Best Practice for upgrading to Symantec Endpoint Encryption Management Server 8.x

Article:TECH164395  |  Created: 2011-07-12  |  Updated: 2011-08-31  |  Article URL http://www.symantec.com/docs/TECH164395
Article Type
Technical Solution

Product(s)

Issue



You wish to know the best course of action to take to upgrade your Symantec Endpoint Encryption Management Server to version 8.x from an earlier version of SEEMS or GEMS.


Environment



This article applies to all version of SEEMS 7.x and GEMS 9.x. Prior versions cannot be upgraded directly.


Solution



This article is intended as a brief overview. For more detailed instructions, please consult the Installation Guide provided with the software.

In general the upgrade process is unchanged. However there is a significant change to be aware of that will be an impact on any upgrade strategy:

The hashing function that applies to the Management Password and functions stored in the database has been upgraded from SHA1 to SHA2 64-byte as of SEE 8.0. Occasional issues have been seen when performing management operations, specifically the extraction of DAT files and operation of the OTP mechanism, on managed client machines running GEHD 9.X or SEE 7.x. This problem will not be encountered on clients that have been upgraded. 

For that reason, it is advised to upgrade all clients to SEE 8.x as soon as possible after upgrading the server in order to be sure to avoid problems running these functions on clients running older versions of the product. The procedure is as follows:

  1. Upgrade the Management Server by doubling clicking the Management Server installer.
  2. Upgrade the Framework: msiexec /i <package> REINSTALL="All" REINSTALLMODE="vomus"
  3. Upgrade Full Disk (if using): msiexec /i <package> REINSTALL="All" REINSTALLMODE="vomus"
  4. Upgrade Removable Storage (if using): msiexec /i <package> REINSTALL="All" REINSTALLMODE="vomus"
  5. At this stage, all clients will still be ruinning the previous version, and Management Functions will not be available.
  6. Generate the new client packages.
  7. Deploy new client packages.
  8. As soon as the upgraded clients check in with the server, the management functions should become available once again.



Article URL http://www.symantec.com/docs/TECH164395


Terms of use for this information are found in Legal Notices