How to move Symantec Endpoint Protection Manager from one machine to another

Article:TECH104389  |  Created: 2008-01-11  |  Updated: 2014-03-06  |  Article URL http://www.symantec.com/docs/TECH104389
Article Type
Technical Solution


Environment

Issue



There is a need to move Symantec Endpoint Protection Manager (SEPM) from the machine where it is currently installed (MACHINE_1) to another (MACHINE_2).


Environment



There are two different situations:

 (1) MACHINE_2 will have the same IP address and/or hostname as MACHINE_1

 (2) MACHINE_2 will have an IP address and hostname which are different from MACHINE_1


Solution



There are two solutions available, with their advantages and drawbacks:

 (A) Replication: this is a faster solution to implement. However, this solution will be appropriate for situation 2 only (see Environment section above).

 (B) Disaster Recovery: this solution is longer to implement but the new SEPM will be an exact copy of the current one. This solution will be appropriate for both situation 1 and 2 (see Environment section above).

 

IMPORTANT NOTE: SEPM installed on MACHINE_2 must be the same version as on MACHINE_1 (same release and same language)

 

1) MACHINE_2 will have at least either same IP or hostname as MACHINE_1

Disaster Recovery method

Follow "Best Practices for Disaster Recovery with Symantec Endpoint Protection" (see Related Articles below).

Symantec Endpoint Protection clients will be able to reach the new SEPM using either unchanged IP or hostname. Management server list will then be updated accordingly and sent automatically to clients.

 

2) MACHINE_2 will have both IP and hostname different from MACHINE_1

A) Replication method

  1. Install Symantec Endpoint Protection Manager on MACHINE_2
    NOTE: The version installed to the new server must be the same version as on the old server. The new management console can be migrated to a newer version once the transition is complete.
  2. In the Management Server Configuration Wizard panel, check Install an additional site, and then click Next
  3. In the Server Information panel, accept or change the default values for the following boxes, and then click Next
    • Server Name
    • Server Port
    • Server Data Folder
  4. In the Site Information panel, accept or change the name in the Site Name box, and then click Next
  5. In the Replication Information panel, type values in the following boxes:
    • Replication Server Name
      The Name or IP address of MACHINE_1
    • Replication Server Port
      The default is 8443.
    • Administrator Name
      The Username used to log on to the old console.
    • Password
      The password used to log on to the old console.
  6. Click Next
  7. In the Certificate Warning dialog box, click Yes
  8. In the Database Server Choice panel, do one of the following, and then click Next:
    Check Embedded database or Microsoft SQL server (whichever database type you'd prefer to install), then complete the installation.
  9. Log in to the new SEPM on MACHINE_2 and ensure that all the clients and policies have Migrated successfully.
  10. Click Policies > Policy Components > Management Server Lists > Add Management Server List
  11. Click Add> Priority and a new Priority would get added named as "Priority2"
  12. Add MACHINE_1 under Priority 2 and add MACHINE_2 under Priority 1, and assign this New Management Server List to all the groups.
  13. Wait at least one replication cycle.
  14. Stop the "Symantec Endpoint Protection Manager" and "Symantec Embedded Database" service on MACHINE_1 to verify whether all clients now report to the new SEPM on MACHINE_2
  15. Once verified that all the clients are reporting into the new SEPM, and have moved away from the old one, proceed to the next step.
  16. Delete the Replication Partner from MACHINE_2 SEPM: Click on the Admin button | Under View Servers, Expand Replication Partners and select the partner to delete | Under Tasks, choose Delete Replication Partner | Type Yes when asked to verify deletion of the replication partner.
  17. After the successful Migration, uninstall SEPM from MACHINE_1

  

B) Disaster Recovery method

  1. Follow "Best Practices for Disaster Recovery with Symantec Endpoint Protection" (see Related Articles below) to backup and reinstall SEPM on MACHINE_2
  2. Log in to the old SEPM on MACHINE_1
  3. Click Policies > Policy Components > Management Server Lists > Add Management Server List
  4. Click Add> Priority and a new Priority would get added named as "Priority2"
  5. Add MACHINE_1 under Priority 2 and add MACHINE_2 under Priority 1, and assign this New Management Server List to all the groups.
  6. Clients will then move from old SEPM to new one gradually
  7. Stop the "Symantec Endpoint Protection Manager" and "Symantec Embedded Database" service on MACHINE_1 to verify whether all client now report to the new SEPM on MACHINE_2
  8. Once verified that all the clients are reporting into the new SEPM, and have moved away from the old one, proceed to the next step.
  9. Uninstall SEPM from MACHINE_1



Legacy ID



2008031204405448


Article URL http://www.symantec.com/docs/TECH104389


Terms of use for this information are found in Legal Notices