×
Siemens Industry Online Support
Siemens AG
Entry type: FAQ Entry ID: 109748144, Entry date: 06/22/2017
(0)
Rate

How do you move a SINEMA Remote Connect Server via a backup copy if the network environment does not change?

  • Entry
  • Associated product(s)
A new server (new hardware or new VMware image with identical configuration and network settings) is to be set. For this you can create backup copies of your SINEMA Remote Connect Server and reload them as required or import them into a different system. The backup copies contain only the system settings, but no information about the network configuration.

Problem
The backup copy of the SINEMA Remote Connect Server does not include the network configuration. However, the network configuration is a key factor for importing the web server and VPN certificates.

If the network configuration of a newly installed SINEMA Remote Connect Server does not match the network configuration from the backup copy, then the web server certificate in the backup copy is not imported and a new web server certificate is created.

Consequences:

  • The new web server certificate or the new fingerprint cannot be updated by autoconfiguration interface.
  • All the devices (VPN clients) are imported, but are assigned other certificates. Devices with fingerprint authentication are therefore not reconnected. Devices with authentication reconnect because the CA is always imported.

Solution
In order to ensure successful import of the backup copy into a new SINEMA Remote Connect Server, without making changes to the devices (VPN clients), the network configuration/environment must not change. In the network configuration in the WBM of the SINEMA Remote Connect Server ("System > Network Configuration"), all the tabs must be identical, Interfaces, DNS and Web Server Settings, for example.
The procedure is described based on a sample case:

A SINEMA Remote Connect Server (Server A) is connected with active network devices and is in operation. Server A is to be virtualized.
The virtualization is done via an ESXi Server. A virtual machine is created in the ESXi Server. The virtual machine is Server B.

Procedure

  1. On the Server A, under "System > Backup & Restore" in the "Settings" tab you enter an encryption key. Note this encryption key, because you need it for the next step. On Server A you create a backup copy under "System > Backup & Restore". Download the backup copy and save it.

  2. On Server A under "System > Network Configuration" you create screenshots of the complete network configuration (Interfaces, DNS and Web Server Settings tabs) and save the screenshots. Also pay attention to existing LAN interfaces.

  3. Create a screenshot of an entry under "System > Licenses" and save it.

  4. Under "Remote connections > Devices" you open a device (i icon) and create a screenshot of the fingerprint. You need the fingerprint for verification to successfully restore the system.

  5. Shut down Server A via the WBM ("System > Update > Power Management > System Shutdown").

  6. Contact Siemens Support and explain that you are performing a server migration. For this you have to forward your license keys from Step 3 to the colleagues from Support. The Support colleagues release these licenses. Then these licenses can be re-activated on the new server. This is necessary to continue using Server A with all the licenses if there is an error.

  7. Now, for example, the SINEMA Remote Connect Server (Server B) can be installed on the ESXi Server. Right when you install the SINEMA RC Server you should configure the valid IP address and the gateway from Step 2 and then do the installation.

  8. When the installation has been completed on Server B, you can completely integrate the network environment from Step 2. Do not forget to check "Host name externally resolved" under "DNS" if this option has been configured in Server A.

  9. Activate the license(s) from Step 3 on Server B.

  10. On Server B, under "System > Backup & Restore" in the "Settings" tab you enter the encryption code from Step 1. Upload the backup copy from Step 1 to the new server (Server B) and restore it manually. Wait a while. This process can take up to 10 minutes depending on the size of the backup copy.

  11. All the devices (VPN clients) are to be imported into Server B. Under "Remote connections > Devices" you open the device information of a device (i icon). Compare the fingerprint from Step 4 with the fingerprint generated in Server B.

  • If the fingerprints are identical, the system has been restored successfully. All the devices can then reconnect automatically. The maximum time for the reconnection can be up to 60 minutes. After this time all the devices that were previously connected must restore the connection.

  • If the fingerprints are different, the web server certificate has not been imported. This indicates that something has not been integrated correctly in Step 8. Redo Step 8 and Step 10.
    If the fingerprint check fails once again and you are sure that you have correctly integrated the network configuration from Step 2, you should contact the Technical Support. If you need your server urgently, while waiting for a response from Technical Support, you can shutdown Server B and put Server A into operation. All the devices connect automatically after at most 60 minutes.

Note
This description is valid for version V1.2 and higher of SINEMA Remote Connect.


Security information
In order to protect technical infrastructures, systems, machines and networks against cyber threats, it is necessary to implement – and continuously maintain – a holistic, state-of-the-art IT security concept. Siemens’ products and solutions constitute one element of such a concept. For more information about cyber security, please visit
https://www.siemens.com/cybersecurity#Ouraspiration.