cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Cloud strategy for FNMS on-premises server infrastructure

I have a client who are running FNMS on-premises with two servers installed. One application server + Beacon role, one database + secondary Beacon role. They are planning to transfer as much as possible to public cloud (presumably Azure) next year, and basically all server workloads that are now running in client managed data center would be moved to cloud. FNMS is using native scanning for servers, managed by Beacons. Workstation scanning data is coming from a third party tool.

Is this scenario (moving FNMS servers 'lift and shift' to public cloud) supported for FNMS application server and Beacon server to function properly? What kind of things need to be taken into consideration when planning this use case?

(1) Solution
mfranz
By Level 17 Champion
Level 17 Champion

Hi,

I think there is no easy solution to that. Depending on the technology used, there are a few things to consider.  A few ideas:

  • Installation
    Backup the databases and restore them in the new location. Do a complete install and config. The effort is minimal and this way you make sure all settings are set accordingly. Especially if users, machine names, etc. change, I would avoid moving the whole thing. Fresh install is the cleanest approach and will likely save you alot of time tracking misconfigs afterwards.
  • Agents
    If you use FNMS Agents for inventory, you'll need to consider that the agents need to communicate to one of your Beacons. So you need to plan ahead for this. There multiple routes to go
    • Redeploy agents
    • Transition phase (keeping the old Beacon around for a while, possible have the old Beacon report to the new environment)
    • Make the new location known to the Agents before switching (has been discussed in the forum repeatedly)
    • DNS alias (making the old beacon name point to the new beacon IP)
  • Inventory & Business data sources
    Where are your 3rd party inventory sources and business import data sources? Will you be able to use them from the new location? You might need to do a little data clean up, especially if you have inventory data connections on standalone Beacons. These connections will get a new ComplianceConnectionID in the new environment. So old data related to the old connections needs to be removed.
  • User access
    Can users and admins access the platform as fore?

Best regards,

Markward

View solution in original post

(1) Reply
mfranz
By Level 17 Champion
Level 17 Champion

Hi,

I think there is no easy solution to that. Depending on the technology used, there are a few things to consider.  A few ideas:

  • Installation
    Backup the databases and restore them in the new location. Do a complete install and config. The effort is minimal and this way you make sure all settings are set accordingly. Especially if users, machine names, etc. change, I would avoid moving the whole thing. Fresh install is the cleanest approach and will likely save you alot of time tracking misconfigs afterwards.
  • Agents
    If you use FNMS Agents for inventory, you'll need to consider that the agents need to communicate to one of your Beacons. So you need to plan ahead for this. There multiple routes to go
    • Redeploy agents
    • Transition phase (keeping the old Beacon around for a while, possible have the old Beacon report to the new environment)
    • Make the new location known to the Agents before switching (has been discussed in the forum repeatedly)
    • DNS alias (making the old beacon name point to the new beacon IP)
  • Inventory & Business data sources
    Where are your 3rd party inventory sources and business import data sources? Will you be able to use them from the new location? You might need to do a little data clean up, especially if you have inventory data connections on standalone Beacons. These connections will get a new ComplianceConnectionID in the new environment. So old data related to the old connections needs to be removed.
  • User access
    Can users and admins access the platform as fore?

Best regards,

Markward