Hi Team,
Need your guidance for my project in IGEL production enviroment. Below have mentioned the details of project planned.
Project scope: our production UMS server and Igel cloud gateway are running on expired physical hardware. Both servers are running on RHEL 8.X OS Linux.
As per customer requirement, we are going to migrate the current UMS Server and ICG server to new target Virtual machines.
Project Planned :
A. Phase-1 activity – Install the new UMS server software on new server and restore the embedded database with keeping a existing ICG server connection.
a. For this activity, we got the solution from IGEL support , we can able to push the new UMS server IP address via IGEL policies throught ICG connection.
b. Status – Lab setup tested – it is working as expected.
2. Phase-2 activity – Uninstall the ICG software from current server and replace the new ICG server on UMS server
a.For this activity, how to replace the new ip address or hostname of new ICG server to our IGEL End devices. Here, we have 400+ production IGEL end devices is there.
Questions:
1. For this phase-2 activity , if we replaced the new ICG server , is it impacting our IGEL end devices ?
2. Our IGEL end devices are configured ICG agent setup using the server name is “http://icg.test.org icg.test.org” – shall we replace this server name in DNS record to map new ICG IP address ?
3. we need to migrate both production servers without any impact in our production.
4. ICG cert should be backup and plan to restore on new ICG server ? — in this case, new ICG server having new hostname & new ip address, instead of existing cert restore , need to create new cert file for using new server name and ip address ?
Hi,
on 1) if you aren’t using Shared Workspace, no, the devices will continues functioning.
2) this would make things more fluent
3) should work since the devices are using local cached configurations (again, shared workspace is another story).
4) the ICG Cert should remain in DB, you only might have to delete or reconfigure the ICG connection in UMS Administration.
Hi Sebastien
our IGEL end users are located in WAN location. They are connecting via ICG over the WAN
In this case, if i replace the new ICG in my production environment. is it any production impact ? or IGEL devices still funcitioning for VDI connections with existing cache information. ?
Because, here new ICG and new ip address assigned in the new server.
can you explain about shared workspace – how to check we are using or not ?
VDI will function without ICG.
On SWP: kb.igel.com/endpointmgmt-12.01/en/swp-77865517.html
Really, if ICG connection disconnects still the users able to use the VDI sessions without any interruption ? —- so what is the impact if ICG not available over the WAN location ?
we got this updates from IGEL support team
1. For this phase-2 activity , if we replaced the new ICG server , is it impacting our IGEL end devices ?
Yes, each device will need to be reconnected to ICG through the ICG setup wizard because this is a new ICG.
1. Our IGEL end devices are configured ICG agent setup using the server name “http://icg.test.org icg.test.org” – shall we replace this server name in DNS record to map new ICG IP address ?
You will need to re-run the ICG setup wizard. Adding the DNS record is a good thing but the main thing is to go through the wizard so that the devices know: Where ICG is, and Trust ICG.
1. ICG cert should be backup and plan to restore on new ICG server ? — in this case, new ICG server having new hostname & new ip address, instead of existing cert restore , need to create new cert file for using new server name and ip address ?
You can use an existing root chain to install the new ICG. You can install the new ICG alongside the old ICG. You can then have batches of users go through the ICG wizard to connect to the new ICG.
if we replace the ICG or any changes in ICG – we need to run the ICG agent wizard in users end IGEL devices… so we thought , it will impact huge production issue
IGEL Cloud Gateway is only relevant for IGEL configuration, we don‘t interfere with VPN or VDI.
ok in this case, WAN users just required Internet connection and able to connect the VDI using VDI servername, right ?
in their IGEL end devices
any KB articles is there – to understand?
what about IGEL devices license in this case ?
is it still running with existing license config ?
kb.igel.com/endpointmgmt-12.01/en/igel-ums-communication-ports-77869550.html kb.igel.com/endpointmgmt-12.01/en/igel-ums-communication-ports-77869550.html
License and configurations stay on the device.
ok thanks
let me look the KB article
Thanks sebastien
Some pictures
igel-community.github.io/IGEL-Docs-v02/Docs/HOWTO-Basic-Setup-Guide/#configure-ums-network-ports
Continue reading and comment on the thread ‘Guidance for UMS and ICG updates’. Not a member? Join Here!
Learn more, search the IGEL Knowledge Base
Ask a question or comment on the above message thread?
Join or log in to the IGEL Community to ask us anything and meet other IGEL customers, partners, and EUC enthusiasts.Submit a question, or Join Today!