise console
2.B	Perform a basic assessment test using Migration tool and then perform a advanced assessment by entering cloud console credentials in the migration tool (Login – From main menu)
2.C	Check the readiness report list on migration tool and identify the machines needs to be migrated on first stage
2.D	Perform remediation actions required for machines that cannot be migrated to cloud in their present state.
2.E	Machines may reboot during migration - Reboot can be automated by clicking File -> Options -> Select Automatically restart Windows Server 2003 computers and/or Automatically restart Windows XP computers” on the Migration tool Reboot type - Force reboot – Inform the users in prior to save their work before migration
2.F	For staged migration ensured that the machines in the prepared list is up and running before migration - Add machines to exclusion list – Staged migration
2.G	Change the update policy in SEC - Update schedule to 15 minutes, so the machine need not wait for (60 minutes) long to get cloud agent from SEC
3	Migration Plan
3.A	Perform Migration by clicking migrate button and check the status of migration in Migration tool and Sophos Enterprise console
3.B	If an error has occurred during migration and a computer hasn’t been migrated, it’s moved to the Error view of the tool, where you can find out about the error.
3.C	Check the machines failed to migrate in Error tab of migration tool and find out the reason and fix it
3.D	Verify the migrated machines status in cloud console and apply necessary policies
3.E	In cloud console migrated machine can be found under Computers - All machines Servers - All Servers
3.F	Perform the migration of MAC device as per the KB article as it is not supported by Migration tool (https://community.sophos.com/kb/en-us/119265 )
4	Post Migration tasks
4.A	Perform a full system scan after the migration to ensure that the machines are not compromised
4.B	Once all the end points migrated to cloud wait for 1 day and ensure that everything is working as expected
4.C	Migrate the on-prem enterprise console management server as per the KB document
4.D	Install the Sophos cloud update cache – on-prem as per the KB document
4.E	Uninstall Sophos Migration tool from the server
5	Regression Plan
5.A	In case of any issues, perform rollback as per the KB document https://community.sophos.com/kb/en-us/122211.

I will detail the instruction to be followed in the next article.

Hope this is informative and thanks for reading.

Cheers
Sijo John