As a customer using Notification Server 6, we recently performed a migration to Notification Server (NS) 7 / Symantec Management Platform (SMP) / Client Management Suite (CMS). The need to move to NS 7 from NS 6 was driven by several new features in the Client Management Suite 7. These features include Software Management Solution and its ability to deploy software packages based on dependencies and allow remediation, better Windows 7 support, and patch management support for Adobe.
Our managed environment encompasses a little over 2000 nodes spread across 15-20 physical sites. Three of these sites have a data center where the package servers are located. Of the 2000 nodes, roughly 10-15% are remote and do not connect on a frequent basis. With NS 6, our primary usage related to software and hardware inventory/reporting and software delivery.
We also have one Deployment Solution 6.9 sp4 with the same 2000+ nodes connected. While we did not make the move to DS 7, our DS 6.9 implementation played a large role in the migration of agents to the new NS 7 server.
Migration Method
The amount of data/items that needed to be migrated was very limited. No policies, collections, inventory, events, or customizations data from NS 6 was migrated to the new NS7 database. The main reason for not moving the data from NS 6 was that the server would be (and still is) in operation for at least several months until all the managed computers have been successfully migrated to the new NS 7 server.
This method has the following pros/cons:
- Allows a phased migration of the client computers
- Allows more control over what you move and when
- Provides less risk of downtime for the client machines.
- Requires an additional server OS and SQL license to be purchased
- Duplicates some effort managing both NS servers (although the NS 6 server was touched only lightly throughout the transition)
- Provides a historical record of you configuration settings and data saved on NS 6 that can be usefully when configuring the NS7 server
Migration Steps
Since we were not moving any of the data over from NS 6, the following migration steps are pretty straight forward:
- Installed a new Symantec Management Platform (SMP or NS7 sp5) server and installed Client Management Suite (CMS SP2 MR2).
- Installed and configured basic NS 7 server
- SQL database is off box
- Migrated the three current Package Servers to be Site Servers in NS7
- Targeted each Package Server individually and removed the Altiris Agent and installed the NS7 agent.
aexagentutil.exe" /clean
\\SERVER\d$\Program Files\Altiris\Notification Server\NSCap\bin\Win32\X86\NS Client Package\AeXNSC.exe" -s -a /ns="servername.domain.com" NOSTARTMENU NOTRAYICON /s
- Waited for confirmation that agent registers with the NS.
- Imported the Sites and Subnets from Active Directory into the Symantec_CMDB using the Active Directory import tool. Scheduled the AD import to run weekly during the night on Sunday.
- Configured each Site Server using the Sites and Subnets.
- Confirmed each Site Server was running before engaging the next server
- Waited for confirmation that the package services had downloaded all packages and was ready
- Enabled the following Agent/Plug-ins:
- Activated Inventory Solution Agent Plug-in Policy and associated policies
- Activated Software Solution Agent Plug-in Policy and associated policies
- Activated Patch Agent Plug-in Policy and associated policies
- Activated Application Metering Plug-in Policy and associated policies
- Did not activate the HP Client Manager Plug-in Policy
- Did not activate PCanywhere Plug-in Policy
- Migrated off Altiris Agent (NS6) to Symantec Management Agent (NS7)
- Build DS script using AexAgentUtil.exe /Clean and then after removal Script to install new Symantec Management Agent. See the Migration of Agents section below for more details and the actual script.
- First ran script against 10 – 20 machines
- Second ran against ~100 machines
- Last ran it against the entire 2000+ machines
- Check to see if new computer resources were added to the Computer Organizational View. And for at least a handful of computers checked to see if the following data classes were present:
- Basic inventory data classes
- Full inventory: Hardware and Software data classes
- Set the agent check in time initial to 15 minutes and left for the first three days
- After the first three days changed the setting to 3 hours
- Determined the method to deal with computer resources in NS 6 after the machine has been migrated to NS 7. To deal with these orphaned computers, we set computer to retire on NS 6 if the computer had not checked in within a 3 days.
- The benefit of this approach is that the computers that have been migrated will be removed from the NS 6 server completely.
- The side effect of this approach is if a remote computer that has not been migrated does not check in for several days it is removed from NS6. However, once the remote computer does check in it will turn active on the NS 6 server and the DS job to migrate the computer is waiting.
- Configured the individual solution policies, filters, jobs, and tasks.
Migration of Agents
The migration of the Altiris agent posed a potential challenge. We considered several scenarios, each addressing a primary concern regarding how to reassign the many agents to the new NS 7 server as well as the known issue documented in KB # TECH127468 (when the agent is upgraded, the old NS 6 subagents (such as: Carbon Copy) are not completely removed). Executing the following command on each agent to reassign or point the agent to the new NS 7 server can lead to this problem:
AexAgentUtil /Server:<server> /Web:<server>
To attack this issue you can simply turn on the Carbon Copy and Application Management agent plug-in uninstall policies so each sub-agent is removed from the NS6 agents before upgrading. Wait at least a week so computers check in and remove the plug-in. Allow a longer duration to allow remote computer to check in. With 10-15% remote computers this option was not feasible for us.
We first tried to attack this problem using the following command which is supposed to remove all installed subagents or plug-ins:
AexAgentUtil /UninstallAgents
During testing, this command gave us very mixed results where some subagents were removed and others were not. We could not trust that this command 100% of the time.
We decided to use the following command because we were assured the agent would be completely removed:
AexAgentUtil /Clean
Since each computer had both the NS and DS agent install, we decided to use a Deployment Solution (DS) script to call AexAgentUtil /Clean. After the removal script executed, the Symantec Management Agent script ran. The DS script is attached below:
REM Script to Remove NS6 Agent
if exist "C:\Program Files (x86)" (goto :64) else (goto :32)
:64
"C:\Program Files (x86)\Altiris\Altiris Agent\aexagentutil.exe" /clean
goto :end
:32
"C:\Program Files\Altiris\Altiris Agent\aexagentutil.exe" /clean
goto :end
:end
exit
REM Script to Install NS7 Agent
"\\SERVER\d$\Program Files\Altiris\Notification Server\NSCap\bin\Win32\X86\NS Client Package\AeXNSC.exe" -s -a /ns="SERVER.DOMAIN.COM" NOSTARTMENU NOTRAYICON /s
After the initial testing, we deployed this script on a handful of computers in the IT area. We tested the approximate time it took to execute the entire script. They all completed in 5 – 10 minutes. We then choose about 100 computers in the building where we were located. A few of this larger group failed and we diagnosed the individual issues that caused the failures. We then ran the script against the remaining 2000+ nodes.