Search

GlobalSCAPE Knowledge Base

Upgrading Secure FTP Server v3.3 to EFT Server v6.x

Karla Marsh
EFT

THE INFORMATION IN THIS ARTICLE APPLIES TO:

  • Upgrading Secure FTP Server version 3.3.10 to EFT Server (SMB) version 6.2.31

**Secure FTP Server is no longer a supported product, and is not compatible with Windows 2008 or later.

Also refer to article #10359, Moving Secure FTP Server from One Computer to Another Computer.

Refer to https://kb.globalscape.com/KnowledgebaseArticle11307.aspx for the procedure for updating a Secure FTP Server ODBC database to work with EFT v6 or v7.

Note: If you are running a version of Secure FTP Server version 3 earlier than v3.3.10, you must first upgrade to v3.3.10 before upgrading to EFT Server. EFT Server 6.x.x installer is expecting Secure FTP Server to be version 3.3.10. For this reason we strongly recommend that you upgrade to Secure FTP Server 3.3.10, if you are not already on that version. You can download Secure FTP Server v3.3.10 at ftp://ftp.globalscape.com/pub/gsftps/archive/gsftps33.exe. Refer to the procedure at the bottom of this article for details of upgrading Secure FTP Server.

DISCUSSION

The process for migrating a Secure FTP Server 3.3.10 configuration to a new server running EFT Server 6, which includes all Event Rules, user accounts, keys, etc., is straight forward and should only take about 20 to 45 minutes. (It is not necessary for EFT Server to have been installed on the old server; EFT Server v6 will properly convert the files for Secure FTP Server 3.3.10 **. Nor is it necessary for the OS to be the same version on the new server as on the old server; the new installation of EFT Server will correctly conform itself to the new server OS.) While it used to be possible to do a migrating upgrade from Secure FTP Server 3.3.10 directly to the latest version of EFT Server 6, and this process continues to be successful in some situations, there have been sufficient problems caused by this extreme jump that we now strongly recommend performing a stepping upgrade through EFT Server 6.2.31. To obtain the installer for EFT Server 6.2.31, browse to the Replacement Software Downloads page [https://www.globalscape.com/support/reg.aspx] of our website. Once the installer is downloaded, use the migration guide below to move the Secure FTP Server 3.3.10 configuration to the new server running a straight installation of EFT Server 6.2.31. After verifying that the configuration is working properly for EFT Server 6.2.31, please use the upgrade instructions to upgrade to EFT Server 6.4.x; then you can upgrade to v6.5 or later. (Upgrades are supported only within 2 version numbers.)

Please note that per Globalscape policy for liability reasons, Support does not upgrade or migrate the servers of our clients, but provides instructions or guidance for accomplishing the process. While Support does not upgrade or migrate servers for our clients, it is possible to acquire an upgrade package from our Professional Services team to have them personally handle the process.

Migration from Secure FTP Server 3.3.10 to EFT Server 6.2.31

Prepare:

  1. Ensure that EFT Server 6 is compatible the system requirements. (Remember, you can only upgrade Secure FTP Server to EFT v6.2.31. After installing v6.2.31, you can upgrade to v6.4. Upgrades are supported only within 2 version numbers.)

  2. Request and receive a new EFT Server 6 licenses (if you have a Secure FTP Server or EFT Server 4 or 5 serial numbers) and a new DMZ 3 licenses (if you have a DMZ Gateway 1 or 2 serial number) from your account representative.

  3. Download EFT Server 6.2.31 from https://www.globalscape.com/support/reg.aspx, making certain to specify correctly the installer that corresponds with the EFT Server license. (You must have the EFT Server (SMB) installer for an EFT Server (SMB) serial number and the EFT Server Enterprise installer for the EFT Server Enterprise serial number].

  4. Ensure that the account used to log in to Secure FTP Server 3 is a unique account within Secure FTP Server (this is critical) and not a local server or domain account. During the upgrade process, all local server or domain accounts will be locked out of EFT Server unless you own the High Security Module (HSM); use this article if you need assistance changing it: https://help.globalscape.com/help/archive/secureserver3/Change_global_administration_password.htm.

  5. Stop the Secure FTP Server 3 service to ensure all settings are preserved; once the ftp://ftp.cfg/ copy is complete, the service can be restarted.

  6. Create a migration folder on the new server and add the appropriate application data files from C:\Program Files\GlobalSCAPE\Secure FTP Server:

    • FTP.cfg and FTP.bak

    • *.aud

    • All pgp keys (*.skr, *.pkr)

    • All SSL certificate files (*.cer, *crt)

    • All SSH key files (*.pvk, *.pub)

    • Any scripts or .bat files

    • Any custom reports

  7. Ensure that the Secure FTP Server 3.3.10 site data folders are copied to the new server (default location is C:\inetpub\EFTRoot) using the exact same folder structure as exists on the old one (e.g., if it is D:\EFTRoot on the old server, make certain it is D:\EFTRoot on the new server). Otherwise, it will be necessary to point each Site to the correct location and potentially set the folder permissions. [Instructions for moving the Site Root can be provided upon request.]

Migrate:

  1. Use the installer to install only EFT Server, without the ARM Database module, on the new server (clear the check box to start the service) [Installing EFT:
    https://help.globalscape.com/help/archive/eft6-2/mergedprojects/eft/installingserveradministratormodules.htm]

  2. Add the EFT Server service account to run the EFT Server service. [Our best practice is to have a windows or domain account that starts the windows service (services.msc) for the EFT Server.]

  3. Ensure that the EFT Server service account has full rights to the application data directory and the Site data directory.

  4. Copy the application data files from the migration folder to the correct places, overwriting any files, as needed. If the EFT Server was installed to the default location, copy the files to this folder:

    Windows Server 2003: C:\Documents and Settings\All Users\Application Data\GlobalSCAPE\EFT Server

    Windows Server 2008: C:\ProgramData\GlobalSCAPE\EFT Server

  5. Start the EFT Server service and log in to the administration interface.

  6. Register EFT Server and all modules, including the DMZ Gateway 3 serial number.

  7. On the Server's (Local Host) Administration tab:

    • Set the Listening IP address correctly

    • Click the Configure button for the Require SSL for remote administration and point to the SSL certificate.

  8. On the Server's Security tab:

    • Set the Allowed SSL versions to Defined and clear the SSL 2.0 option. [This protocol is no longer secure.]

    • In the Allowed ciphers field, move RC4 128 bit cipher up to first in the Priority list. [This works around the SSL Beast exploit.]

  9. On the Server's Logs tab, point Folder in which to save log files to the correct directory path. [This typically consists of pointing to the new Logs folder in the application data directory, such as C:\ProgramData\GlobalSCAPE\EFT Server.]

  10. On each Site's Connections tab:

    • Set the Listening IP address correctly

    • Click SFTP Config and specify the SFTP private key location.

    • Click Configure for SSL Certificate settings and specify the Certificate and Private key locations.

  11. On each Site's Security tab:

    • Click Configure for Invalid login options, and set Ban IP address after to 12. [This eliminates the ability of end users to get themselves banned but does not compromise security against attackers.]

    • Click Count both ‘incorrect username’ and ‘correct username + incorrect password'. [This provides stronger security against attackers.]

  12. Verify that the Site is working properly by testing connections, Event Rules, and reports.

Upgrading EFT Server 6.2.31 to v6.3.x or 6.4.x

Prepare for upgrade:

[**Please note that the installer for EFT Server or EFT Server Enterprise with the SQL Server Express for ARM database is only needed for the first time the ARM module is installed and then only if the free SQL Server Express 2008 is to be used instead of a full licensed version of SQL Server. Following the initial installation this larger installer will not be needed as both versions will successfully setup and/or upgrade the ARM module.]

  1. Download EFT Server [and the DMZ Gateway module if needed] from one of the following:

  2. Stop the EFT Server service (this must be done to ensure all settings are preserved; once the ftp://ftp.cfg/ copy is complete, the service can be restarted).

  3. Create a backup of the EFT Server application configuration:

  4. Create a backup of the registry.

Upgrade:

  1. Use the new EFT Server installer to upgrade EFT Server 6.2.31 and, if using ARM, install/update the database. Before clicking finish, clear the Start the Server service check box.

  2. Add/verify that an EFT Server Service account is set to run the EFT Server Service. [Our best practice is to have a Windows or domain account that starts the Windows service (services.msc) for EFT Server.] Ensure that the EFT Service account has full rights to the application data directory and the Site data directory.

  3. Start the EFT Server service.

  4. If you use or will be using the Secure Ad Hoc Transfer (SAT) Module or DMZ Gateway Module, use the corresponding installers and the following instructions to install or upgrade.

  5.  Verify that the EFT Server Sites are working properly by testing connections, Event Rules, and reports

    • For EFT Server Enterprise 6.3.x and later, all Event Rule syntax is strictly enforced; entries in EFT Server Enterprise 6.2 for Events Rules where the Source or Destination virtual paths worked without a “/” at the beginning will fail. Instead each virtual path must look like this /rootfolder/ or this /rootfolder/subfolder/.

    • Additionally, in EFT Server Enterprise 6.4.x and later, all outbound connection Event Rules use the IP address specified in the Event Rule. (Refer to https://help.globalscape.com/help/archive/eft6-4/mergedprojects/eft/copy_move_file_to_host_action_help.htm item 15b.)

    • For EFT Server 6.3.x and later, all rebranding done in prior versions will not work with the newer versions it will be necessary to brand the WTC, PTC, etc. using the new rebranding instructions.

You can now upgrade to EFT v6.5 or later.

Rollback:

  1. Uninstall the newer EFT Server version.

  2. If nothing else changed between the newer EFT Server install and rollback process, restore the registry.

  3. Install the previous EFT Server version, skipping the ARM portion. (Before clicking finish, clear the Start the service check box.)

  4. If the Auditing and Reporting Module (ARM) was active, restore the ARM Database. (The reports will not function until the restore is complete.)

  5. Verify that the EFT Server Sites are working properly by testing connections, Event Rules, and reports.

Upgrading Secure FTP Server v3.x to v3.3.10

Prepare:   

  1. Create a backup of the Secure FTP Server 3.x.x application configuration: (Windows 2003) C:\Program Files\GlobalSCAPE\Secure FTP Server.
  2. Copy the following items to a backup folder: ftp.cfg, ftp.bak, and *.aud
  3. Create a backup of the registry.
  4. If the Auditing and Reporting Module (ARM) is active, create a back-up of the database.

Upgrade:

  1. Download Secure FTP Server 3.3.10: ftp://ftp.globalscape.com/pub/gsftps/archive/gsftps33.exe.
  2. Use the Secure FTP Server 3.3.10 installer to upgrade Secure FTP Server. [https://help.globalscape.com/help/archive/secureserver3/Upgrading_the_Software.htm]
  3. Add the Secure FTP Server Service account to run the Secure FTP Server Service.
  4. Ensure that the Secure FTP Server Service account has full rights to the application data directory and the Site data directory.
  5. Start the Secure FTP Server service.
  6. Verify that the EFT Server Sites are working properly by testing connections, Event Rules, and reports.

Rollback:

  1. Stop the Secure FTP Server service.
  2. Paste the backed up Secure FTP Server folder over the new installation (default=C:\Program Files\GlobalSCAPE\Secure FTP\).
  3. Start the Secure FTP Service.
  4. Verify that the Secure FTP sites are working properly by testing connections, Event Rules, and reports
Details
Last Modified: 6 Years Ago
Last Modified By: kmarsh
Type: HOWTO
Rated 2 stars based on 7 votes.
Article has been viewed 88K times.
Options
Also In This Category
Tags