Migrating to Symantec Endpoint Protection 11.0 RU5

Article:TECH95976  |  Created: 2009-01-03  |  Updated: 2010-08-12  |  Article URL http://www.symantec.com/docs/TECH95976
Article Type
Technical Solution


Environment

Issue



This document describes how to migrate to Symantec Endpoint Protection 11.0 Release Update 5 (RU5).


Solution




Note: This document refers to an older version of Symantec Endpoint Protection. For information on migrating to the current version of Symantec Endpoint Protection, see Migrating to Symantec Endpoint Protection 11.0 RU6.




Before you begin
This section gives the information that you need to know in order to plan for migration. This information includes supported migration paths and factors that can affect the success of the migration.


Note: This document is meant only for migrations in which a previous version of Symantec Endpoint Protection 11.0 exists on the network or on individual computers. If no previous versions of Symantec Endpoint Protection products are already installed, please read the installation guide.




Things to know to ensure a successful migration
The following is a list of critical information that you need to know in order for your migration to succeed.

    • If your site uses replication, you must disable replication before upgrading Symantec Endpoint Protection Manager. You must disable replication at each site that replicates.

Migration paths
Symantec Endpoint Protection 11.0.5002.333 (RU5) can migrate seamlessly over the following:

    • Symantec Endpoint Protection 11.0.780.1109/11.0.776.942 (RTM), 11.0.1000.1375 (MR1), 11.0.1006 (MR1 MP1), 11.0.2000.1567 (MR2), 11.0.2010.25 (MR2 MP1), 11.0.2020.56 (MR2 MP2), 11.0.3001.2224 (MR3), 11.0.4000.2295 (MR4), 11.0.4010.19 (MR4 MP1), 11.0.4014.26 (MR4 MP1a) and 11.0.4202.75 (MR4 MP2)
    • Symantec AntiVirus client and server 9.x and later
    • Symantec Client Security client and server 2.x and later.

For more information, see the Symantec Knowledge Base article Migration paths for Symantec Endpoint Protection 11.0.


Supported platforms
Supported platforms for Symantec Endpoint Protection 11.0.5002.333 (RU5) are listed in the "System requirements" section of the Installation Guide for Symantec Endpoint Protection and Symantec Network Access Control.

Downloading the Symantec Endpoint Protection 11.0.5002.333 RU5 Release Update



Migration overview
The following table gives an overview of the migration process for each component of Symantec Endpoint Protection:

Component Migration overview
Symantec Endpoint
Protection Manager
When you migrate a server, the installation automatically detects and configures it appropriately.

You do not need to uninstall management servers before you install the new version. The overinstall process saves legacy settings, and then upgrades to the latest version.
Symantec Endpoint Protection
Clients
When you migrate a client, the overinstall automatically detects the client, and migrates and installs it appropriately. You do not need to uninstall existing clients before you install the new version.




Overview of the migration process
Migration to the current version of Symantec Endpoint Protection includes the following steps in order:

  • Create a migration plan
    Before you begin to install the Symantec Endpoint client, manager, and any administration upgrades, you should have a solid understanding of your network topology and a streamlined plan to maximize the protection of the resources on your network during the upgrade. Symantec strongly recommends that you migrate the entire network to the current version rather than managing multiple versions of Symantec Endpoint Protection.
  • Backup up the database
    Before you upgrade, you should back up the database.
  • Disable replication
    If your site uses replication, you must disable replication before upgrading Symantec Endpoint Protection Manager. You must disable replication at each site that replicates.
  • Stop the Symantec Endpoint Protection Manager service
    Before you upgrade, you must manually stop the Symantec Endpoint Protection Manager service on every management server in your site. After you upgrade, the service is started automatically.
    WARNING: You must stop the Symantec Endpoint Protection Manager service before you perform this procedure or you will corrupt your existing installation of Symantec Endpoint Protection Manager.
  • Upgrade the Symantec Endpoint Protection Manager
    You do not need to uninstall management servers before you install the new version. The overinstall process saves legacy settings, and then upgrades to the latest version.
  • Enabling replication after migration
    After you migrate all servers that used replication including the servers that were configured for failover and load balancing, you need to re-enable replication. After migration, you add a replication partner to enable replication. You only need to add replication partners on the computer on which you first installed the management server. Replication partners automatically appear on the other management servers.
  • Upgrade the Symantec Endpoint Protection Clients
    You do not need to uninstall previous clients before you install the new version. The overinstall process saves legacy settings, and then upgrades to the latest version.

    Please be aware of the following known issue when upgrading clients to RU5.


Title: 'Two entries for Symantec Endpoint Protection appear in Add or Remove Programs after migrating to RU5'
Document ID: 2009092812295448
> Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2009092812295448?Open&seg=ent


Backing up the database
Before you upgrade, you should back up the database.

    To back up the database
    1. Click Start > Programs > Symantec Endpoint Protection Manager > Database Back Up and Restore.
    2. In the Database Backup and Restore dialog box, click Back Up.
    3. When asked "Are you sure you want to back up the database?" click Yes.
    4. When you see the message "The database has been backed up successfully," click OK.
    5. In the Database Backup and Restore dialog box, click Exit.


Disabling replication
If your environment utilizes replication, you must disable replication on all sites prior to upgrading the Symantec Endpoint Protection Manager. You must not re-enable replication between sites until they are running the same version of the software.

    To disable replication
    1. Log-on to the Symantec Endpoint Protection Manager Console.
    2. Click the Admin tab, then click the blue Servers tab at the bottom of the pane
    3. On the Servers tab, in the left pane, expand Local Site, and then expand Replication Partners.
    4. For each site that is listed under Replication Partners, right-click the site, and then click Delete.
    5. In the Delete Partner prompt, click Yes.
    6. Log-off the console, and repeat this procedure at all sites that replicate data.

Stopping the Symantec Endpoint Protection Manager service
Before you upgrade, you must manually stop the Symantec Endpoint Protection Manager service on every management server in your site. After you upgrade, the service is started automatically.


WARNING: You must stop the Symantec Endpoint Protection Manager service before you perform this procedure or you will corrupt your existing installation of Symantec Endpoint Protection Manager.


    To stop the Symantec Endpoint Protection service
    1. Click Start > Settings > Control Panel > Administrative Tools.
    2. Double Click Services to launch the Services MMC snap-in.
    3. In the Services window, under Name, scroll to and right-click Symantec Endpoint Protection Manager.
    4. Click Stop.
    5. Close the Services window.
      • Warning: Close the Services window or your upgrade may fail.
    6. Repeat this procedure for all Symantec Endpoint Protection Managers.

Upgrading the Symantec Endpoint Protection Manager
You must upgrade all Symantec Endpoint Protection Managers on which you stopped the Symantec Endpoint Protection service.

    To upgrade Symantec Endpoint Protection Manager
    1. Download and unzip the Release Update (RU).
    2. Browse to the location where you unzipped the Release Update.
    3. Double Click on setup.exe to start the installation.
    4. In the Symantec Endpoint Protection panel, click Install Symantec Endpoint Protection Manager.
    5. In the Install Wizard Welcome panel, click Next.
    6. At the License Agreement panel, select "I accept..." then click Next
    7. At the Ready to install the Program panel, click Install.
    8. In the Install Wizard Completed panel, click Finish.
    9. In the Upgrade Wizard Welcome panel, click Next.
    10. In the Information panel, click Continue.
    11. When the Upgrade completes, click Next.
    12. In the Upgrade Succeeded panel, click Finish.

    Repeat the above steps on all other Symantec Endpoint Protection Managers on which you stopped the Symantec Endpoint Protection Manager service.

Enabling replication after migration
After you migrate all servers that used replication including the servers that were configured for failover and load balancing, you need to re-enable replication. After migration, you add a replication partner to enable replication. You only need to add replication partners on the computer on which you first installed the management server. Replication partners automatically appear on the other management servers.

    To enable replication after migration
    1. Log-on to the Symantec Policy Management Console if you are not logged on.
    2. Click the Admin tab, then click the blue Servers tab at the bottom of the pane.
    3. On the Servers tab, in the left pane, expand Local Site, and then click Add Replication Partner.
    4. In the Add Replication Partner panel, click Next.
    5. In the Remote Site Information panel, enter the identifying information about the replication partner, enter the authentication information, and then click Next.
    6. In the Schedule Replication panel, set the schedule for when replication occurs automatically, and then click Next.
    7. In the Replication of Log Files and Client Packages panel, check the items to replicate, and then click Next.
      (Replicating packages generally involves large amounts of traffic and storage requirements.)
    8. To complete the Add Replication Partner Wizard panel, click Finish.
    9. Repeat this procedure for all computers that replicate data with this computer.

Upgrading the Symantec Endpoint Protection clients
The easiest way to migrate Symantec Endpoint Protection clients is by using the auto-upgrade feature. All other client software deployment methods are supported, but the auto-upgrade approach is the easiest way. The client migration installation can take up to 30 minutes. It is recommended to migrate when most users are not logged on to their computers.

    Please be aware of the following known issue when upgrading clients to RU5.


Title: 'Two entries for Symantec Endpoint Protection appear in Add or Remove Programs after migrating to RU5'
Document ID: 2009092812295448
> Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2009092812295448?Open&seg=ent


Note: Test this migration approach before rolling out migration to a large number of computers. Create a new group and place a small number of client computers in that group for testing purposes.


    To migrate client software
    1. Log-on to the newly migrated Symantec Endpoint Protection Manager Console if you are not logged on.
    2. Click Admin > Install Packages.
    3. In the lower-left pane, under Tasks, click Upgrade Groups with Package.
    4. In the Welcome to the Upgrade Groups Wizard panel, click Next.
    5. In the Select Client Install Package panel, all existing client packages are listed in the drop down box. Select one of the following:
      • Symantec Endpoint Protection <appropriate version>.
      • Symantec Network Access Control <appropriate version>.
    6. Click Next.
    7. In the Specify Groups panel, check one or more groups that contain the client computers to be migrated, then click Next.
    8. In the Package Upgrade Settings panel, check Download client from the management server.
    9. Click Upgrade Settings.
    10. In the Add Client Install Package dialog box, on the General tab, specify whether or not to keep existing client features or specify new ones, then configure a schedule for when to migrate the client computers. Under the Notification tab, specify a message to display to users during the migration.
      • If the clients in the group run a version of Symantec Endpoint Protection previous to MR2, turn off scheduling. Scheduling is on by default when a new client install package is added to a group. If scheduling is turned on, the upgrade fails. To turn off scheduling, in the Add Client Install Package dialog box, uncheck Upgrade Schedule.
    11. For details about settings on these tabs, click Help.
    12. Click OK.
    13. In the Upgrade Groups Wizard dialog box, click Next.
    14. In the Upgrade Groups Wizard Complete panel, click Finish.


    NOTE:Client computers that take a long time to automatically upgrade to Release Update

5 may need to be restarted. This occurs on client computers that run Windows
Vista or Windows Server 2008.


References
Creating new Client Installation packages in the Symantec Endpoint Protection Manager Console

Release notes for Symantec Client Security 3.1.x and Symantec AntiVirus 10.1.x



Legacy ID



2009090313483348


Article URL http://www.symantec.com/docs/TECH95976


Terms of use for this information are found in Legal Notices