Migrate Sensor Proxy

Migrating Sensor Proxy to a new machine is simple and does not require you to relink sensors. You can migrate Sensor Proxy by copying the certificates from the existing Sensor Proxy installation to the new server and linking the new Sensor Proxy to Tenable Vulnerability Management or Tenable Security Center.

Follow the steps in this topic to migrate Sensor Proxy to a new machine.

To migrate Sensor Proxy:

  1. Perform the following steps on your current Sensor Proxy machine:

    1. Back up the existing certificates by running the following command:

      Copy
      # tar -C /usr/local -cvzf sensorproxybackup.tgz etc/nginx/ssl/
    2. (Optional) Verify that the correct files have been archived by running the following command:

      Copy
      # tar -tvzf sensorproxybackup.tgz
      drwxr-xr-x root/root         0 2023-04-18 21:48 etc/nginx/ssl/
      -rw------- root/root      3247 2023-02-13 15:29 etc/nginx/ssl/ca.key
      -rw-rw-rw- root/root      2000 2023-02-13 15:29 etc/nginx/ssl/ca.pem
      -rw------- root/root      3243 2023-02-13 15:29 etc/nginx/ssl/cert.key
      -rw-rw-rw- root/root      1976 2023-02-13 15:29 etc/nginx/ssl/cert.pem
    3. Copy the backup archive to a safe location or to the new Sensor Proxy machine by running the following command:

      Copy
      # scp ~/sensorproxy.tgz <user>@<ip address>:
    4. Do one of the following:

      • If your sensors are linked via IP address:

        Decommission the existing Sensor Proxy. Once the existing Sensor Proxy machine is decommissioned, start the new Sensor Proxy machine with the same IP address as the previous Sensor Proxy machine. Step 2f is optional.

      • If your sensors are linked via hostname:

        Step 2f is required. Continue to step 2a.

  2. Perform the following steps on the new Sensor Proxy machine:

    1. (This step is not required if the system is a Tenable Core + Sensor Proxy system that already has Sensor Proxy installed and running.) Install the latest Sensor Proxy rpm from https://www.tenable.com/downloads/sensor-proxy by running one of the following commands:

      • EL8 and EL9

        Copy
        # dnf install SensorProxy-1.x.x-00.elx.x86_64.rpm
      • EL7

        Copy
        # yum install SensorProxy-1.x.x-00.elx.x86_64.rpm
    2. Copy the backup file to the new Sensor Proxy machine by running the following command:

      Copy
      # scp sensorproxy.tgz <user>@<ip address>:

      The new server must have the same IP as the old server if sensors are linked to Sensor Proxy using IP addresses.

    3. Extract the backup archive on the new machine by running the following command:

      Copy
      # tar xvzf sensorproxybackup.tgz -C /usr/local/
    4. Link Sensor Proxy to either Tenable Vulnerability Management or Tenable Security Center:
    5. Enable and start the Sensor Proxy service by running the following command:

      Copy
      # systemctl enable --now sensorproxy
    6. If your sensors are linked to Sensor Proxy using a hostname, change the DNS for the hostname. Sensors connect to the new Sensor Proxy machine as DNS changes propogate.

Sensors connect to the new Sensor Proxy instance as they check for jobs and updates.