Migrating to Symantec Endpoint Protection 11.0 MR2 MP1

Article:TECH105073  |  Created: 2008-01-05  |  Updated: 2010-08-13  |  Article URL http://www.symantec.com/docs/TECH105073
Article Type
Technical Solution


Environment

Issue



How to migrate to Symantec Endpoint Protection 11.0 MR2 MP1


Solution



Before you begin
This section gives the information that you need to know to plan the migration. This information includes the supported migration paths, and factors that can affect the success of the migration.


Note:
This document is meant only for migrations in which a previous version of Symantec Endpoint Protection 11.0 exists on the network or on individual computers. If no previous versions of Symantec Endpoint Protection products are already installed, read the installation guide.




Things to know to ensure a successful migration
The following is a list of critical information that you need to know in order for your migration to succeed.

    • Symantec recommends that you back up the database before upgrading. For instructions, read: "Best Practices for Disaster Recovery with Symantec Endpoint Protection" at:
      http://service1.symantec.com/support/ent-security.nsf/docid/2007082112135948
    • If your site uses replication then you must disable the replication before upgrading the Symantec Endpoint Protection Manager. You must disable the replication at each site that replicates.


Migration paths
This section lists the platforms that are supported during migration to the current version of Symantec Endpoint Protection.

Supported platforms
Symantec Endpoint Protection MR2 MP1 can migrate seamlessly over the Symantec Endpoint Protection 11.0.2000 (MR2) only.

Downloading the Maintenance Release

    • The installation package to upgrade the Symantec Endpoint Protection 11.x Manager is available from the Symantec File Connect site at:
    https://fileconnect.symantec.com/



Migration overview
The following table gives an overview of the migration process for each component of Symantec Endpoint Protection:

Component Migration overview
Symantec Endpoint
Protection Manager
When you migrate a server, the installation automatically detects and configures it appropriately.

You do not need to uninstall the management servers before you install the new version. The over-install process will save the legacy settings, and then upgrade to the latest version.
Symantec Endpoint
Clients
When you migrate a client, the over-install automatically detects the client, migrates and installs it appropriately. You do not need to uninstall existing clients before you install the new version.




Overview of the migration process
Migration to the current version of Symantec Endpoint Protection includes the following steps:

  • Create a migration plan
    Before you begin to install the Symantec Endpoint Protection Manager client and any administrative upgrades, you should have a solid understanding of your network topology and a streamlined plan to maximize the protection of the resources on your network during the upgrade. Symantec strongly recommends that you migrate the entire network to the current version rather than managing multiple versions of the Symantec Endpoint Protection.
  • Back up the database
    Back up the database before upgrading.
  • Disable replication
    If your site uses replication, you must disable the replication before upgrading the Symantec Endpoint Protection Manager. You must disable replication at each site that replicates.
  • Stop the Symantec Endpoint Protection Manager service
    Before you upgrade, you must manually stop the Symantec Endpoint Protection Manager service on every management server in your site. After the upgrade is complete, the service is started automatically.
    Warning: You must stop the Symantec Endpoint Protection Manager service before you perform this procedure or you will corrupt your existing installation of the Symantec Endpoint Protection Manager.
  • Upgrade the Symantec Endpoint Protection Manager
    You do not need to uninstall management servers before you install the new version. The over-install process saves legacy settings and upgrades to the latest version.
  • Enabling replication after migration
    After migration, all servers that used replication including the servers that were configured for failover and load balancing will need to have the replication enabled. After migration, you add a replication partner to enable replication. You only need to add replication partners on the computer on which you first installed the management server. Replication partners automatically appear on the other management servers.
  • Upgrade the Symantec Endpoint Protection Clients
    You do not need to uninstall previous clients before you install the new version. The over-install process saves legacy settings and upgrades to the latest version.

Backing up the database
Back up the database before you upgrade.

    To back up the database
    1. Click Start> Programs> Symantec Endpoint Protection Manager> Database Back Up and Restore.
    2. In the "Database Backup and Restore" dialog box, click Back Up.
    3. When asked "Are you sure you want to back up the database?" click Yes.
    4. When you see the message "The database has been backed up successfully," click OK.
    5. In the "Database Backup and Restore" dialog box, click Exit.


Disabling replication
If your site uses replication, you must disable the replication before upgrading the Symantec Endpoint Protection Manager. You must disable replication at each site that replicates.

    To disable replication
    1. Logon to the Symantec Endpoint Protection Manager Console.
    2. Click Admin> Servers at the bottoms of the pane
    3. On the "Servers" tab, expand Local Site> Replication Partners.
    4. For each site that is listed under "Replication Partners", right-click the site, and then click Delete.
    5. In the "Delete Partner" prompt, click Yes.
    6. Logoff the console, and repeat this procedure at all sites that replicate data.


Stopping the Symantec Endpoint Protection Manager service
Before you upgrade, you must manually stop the Symantec Endpoint Protection Manager service on every management server in your site. After you upgrade, the service is started automatically.


WARNING: You must stop the Symantec Endpoint Protection Manager service before you perform this procedure or you will corrupt your existing installation of Symantec Endpoint Protection Manager.


    To stop the Symantec Endpoint Protection service
    1. Click Start > Settings > Control Panel > Administrative Tools
    2. Double-click Services to launch the Services MMC snap-in.
    3. In the Services window, under Name, scroll to and right-click Symantec Endpoint Protection Manager.
    4. Click Stop.
    5. Close the "Services" window.
      Warning: Close the "Services" window or your upgrade may fail.
    6. Repeat this procedure for all of the Symantec Endpoint Protection Managers.

Upgrading the Symantec Endpoint Protection Manager
You must upgrade all of the Symantec Endpoint Protection Managers on which you stopped the Symantec Endpoint Protection service.

    To upgrade Symantec Endpoint Protection Manager
    1. Download and unzip the maintenance patch.
    2. Browse to the location where you unzipped the maintenance patch.
    3. Double-click on setup.exe to start the installation.
    4. In the "Symantec Endpoint Protection" panel, click Install Symantec Endpoint Protection Manager.
    5. In the "Install Wizard Welcome" panel, click Next.
    6. At the "License Agreement" panel, select "I accept..." and click Next
    7. At the "Ready to install the Program" panel, click Install
    8. In the "Install Wizard Completed" panel, click Finish.
    9. In the "Upgrade Wizard Welcome" panel, click Next.
    10. In the "Information" panel, click Continue.
    11. When the Upgrade completes, click Next.
    12. In the "Upgrade Succeeded" panel, click Finish.
    13. Repeat the above steps on all other Symantec Endpoint Protection Managers on which you stopped the Symantec Endpoint Protection Manager service.


Enabling replication after migration
After you migrate all servers that used replication including the servers that were configured for failover and load balancing, you need to enable replication. After migration, add a replication partner to enable replication. You only need to add replication partners on the computer on which you first installed the management server. Replication partners automatically appear on the other management servers.

    To enable replication after migration
    1. Logon to the Symantec Policy Management Console if you are not logged on.
    2. Click Admin> Servers, at the bottom of the pane
    3. On the "Servers" tab, expand Local Site, and then click Add Replication Partner.
    4. In the "Add Replication Partner" panel, click Next.
    5. In the "Remote Site Information" panel, enter the identifying information about the replication partner, enter the authentication information, and click Next.
    6. In the "Schedule Replication" panel, set the schedule for when the replication occurs automatically, and click Next.
    7. In the "Replication of Log Files and Client Packages" panel, check the items to replicate, and click Next.
      Note: Replicating packages generally involves large amounts of traffic and storage requirements.
    8. In the "Completing the Add Replication Partner Wizard" panel, click Finish.
    9. Repeat this procedure for all computers that replicate data with this computer.


Upgrading the Symantec Endpoint Protection clients
The easiest way to migrate Symantec Endpoint Protection clients is by using the "Auto-upgrade" feature. All other client software deployment methods are supported, but the
Auto-upgrade" approach is the easiest. The client migration installation can take up to 30 minutes. Therefore, you should migrate when most users are not logged on to their computers.


Note: Test this migration approach before rolling out migration to a large number of computers. You can create a new group and place a small number of client computers in that group.



    To migrate client software
    1. Logon to the newly migrated Symantec Endpoint Protection Manager Console if you are not already logged on.
    2. Click Admin> Install Packages.
    3. Under "Tasks", click Upgrade Groups with Package.
    4. In the "Welcome to the Upgrade Groups Wizard" panel, click Next.
    5. In the "Select Client Install Package" panel, all existing client packages are listed in the drop-down box. Select one of the following:
      • Symantec Endpoint Protection <appropriate version>.
      • Symantec Network Access Control <appropriate version>.

    6. Click Next.
    7. In the "Specify Groups" panel, check one or more groups that contains the client computers that you want to migrate and click Next.
    8. In the "Package Upgrade Settings" panel, check Download client from the management server.
    9. Click Upgrade Settings.
    10. In the "Add Client Install Package" dialog box, on the "General" tab, specify whether or not you want to keep existing client features or specify new ones, then configure a schedule for when to migrate the client computers.
    11. Under the "Notification" tab, you can specify a message to display to users during the migration.
    12. When you upgrade clients to Maintenance Release 2 by adding a new client install package to a group and the clients in the group run a previous version of Symantec Endpoint Protection, you should turn off scheduling. Scheduling is on by default when you add a new client install package to a group. If scheduling is turned on, the upgrade fails. To turn off scheduling, in the "Add Client Install Package" dialog box, uncheck Upgrade Schedule.
    13. For details about settings on these tabs, click Help.
    14. Click OK.
    15. In the "Upgrade Groups Wizard" dialog box, click Next.
    16. In the "Upgrade Groups Wizard Complete" panel, click Finish.



References
"Creating new Client Installation packages in the Symantec Endpoint Protection Manager Console" at:

http://service1.symantec.com/support/ent-security.nsf/docid/2007072016360948

This document is available in the following languages:




Legacy ID



2008060506270548


Article URL http://www.symantec.com/docs/TECH105073


Terms of use for this information are found in Legal Notices