Windows based Manager: Frequently asked questions Here are answers to frequently asked questions. Why is McAfee Network Security Platform migrating from MySQL to MariaDB? McAfee as an organization has decided to migrate to MariaDB, and Network Security Platform is adhering to all such compliance requirements. If an earlier version of the Central Manager/Manager, such as version 8.1, is still in use, do we provided a same version of the Manager with MariaDB in such instances? Currently there are no plans to provide a hotfix or an update release of the Manager version 8.1 with MariaDB. Instead, McAfee recommends you to migrate to the Manager versions 9.1 or 9.2. Will there be release of a hotfix, if the customer encounters a MySQL vulnerablity? Starting with Manager version 184.108.40.206, McAfee will no longer release any hotfixes for previous Manager versions with MySQL database vulnerabilities. Hotfixes with vulnerability fixes for Manager version 220.127.116.11 and above with MariaDB only will be provided. Will there be release of 8.1 FIPS Manager with MariaDB for the customers running FIPS Manager version 8.1? McAfee recommends you to upgrade to FIPS Manager version 9.1. There will not be anyr release of 8.1 FIPS NSM with MariaDB. The Manager version 8.3 is EOL, while Sensors version 8.3 are still supported. Does this mean the customers who want to continue on Manager version 8.3 will be provided a Manager version 8.1 with MariaDB? Currently there are no plans to provide a hotfix or an update release of the Manager version 8.3 with MariaDB. Instead, McAfee recommends you to migrate to the Manager versions 9.1 or 9.2. Does Managers with MariaDB continue to support all current deployments of heterogenous Sensors without necessitating a Sensor software upgrade? ? Yes. There will not be any disruption and all current deployments are expected to work after upgrading to a Manager version with MariaDB. For example, the 9.1 Manager version with MariaDB can manage 9.1, 8.3, and 8.1 Sensors. Will migration from MySQL to MariaDB apply to Managers based on both Windows and Linux? Yes. Both flavors of Manager will be shipped with MariaDB after release of Manager version 18.104.22.168. Does the migration from MySQL to MariaDB applicable to physical appliances? Yes, the table below details migration from MySQL to MariaDB applicable to physical appliances: NSM Form Factor Operating System Manager version 22.214.171.124 and later Physical Appliance (NSM-STND-NG, NSM-GLBL-NG) Windows 2008 R2 MariaDB Virtual Appliance Windows 2012, 2016 MariaDB Physical Appliance (NSM-MAPL-NG) MLOS MariaDB Virtual Appliance MLOS MariaDB If a customer does not want to make changes to their environment, do they require to plan for any tasks or outages? In order to have the latest signatures and protection, and to adhere to compliance requirements which McAfee is adhering to, we advise all customers to keep their software up to date. Can a Central Manager running MariaDB manage Managers running MySQL database and vice versa? McAfee recommends you to have same database running in both Central Manager and the Managers in your network environment. That is, if you are running a Central Manager with MariaDB, then as a best practice you should use this Central manager only to manage Manager with MariaDB. Note: The Central Manager version lower than 126.96.36.199 cannot manage the Manager version 188.8.131.52. How do I upgrade an MDR pair with Managers running MySQL database to Managers running MariaDB database? McAfee recommends you to suspend the MDR pair, upgrade the individual Managers and then resume the MDR pair. Can I restore a backup taken from a Manager running MySQL database to a higher Manager version running MariaDB database? The database backup taken from a Manager running MySQL can be restored on a higher Manager version running MariaDB. Note: For database restore, the first digits of both the Managers should be same. For example, you cannot restore a database backup taken from 184.108.40.206 on 220.127.116.11. I am using Manager version 8.0.x.x. Can I directly upgrade to the latest 9.2? Recommend that you upgrade to a supported 8.1 or an earlier 8.2 version before you upgrade to the latest 8.2 version. For details, see Reviewing the upgrade requirements. Can I upgrade my 8.0 MDR setup directly to 9.2? Recommend that you first upgrade your 8.0 MDR setup to a minimum required 8.1 or 8.2 version to upgrade to the latest 9.2 version. To do this: Click Switch Over to make the secondary Manager active. Upgrade the primary to a minimum as applicable. Bring up the upgraded primary Manager. Note: The primary is up in standby mode. Stop the secondary Manager. Click Switch Back to make the primary Manager active. Upgrade the secondary Manager to the same 8.x version as the primary. Bring up the upgraded secondary Manager. Note: The secondary is up in standby mode. In an MDR setup, after upgrading the primary Manager to 9.2, can I switch over to make the primary active or do I have to first stop the secondary? Yes. You must stop the secondary. For details, see MDR Manager upgrade. Do I need to do any specific step after the upgrade to re-establish MDR? No. It works automatically. After upgrading the Secondary Manager, do I need to import the database to secondary or will that happen when I re-establish MDR? You must explicitly import the database into the secondary. Do I need to reconfigure MDR to get primary and secondary into MDR again? No. The MDR configuration is retained and will work automatically. I see the Switch Over button in the interface but I have read that I must use the Switch Back button to make the primary Manager active. Which is correct? The Switch Over button in the interface changes to Switch Back for the primary to take control from the secondary. Do I really need to upgrade the operating system to Windows 2008 or Windows 2012 server for 9.2; can I not continue with my 2003 Server setup? No. You must upgrade to one of the supported operating systems to use Network Security Platform 9.2. When do I run the additional offline scripts? Additional offline scripts need to be run after completion of upgrade, and only if prompted.