Migrating to new Brain (prior to v8.5)

Please Note - for v8.5+ of Vectra Software:

• In version 8.5 and higher of Vectra Brain software, backup and restore functionality has been updated to be more consistent in how the commands work for the various different options available in backup/restore. As a result, the majority of commands are different in some way.

  • Please see Backup and Restore for Vectra Brain Appliances (v8.5+) for Backup and Restore details.

  • Please see Vectra Brain Appliance Disaster Recovery (DR) / Migration Recommendations (v8.5+) for Disaster Recovery and Migration details.

• The KB you are currently reading will quickly become obsolete as customers update to v8.5+ of Vectra software.

  • Once all customers are on v8.5+, the older KB articles will be archived to help avoid confusion.

Introduction

This article will cover the steps to perform a migration from the existing to New Brain. In the scenarios of proactive RMA replacement, hardware upgrade when the old appliance is still available.

Source = Old Brain and Target = New Brain.

Prerequisite

1. Prepare for Downtime. We perform a cold database backup so some services will be temporarily down during the initial part of the backup at the source brain and restored at the target.

2. Configure following on Target brain:

   1. Management port IP address. For steps Refer: Configuring the IP address of a new Brain or Sensor

   2. DNS: 'Brain-Web-UI > Data Source > Network > Brain Setup > DNS'.

   3. NTP: 'Brain-Web-UI > Data Source > Network > Brain Setup > NTP Entrries'.

   4. TimeZone at 'Brain-Web-UI > Settings > General > TimeZone'.

3. Vectra Support CLI (vscli) access is achieved over SSH on port 22 with 'vectra' User. The default credentials as per the article are found here: Default username and passwords for Vectra appliances.

4. Source and Target Brain must be on the same release. Check this from vscli:

   show version

   If not please ensure connection to Update2 is possible for the new target brain to update more information see: Firewall Guide

5. Take a screenshot of list of sensors paired to Source Brain. You can see the list of paired sensors and the list of sensors available for pairing from the "brain_web_UI -> Data Sources -> network -> Sensors": Note: On Cognito Detect Version 7.3 and below: Manage → Sensors: The status column indicates whether the sensor has been paired (i.e. Forwarding / Not-forwarding) or is available for pairing (i.e. Provisioned / Pairing). Sensors that have been paired with other brain devices are not listed on this screen.

Backup and Restore:

1. Setup "Brain to Brain" backups from Source to Target brain. On the Target brain retrieve the authentication key:

   On the Source brain temporarily configure the backup as follows, replacing the word KEY with the token from Step 1.

   Complete manual backup VCLI on Source Brain using the command, this can take typically take 10 minutes but may be longer depending on Volume.

2. Completed Restore on Target Brain, please wait up to 1 hour to fully copy backups other you may see an error with "error decrypting". Once the backup is copied

Note: Vectra CLI password will be reset to default after restore.

Please Note:

Version 7.9 has added three new options to the "restore run" command. They are:

• --preserve-saml

  • Keeps the SAML configuration that was present on the target brain prior to the restore

  • For example, this can be helpful when SAML configuration is tied to an IP address that will be different on the target Brain.

• --preserve-ui-certs

  • Keeps the UI certificates that were present on the target brain prior to the restore

  • This can be useful when the restore target will have a different IP/hostname that would invalidate the UI certificate configuration.

• --replace

  • This option is meant to be used when a brain is being fully replaced by another brain and ensures that internal processes at Vectra properly link this new brain with our back end as a replacement. For customers running the Respond UX with network data sources, this option will ensure your replacement brain can automatically connect to your GUI that is being served from the Vectra AI platform.

Validation of Backup:

Login to Vectra Brain-Web-UI on Source and Target brain and have the look at detections and hosts page data are looking similar. IF they lokk same then the database migration from Source to target to completed.

Final Steps:

1. 1. IP swap:

   1. IP Swap (recommended):

      1. Power off the Source Brain using the command: shutdown

      2. Set the Source brain IP on the Target Brain:

   2. If the IP was not swapped

      1. Login to each physical Sensor with vectra password and run the command "set brain new--brain-ip" eg. "set brain 10.10.10.10". Follow steps in GUI to perform online/offline pairing

      2. For vSensor set the new brain IP by logging in with vectra user

      3. For more information on pairing see Pairing Physical Sensors

2. Migrate any SPAN configuration/ cables from Source to Target Brain

3. Sanity Check UI for paired sensors - Manage - Traffic page stats

4. O365 sensors cannot be migrated. Any existing O365 sensors should be recreated on the new brain

5. If vSensors are deployed Update vAPP Settings with new Serial Number to ensure Physical Hosts page is populated

6. Contact Vectra Support if you have Stream and/or Recall license as this will need to be migrated to the new Brain

7. If you allowed Remote Support previously and only via proxy, please contact Vectra Support enable remote support through a proxy again.

8. If this is an RMA please factory-restore of old brain once all done and return the old brain