Migrate to federal MVISION ePO

Federal MVISION ePO is a multi-tenant, enterprise SaaS model of McAfee ePO hosted in federal cloud, accessible through an internet browser. You can migrate systems from the McAfee ePO server to federal cloud using the MVISION ePO Migration extension.

Before you begin

Before you begin, make sure that these conditions are met.

  • You have an active federal MVISION ePO account.
  • Your McAfee ePO version is 5.3.3 or later.
  • You have installed the MVISION ePO Migration extension 5.10.0.874 or later on your current McAfee ePO server.
  • The McAfee ePO server has internet connectivity. If you're using a proxy server, make sure that you have configured the proxy server settings.
  • The client systems can communicate with the MVISION ePO server.
  • The agent repository policies have proxy settings to connect to the federal MVISION ePO server.
  • You have configured the proxy and firewall settings to allow communication with the federal MVISION ePO server. For more information, see KB90878.
    This table displays ports and URLs that federal MVISION ePO needs to communicate through a firewall.
    Port Customer data center location URL
    443 United States

    ah.gov001.epo.mcafee-gov.com

    ui.gov001.epo.mcafee-gov.com

    dxl.gov001.epo.mcafee-gov.com

    sw.gov001.epo.mcafee-gov.com

    cds.gov001.epo.mcafee-gov.com

    8883 United States

    dxl.gov001.epo.mcafee-gov.com

  • The federal MVISION ePO tenant account that you're planning to link has an active subscription and administrator rights.
  • You have identified inactive systems and excluded them from the migration process. Migration can't be complete if even one of the systems is not reachable.
  • You have installed McAfee Agent 5.6.0.702.1 or later on the client systems.
    Note: The most current supported version of McAfee Agent is 5.6.4.249. If you are migrating systems that have McAfee Agent versions higher than 5.6.4.249, the systems appear as noncompliant in Protection Workspace.
  • You have excluded systems that have products other than McAfee Agent and Endpoint Security installed from the migration process. Federal MVISION ePO currently supports McAfee Agent and Endpoint Security only.

Task

  1. Connect to the McAfee ePO server database.
  2. Run these SQL commands.
    Select * FROM OrionServerPropertiesMT WHERE [Key] IN ( 'iam.url' , 'iam.client.id' , 'MVision.url',  'tps.url','uam.url');
                    
    IF EXISTS (SELECT * FROM OrionServerPropertiesMT where [Key]='iam.url')
       UPDATE [OrionServerPropertiesMT] SET [Value] = 'https://api.iam.mcafee-gov.com/iam/v1.0/token' where [Key]='iam.url'
                    
    IF EXISTS (SELECT * FROM OrionServerPropertiesMT where [Key]='iam.client.id')
    			UPDATE [OrionServerPropertiesMT] SET [Value] = 'efb532b4d8e914c2619d' where [Key]='iam.client.id'
                                    
    IF EXISTS (SELECT * FROM OrionServerPropertiesMT where [Key]='tps.url')
       UPDATE [OrionServerPropertiesMT] SET [Value] = 'https://tps.epo.mcafee-gov.com/govprod' where [Key]='tps.url'
                                    
    IF EXISTS (SELECT * FROM OrionServerPropertiesMT where [Key]='uam.url')
       UPDATE [OrionServerPropertiesMT] SET [Value] = 'https://api.uam.mcafee-gov.com/govprod/api/v1' where [Key]='uam.url'
                    
    IF NOT EXISTS (SELECT * FROM OrionServerPropertiesMT where [Key]='MVision.url')
       INSERT INTO [OrionServerPropertiesMT] ([Key], [Value], [TenantId]) VALUES ('MVision.url', 'https://ui.gov001.epo.mcafee-gov.com/', 1)
       ELSE
       UPDATE [OrionServerPropertiesMT] SET [Value] = 'https://ui.gov001.epo.mcafee-gov.com/' where [Key]='MVision.url'
    
    Select * FROM OrionServerPropertiesMT WHERE [Key] IN ( 'iam.url' , 'iam.client.id' , 'MVision.url',  'tps.url','uam.url');
    
  3. Reload the MVISION ePO Migration extension by running the remote command — https://<epo server IP or fqdn>:8443/remote/core.reload-plugin?name=MVISIONClientMigration.
  4. Log off and log on again to McAfee ePO.
  5. Migrate your systems from McAfee ePOMigrate to MVISION ePO.
    Tip: Plan to migrate your systems in multiple phases — A trial phase to migrate few systems, then one or more phases to migrate the remaining systems.