Reset Search
 

 

Article

KB40223 - Import / Export: Steps to export an an IVS configuration and import as root config on another device.

« Go Back

Information

 
Last Modified Date10/14/2016 11:19 PM
Synopsis
This article provides the steps to export an IVS config using XML export so that the config can be imported to another device and used as the root system.
 
Problem or Goal
Need to convert an IVS config to be used as the root config on a non-IVS device.  
Cause
IVS support was deprecated starting in PCS 8.0 software

Due to certain dependencies that are present in an IVS config that are not present in an IVE config, a binary or full XML import is not possible when the goal is to convert an IVS to a root system or to import the IVS to a MAG or SA device that does not use IVS's.
 
Solution

Steps to complete this task:

Prerequisites:

  • The IVS config cannot contain any cluster settings and needs to be exported from a device that is not in a cluster.  
  • For IVS's running in a clustered environment go to Clustering and select one of the nodes then click Remove to remove the node the cluster.
  • The IVS configuration will be exported from the node that was removed from the cluster.
  • After performing the steps below the node can always be rejoined back into the cluster by adding it as a member from the existing cluster configuration and joining it again from the removed node.  (This requires that the cluster password be known.  If the cluster password is not available, it will be necessary to delete the cluster configuration entirely by removing all nodes from the cluster the recreating the cluster and rejoining any and all nodes.)
  • If the target system already has a running configuration on it with portions of the config that are named the same as objects in the IVS system, such as realms, roles, or policies, the existing configuration may be overwritten by settings in the IVS.  If this is not the desired result, then it may be necessary to rename these objects in the existing configuration so that they are unique.
  • If the target system is running a default config with default configuration settings that have been removed from the IVS config, and the desired goal is to run the IVS config exactly as it is on the target system, it will be necessary for the PCS admin to manually delete these objects from the default config, as XML import / export will only overwrite or append configuration settings to the target system--it will not delete objects that are present in the target config but do not occur in the IVS config.

Tip:  If errors are encountered at any step the system will respond with an error message with a reference to the object the error occurred with.  When this happens, re-export that section of the config without the problem object, and import it to the target system.  Then, export the problem object by itself, and work to resolve the problem in the XML for that object separately.  Once corrected, reimport this portion of the XML. This is always easier than trying to work with the entire section of the XML at once.

Steps:
  1. Login to the IVS directly and select Import / Export > Import Export XML
  2. Export “Endpoint Security” settings and import to target system
  3. Export “All roles” and import to target system.
  4. If there are errors and the import fails then select all the roles individually except for the problem role and import to the target system.  
  5. Fix the errors for each problem role then export these individually and import to target system.
  6. Export “All Resource Policies” and import to target system.
  7. Export “All Auth Servers” and import to target system. 
  8. Export “All Users Realm” and import to target system.
  9. Export “ All Local Accounts” and import to target system.
  10. Export “All Sign-in Settings” and import to target system.
  11. Under "System Settings" select the desired settings to import to target system then export.*

*Important note: The target system may already be configured with different network settings, virtual ports, certificates, licenses, etc. Therefore, select only the settings that are needed.

If further assistance is needed please open a support case at my.pulsesecure.net.  When submitting the case for review, please attach the XML config of the IVS to the case, and/or the problem sections that require correction, along with screenshots of any errors encountered while performing the above steps.

Related Links
Attachment 1 
Created ByKaren Mayberry

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255