Page 1 of 2 12 LastLast
Results 1 to 10 of 11
  1. #1
    Untangler
    Join Date
    Sep 2012
    Posts
    64

    Default 9.4 to 11.1 migration

    Like a lot of users I opted to stay at 9.4 and wait till I needed some of the new features of 10 or 11. There are threads here that talk about what settings move and what ones don't. But I am looking for more logistics type advice on how to avoid downtime.

    Clearly if I just reformat the box I will have hours of downtime. Also if I just start putting in the settings from notes and screenshots I will make a typo or some other error that will lead to some loss of services. Open VPN is an issue. The goal is ZERO work hours downtime for any services while still seeing my family at night and on the weekends.

    Can I set up a VM on Vmware and configure my settings there. Flipping back and forth from screen to screen to try and get them all. Then take that machine online and test as much as possible after hours. Then move that setup back to the physical hardware.

    I am thinking of just leaving it on the VM. My hardware is a UT50 and although it is fast enough at packet forwarding the UI is almost useless for tracking down bad users, viruses or NTPD attacks in the act. I read that the session viewer is faster in 11.1. yea!

    I seem to be needing vlan support to allow a building wide guest network for BYOD. Partly because I want to throttle their bandwidth but also because I am running out of IP addresses for DHCP leases to all the darn cell phones.

    Thanks,
    Brian

  2. #2
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,482

    Default

    Setting up a VM works extremely well, the backup and restore subsystem has seen massive upgrades since 9.4. The issues associated with taking a backup from one hardware base, and putting it elsewhere have been annihilated.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #3
    Untangler
    Join Date
    Sep 2012
    Posts
    64

    Default

    I must be missing something. I installed 11.1 on a VM did a backup and a restore and I cant find any granularity to the settings. No per module choices. Open VPN is the hardest part. I read in a different thread that I should be able to backup and restore just that piece.
    Here is where I am going.
    Config-System-Restore tab.
    The drop down only gives two options. Restore all settings. and Restore all except keep current network settings.

    Is there some other restore?
    Thanks
    Brian

  4. #4
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,486

    Default

    Sorry, no. 10 and after is new install only.

    10+ does support different types of restore, but only from 10+ backups.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  5. #5
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Lake Tahoe
    Posts
    9,653

    Default

    Backup from 9.4 will not restore to 10 or 11. You can only try to use the export / import on the individual modules.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  6. #6
    Untangler
    Join Date
    Sep 2012
    Posts
    64

    Default

    Oops I need to start a new thread. My question was out of context.

    Sorry

  7. #7
    Untangle Ninja jcoehoorn's Avatar
    Join Date
    Mar 2010
    Location
    York, NE
    Posts
    1,935

    Default

    The option that involves the least amount of downtime is to install to brand new hardware and configure the new hardware out of band, while you have access to your 9.4 system and settings as a reference. Then you can quickly swap the new hardware into production once everything is ready.

    I can recall at least one time in my past when I was unable to get new hardware where I temporarily moved my production system to older hardware, in order to create the new build on the production level hardware (this was for a different system than Untangle, but the principle still applies). Of course, that is not without some risk, but remember that without additional hardware, you will end up needing some downtime (after hours or otherwise) while you at least do the basic 11.1 installation.

    The next best option is to use a VM as reference installation, similar to your proposal. Install 11.1 into the VM, get all your settings right in that location, and test as much you can on the VM. Then take a backup of that configuration. Now you can install 11.1 on your production system, and simply restore the backup from your reference installation. It is okay to do a restore across hardware in most cases now.
    However, unless you've fully virtualized your production untangle (something that is not recommended), you'll still need downtime while the base 11.1 system is installing, before you can restore the backup from the VM reference installation to it.
    Last edited by jcoehoorn; 04-15-2015 at 12:50 PM.
    Five time Microsoft ASP.Net MVP managing a Lenovo RD330 / E5-2420 / 16GB with Untangle 16.5 to protect a 1Gbps fiber link for ~450 residential college students and associated staff and faculty

  8. #8
    Untangler
    Join Date
    Sep 2012
    Posts
    64

    Default

    Why is fully virtualizing a Production Untangle not recommended? That is what I am a few hours away from doing. Much as you described.

  9. #9
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,482

    Default

    Because Untangle isn't a good candidate for virtualization.

    You virtualize things because you want to share resources, a scheduling delay in your hypervisor to Untangle will cause a network wide performance loss.

    Don't get me wrong, it can be done, I do it all the time. But you better know your stuff, and you'd better not expect Untangle support to magic away your performance problems when they happen.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  10. #10
    Master Untangler
    Join Date
    Dec 2010
    Location
    Boerne, TX
    Posts
    261

    Default

    Quote Originally Posted by sky-knight View Post
    Because Untangle isn't a good candidate for virtualization.
    The best candidate for virtualizing Untangle is a smaller site that needs the protection of Untangle but does not have any network devices that are time (latency) sensitive. VOIP (phones) can be especially problematic. If a smaller site needs Untangle and VMWare is available, then I would consider it. Be prepared to move to a physical server if throughput problems start raising their head. Though VMWare has improved over the years, a virtual machine will never perform as well as a metal box even by tweaking the various VMWare settings for the virtual machine.
    ...Rick

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2