In most cases, technical support is called because something unforeseen with a customer’s systems has gone awry - a system crash, lost files, a major virus attack--are just a few of the kinds of problems Symantec technical support responds to every day. The customer is understandably tense, time is of the essence, and business losses are a primary concern. These are unfortunate yet unavoidable circumstances in the course of everyday business. Yet some customers contact support proactively, because these companies realize that early technical help can head off potential crisis situations.
The Advanced Support team at Symantec contacted James, a long-time Brightmail Gateway technical support specialist, with a request: a financial services customer needed to consolidate three Brightmail appliances into one master gateway without disrupting its day-to-day operations. Evidently the customer understood this would not be a routine task, so they proactively contacted Symantec technical support when they experienced difficulties at the beginning of the consolidation attempt. This early support helped to avoid a number of additional problems.
Preserving Certificates
One of the primary hurdles facing the company as they contemplated combining the gateways was a number of TSL/SSL certificates they had purchased and installed. “For whatever reason, they did not have the original certificates, so re-installing them was not an option,” said James. “They needed another solution to both consolidate the gateways and to preserve their investment in SSL certificates,” James notes. The Brightmail Control Center, as a security precaution, will not allow users to export security certificates. This presented another obvious hurdle.
“Another part of the problem in this consolidation was the basic backup of the gateway,” James remembers. “If they had attempted to back up the individual gateways, and then apply these backups to the new main gateway, each existing database table would have been wiped out as a new backup copy was applied.” This was definitely not a scenario that the company could pursue, with hundreds of financial services clients relying on them daily. James knew the answer was time-consuming—to manually consolidate all the databases, then upload them to the new master gateway appliance. This solution, however, would permit a merge of all three gateways into one master gateway and preserve the company’s investment in hundreds of security certificates.
A Manual Merge
The company provided James a set of file exports from each gateway, which he then proceeded to manually merge, line by line, into one master database. “This took place over a period of a few weeks,” James recalls. “I could handle this project between other support calls.” Since there was no emergency, James could take his time, get it right and later hand off the results. James had only one setback. “When I was about half finished with the manual merge of the files, the admin at the site added another certificate,” he remembers. James had to start over at that point. After a completing the compilation, including building the certificate table, James needed to verify that the certificates would work. “The internal GUI operations that we use to verify that the certificates are signed and good weren’t documented at the time, so I needed to figure out how we were doing it and then confirm all steps of the procedure on my lab system to ensure that they’d have working certificates when we were done,” James recalls.
Once the merge was complete, James handed off the database to the team, and it loaded as expected. The company saved hours of time and thousands of dollars in certificate costs. “They were very happy, to say the least,” James says. So what would James recommend to customers under similar circumstances? “Definitely involve support early on if you have trouble during a complicated upgrade. Plan ahead. And make sure you keep all copies of your security certificates,” he notes.