I have some clients (40) that need to point to an other policy manager server.
How is it possible without reinstall ?
Version is workstation 10.x
To change the "OLD" Policy Manager Server to a "NEW" machine with a "NEW" Policy Manager Server.
1. Keep alive both the "OLD" and "NEW" Policy Manager
2. In the "OLD" Policy Manager make a backup;
3. In the "NEW" policy manager server RECOVER the backup from the "OLD" Policy Manager Sever.
4. Open both Policy Manager Servers, in the both, in the Settings -> Centralized Management tab, change the Policy Manager Server settings (Policy Manager Server) and put the new IP (of the New Policy Manager Server).
5. Distribute the Policy and wait. After the end users get the last policy, the will go to the New Policy Manager.
the old server is not available
If the OLD server not avaible, the only way is create the NEW server and recover a backup (IF YOU HAVE A BACKUP) of OLD server F-Secure database, otherwise you will need to reinstall F-Secure in the all machines.
F-Secure create an exclusive encrypted key to communicate between host and Policy Manager (every installation he automaticaly create this key - public and private).
The Private key is keeping in the Policy Manager Server and public goes to host when you install Client Security or another F-Secure product in the machine). Every time when have communication to take a new policy the keys is checked. If match, the host get the new policy, otherwise the communication is interrupted (by wrong key error). So you will need restore the backup to new policy manager or at least you need have the encrytped keys. If you dont have the keys or the backup, you will need reinstall F-Secure in the all machines (using a new key from a new Policy Manager Server).
Is it possible to migrate clients from old server to a new server that is already in use (read: cannot restore the backup from the old server) or do I need to reinstall clients? Or is there a way to merge two databases?
Dont have a way to "merge" two or more servers.
Only way to work around is:
The old server and the new server must be using the SAME encrypted key (admin.prv).
If the both PMS using the same key, you just need change the Centralized management -> Policy Manager Server address (in the OLD Policy Manager Server) to point to the new server IP.
If the Old Policy Manager Server and the New Policy Manager Server is using a different key, you will need to install the F-Secure endpoint (using the installation created by the new server) to all computers where using the "OLD" server installation until now (recomended using UITOOL to remove the old install before install the new server installtion).