Migrating Client Security topologies

Applies To: Forefront Client Security

After you deploy Client Security to your organization, it may become necessary to change the deployed topology or to move components from one computer to another. This is called migrating the Client Security components. Migration could be necessary for performance reasons or to recover from a hardware failure.

The migration to a new Client Security topology involves installing the required Client Security components on the target server, transferring data stored on the source server to the target server, and then removing the Client Security components from the source server.

Prior to beginning the migration process, you must choose your target topology. For more information about Client Security topologies, see Choosing your topology in the Planning and Architecture Guide (http://go.microsoft.com/fwlink/?LinkId=91871).

If the migration to your new topology requires that more than one Client Security component is migrated, the components must be migrated in the following order:

  1. Collection database component

  2. Collection server component

  3. Reporting database component

  4. Reporting server component

  5. Distribution server component

  6. Management server component

For example, if migrating from a two-server topology to a four-server topology, you need to migrate the collection server, collection database, reporting server, and reporting database components. The correct order for this migration would be to migrate the collection database component first, followed in order by the collection server, the reporting database, and finally the reporting server.

Client Security supports migration from smaller topologies to larger topologies; migrating from a larger topology to a smaller topology is not supported and requires re-installing Client Security.


Changing the installation language of Client Security during migration is not supported. To change the installation language of Client Security, you must uninstall Client Security and re-install it in the chosen language.

You must identify the Client Security components installed on each source server before beginning the migration. Additionally, you should prepare the target servers with the appropriate prerequisites prior to beginning the migration process. For more information, see Verifying your system requirements.


You must install the same edition and version of prerequisite software on the target servers that is installed on the source servers.


Before you begin the migration procedures, it is highly recommended that you back up all non–Client Security data on all Client Security servers affected by this migration.

Determining your migration path

When determining which Client Security components to migrate, you must first determine your source topology and your target topology. Then you must determine which Client Security components you are migrating from the source servers, as well as the target servers for these components in the target topology.


When you select or configure target computers for the migration, it is very important to consider the system requirements and recommendations for each Client Security component. Do not migrate Client Security components to computers that do not satisfy the hardware recommendations for the combinations of components to be installed.

Consider, for example, a single-server topology.

Client Security Single-server topology

When you migrate this topology to a three-server topology, the following occurs:

  • The distribution server component is migrated to its own server.

  • The reporting database component is migrated to its own server.

Client Security Three-server topology

The remaining components stay on the third, original server. Thus you migrate two components when migrating to a three-server topology.

Migration checklist

To facilitate the migration process, it is highly recommended that you collect information about your current topology and the target topology. This includes information about service accounts used by Client Security.

The following is a table to record information prior to beginning the migration

Component Source server Target server

Collection database



Collection server



Reporting database



Reporting server



Distribution server



Management server



Management group name



Additionally, the steps for migrating each component include instructions to retrieve the account names for Client Security accounts. The following table provides a location to record these.

Account Account name

DAS account


DTS account


MOM action account


Reporting account