Data Loss Prevention

Symantec Data Loss Prevention v14.5

upgrade document

Symantec Data Loss Prevention upgrade phases

Phase 1:          Upgrade database to Oracle 11g (11.2.0.4).

• Update database to ensure security patches.

Phase 2:          Prepare system for upgrade

• Backing up the Oracle database and detection server data.

Phase 3:          Download and extract the version 14.5 software.

Phase 4:          Upgrade the enforce server and all the detection servers using upgrade wizard.

Phase 5:          Upgrade Symantec Data Loss Prevention Agents.

Phase 6:          Complete the required and optional post-upgrade tasks.

Choosing an upgrade method

Through the Upgrade Wizard, which you access through the Enforce Server. The Upgrade Wizard provides the easiest and most efficient way to upgrade Symantec Data Loss Prevention.

Step 1:             Download and extract the upgrade software.

Step 2:             Make sure that the Enforce Server and the detection servers are running.

Step 3:             Close all files and folders in your \SymantecDLP\ directory.

Step 4:             Launch the Upgrade Wizard on the Enforce Server.

Step 5:             Perform the upgrade with the Upgrade Wizard.

Alternatively, for more details you can Follow Below Upgrade Guide.

1.Go to https://fileconnect.symantec.com.

2.Enter a Serial Number for your Symantec DLP Products.

3.Download the software (zipped files) for the version you want to upgrade to.

4.Unzip file “Symantec_DLP_14.0_Docs_Win-In.zip".

5.Open “Symantec DLP Upgrade Guide” from the unzipped files.

6.Follow the instructions given in the upgrade guide.

Preparing the Oracle database for a Symantec Data Loss Prevention upgrades

The following Oracle-related preparations must be made before you use the Upgrade Wizard to upgrade the Symantec Data Loss Prevention database schema for version 14:

• Run the upgrade data pre-checker tool to check your current database against the new constraints introduced in Symantec Data Loss Prevention 14.
• Back up the Oracle database before you start the upgrade. You cannot recover from an unsuccessful upgrade without a backup of your Oracle database.

Using the upgrader data pre-checker tool

See this article to Download and how to run the upgrader data pre-checker tool. Click here

https://www.symantec.com/connect/articles/using-upgrader-data-pre-checker-tool-symantec-dlp-v145-screenshots

Getting ready with the setup files

Extract all the required files in single folder for easy access.

1.14.5_Upgrader_Windows.jar

• Upgrade file for Symantec Data Loss Prevention v14.5.
  • File Location: DLPDownloadDirectory > Symantec_DLP_14.5_Platform_Win-IN_b > DLP > 14.5 > Upgrade_14.0_to_14.5 > 14.5_Upgrader_Windows.jar

2.AgentInstall.msi

• Endpoint agent installer for 32 bit Windows operating system.
  • File Location: DLPDownloadDirectory > Symantec_DLP_14.5_Agent _Win-IN > DLP > 14.5 > Endpoint > Win > x86 > AgentInstall.msi

3.AgentInstall64.msi

• Endpoint agent installer for 64 bit Windows operation system.
  • File Location: DLPDownloadDirectory > Symantec_DLP_14.5_Agent _Win-IN > DLP > 14.5 > Endpoint > Win > x64 > AgentInstall64.msi

4.AgentInstall.pkg

• Endpoint agent installer for Mac operating system.
  • File Location: DLPDownloadDirectory > Symantec_DLP_14.5_Agent Mac-IN > DLP > 14.5 > Endpoint > Mac > x86_64 > AgentInstall.pkg

Note where you saved the upgrade JAR, MSI, and PKG files so you can quickly find them later. 


Setting the Upgrade Wizard port number

The Upgrade Wizard has its own default port number, which is 8300. If your organization reserves that port for another purpose, you can reconfigure the Upgrade Wizard to use another port.

To set the Upgrade Wizard port number

Step 1:             Open the following file in a text editor:

DLPInstallDirectory\SymantecDLP\Protect\Manager.properties

Step 2:             Add the following line to the file:

update.wizard.port=port



Where port equals the number of the port you want the Upgrade Wizard to 
use. 
Enter a unique port number. Other applications on the Enforce Server host cannot use the same port. Verify that firewalls do not block the port number you enter. If firewalls block the port number you cannot access the Upgrade Wizard from a different computer than the Enforce Server host. 
For example, the following line configures the Upgrade Wizard to use port 5555:

update.wizard.port=5555

Verifying that the Enforce Server and the detection servers are running

Check that all of the detection servers to be upgraded using the Upgrade Wizard are running the appropriate Symantec Data Loss Prevention services.

To ensure that the detection servers are running

Step 1:             Log on to the Enforce Server. 


Step 2:             Go to System > Servers and Detectors > Overview and check that the Symantec Data Loss Prevention servers are running. 


Launching the Upgrade Wizard on the Enforce Server

Before launching the Upgrade Wizard, review the following prerequisites and restrictions:

• Make sure that the JAR file you extracted earlier when you performed the upgrade prerequisite steps is available.
• If your installation uses FIPS encryption, your browser will not be able to redirect from the Enforce Server administration console to the Upgrade Wizard user interface. In this case, you must manually browse to https://Enforce_server:8300. (If you have changed the Upgrade Wizard port number, use that port number in the URL.) 

• Clear your browser cache before upgrading the Enforce Server. 

• Stop all DLP Endpoint Discover scans. 

• Close all files and folders in your \SymantecDLP\ directory. 


To launch the Upgrade Wizard on the Enforce Server

Step 1:             Log on to your Enforce Server administration console. 


Step 2:             Go to System > Servers and Detectors > Overview.

Step 3:             Click Upgrade.

The Upgrade System pop-up window appears. 


Step 4:             From the directory that includes that JAR file, select the file and click Open.

The name of the file is 14.5_Upgrader_Windows.jar.

Ensure that you have selected correct file.

Step 5:             Click Launch Upgrade.

It may take several minutes for the Symantec Data Loss Prevention Upgrader Login panel to appear.

If the Enforce Server returns an error or times out, you must correct the problem before continuing.

See “About troubleshooting Symantec Data Loss Prevention upgrade problems”.

Performing an upgrade with the Upgrade Wizard

Should you encounter an error at any point during the upgrade, examine the log files.

To resolve errors

Step 1:             On the page where you encountered the error, click the Log Files link.

Step 2:             Try to resolve the error, and then launch the Upgrade Wizard again.

These procedures assume that you have already launched the Upgrade Wizard.

To upgrade the Enforce Server

Step 1:             On the Symantec Data Loss Prevention Upgrader Login panel, enter the Administrator user name and password, and then click Login.

Step 2:             Click Accept on the License Agreement panel.

Step 3:             Click Next on the System Check panel, when you click Next, the Upgrade Wizard verifies that you have the minimum software version level required to upgrade to the current release version.
One of the following two outcomes results:

• If the check was successful, Click Next on the System Check Succeeded panel.
• If at any point you see a message box stating that the upgrade has failed, click Cancel. Fix the reported problem that is shown in the panel. After fixing the problem, log on to Enforce, and launch the upgrade again.

Step 4:             The Disable automatic distribution of detection server upgrade packages page appears.

Select Automatically distribute the detection server upgrade packages if you want Symantec Data Loss Prevention to distribute your detection server upgrade packages automatically.

Click Next.

If you want to manually upgrade your detection servers, select Manually upgrade detection servers. Symantec Data Loss Prevention creates an upgrade package labeled DetectionServerPatch14.5.0.0_1 in your updates directory which you can copy to the DLPInstallDirectory SymantecDLP\Protect\updates\DetectionUpgradePackages directory of the Enforce Server and each detection server manually. Before you copy the upgrade packages to each detection server, stop the VontuMonitorController process on each detection server. After distributing the upgrade packages, you can use the Upgrade Wizard to complete the detection server upgrade process.   

Step 5:             If you selected automatic detection server package distribution, the Detection Server Upgrade Package Distribution Status page appears. This page displays the status of the package distribution process. When the packages have been distributed, proceed to the next step.

Click Next.

Step 6:             The Welcome to Symantec Data Loss Prevention Upgrader panel appears.

A prompt warns you that any language packs you have installed from a previous version of Symantec Data Loss Prevention will be deleted. You must install new language packs for the current version of Symantec Data Loss Prevention later in the upgrade process.

Click Next.

Step 7:             The Pre-check panel appears and the Upgrade Wizard begins performing pre-upgrade tasks. The tasks include extracting necessary upgrade files and stopping Symantec Data Loss Prevention services.

Click Next after the pre-check tasks complete.

Step 8:             From the Upgrade Enforce Server panel, click Next.

The wizard creates a compressed file, called SymantecDLPEnforceBackup_previousVersion.zip, that contains all the files in your file system. It puts the file in a new update directory (DLPInstallDirectory\ SymantecDLP\Protect\updates\SymantecDLPEnforceBackup). Then it installs new ones.

This step also upgrades the Symantec Data Loss Prevention schema on the Oracle database.

When the process has finished successfully, the following message appears:

Done upgrading Enforce software.

If an error occurs, a message to that effect appears. Consult the logs for information, correct the problem, and launch the upgrade again.

Note: If you launch the Upgrade Wizard again to upgrade the remaining detection servers, the utility does not repeat the Enforce Server upgrade.

Step 9:             Click Next after the Enforce upgrade completes.

Step 10:           The Enable external storage for incident attachments panel appears.

To enable external storage for incident attachments, select Enable external storage for incident attachments and enter or browse to the path of your External Storage Directory.

Note: If you enabled external storage for incident attachments in your previous version of Symantec Data Loss Prevention, ensure that you select Enable external storage for incident attachments and enter the path to your existing external storage directory.

Step 11:           Click Next on the Enable External Storage for Incident Attachments.

Step 12:           The Enable Symantec DLP Supportability Telemetry panel appears.

Step 13:           If you plan to share system information with Symantec, perform the following steps:

• Select Participate in Supportability Telemetry Program.
• Select This DLP instance is a production system to indicate your system is in production or This DLP instance is a test system to indicate your system is in test.
• Enter your company name in the Company Name field.

Click Next.

Step 14:           The Upgrade Detection Servers panel appears.

After the detection server upgrade packages have been distributed automatically or manually, select the detection servers you want to upgrade then click Upgrade.

The wizard creates a compressed file, called SymantecDLPDetectionBackup_previousVersion.zip. This compressed file contains all of the files in your file system. It puts the compressed file in a new update directory (DLPInstallDirectory\SymantecDLP\Protect\updates \SymantecDLPDetectionBackup). Then it installs new ones.

After the wizard upgrades the detection servers you selected, green checkmarks appear next to those servers listed in the Upgrade Status column of the panel.

If you experienced network connectivity problems between your Enforce Server and any detection server, you can locally upgrade those servers later. You can also run the Upgrade Wizard again.

Note: When you run the Upgrade Wizard again, it does not upgrade the Enforce

Server again.

You must upgrade the Enforce Server before trying to upgrade your detection servers. Otherwise, you receive an error message in the system events report and the upgrade does not proceed.

Upgrade all detection servers to the same version as the newly upgraded Enforce Server to ensure compatibility.

Click Next.

Step 15:           The Success panel appears and prompts you to also upgrade your system endpoints.

Click Finish.

Step 16:           The Symantec Data Loss Prevention Login panel for Enforce Server appears.

Logon to the Enforce Server.

Step 17:           The Enforce Server administration console appears.

To verify the upgrade, review that your server version numbers are correct. Go to System > Servers and Detectors > Overview and click Enforce Server or a Detection Server.

Download attached file for screenshots.

Thank you.