Video Screencast Help

Best practices for upgrading to Symantec Endpoint Protection 12.1.2

Created: 10 Dec 2012 • Updated: 06 Jun 2013 | 28 comments
Eileen's picture

If you are planning to upgrade or migrate to Symantec Endpoint Protection 12.1.2, please take a look at the latest how-to article created by our very own SEP content council team.

http://www.symantec.com/business/support/index?pag...

Please be sure to vote this post up, if you find it helpful.

~Eileen, Security Community Manager

Comments 28 CommentsJump to latest comment

Kojeiwa's picture

Hello Eileen,

 

We currently have Endpoint Protection version 11 running on Windows 2003 Server. We are trying to

upgrade to Endpoint Protection version 12.1.2 on a new Windows 2008 R2 server. What's the best upgrade

method?

The plan was to install version 12.1.2 on a new Window 2008 R2 server and then restore the backup  from

version 11. Can that be done since they are not same version?  Or do we have to install version 11 on the

new server first, restore the backup of the old SEP server, then upgrade to version 12.1.2?

Thanks

accesscontrol's picture

Hi Kojeiwa, You will have to restore the version 11 to the new server first then only you can upgrade to version 12. Be sure to follow best practice for disaster recovery when restoring version 11. Hope this helps.

Chetan Savade's picture

Hi,

Thank you for posting your query in the Symantec forum.

I would like to answer following queries.

Q. The plan was to install version 12.1.2 on a new Window 2008 R2 server and then restore the backup  from version 11. Can that be done since they are not same version?

--> It's not possible due to database schema changes in SEP 12.1

Q. Do we have to install version 11 on the new server first, restore the backup of the old SEP server, then upgrade to version 12.1.2?

--> This is the correct method however if you could provide the following details we can guide more correctly.

1) Total number of SEPM's in the network?

2) Total number of Clients in the network?

3) If any GUP is configured & are there any remote sites?

4) Installed SEPM is with default policies or having custom policies as well?

I would request please go through the following thread.

https://www-secure.symantec.com/connect/forums/mov...

Check this article also: https://www-secure.symantec.com/connect/articles/h...

 

Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

Mithun Sanghavi's picture

Hello Kojeiwa,

In your case, you would be migrating the server OS as well as SEP 11.x to SEP 12.1.

Check these Threads which speaks on the same issue - 

https://www-secure.symantec.com/connect/forums/symantec-1106-121-migration-question

https://www-secure.symantec.com/connect/forums/migrating-sep-11-old-hardware-sep-12-new-server-hyper-v-vm

In your case - there are 2 scenarios - 

1. Upgrade the SEPM 11.x on the existing 2k8 32 bit server to SEP 12.1, then move the installation to the new 2k8 64 bit server by performing a disaster recovery.

How to move Symantec Endpoint Protection Manager 12.1 from one machine to another

http://www.symantec.com/docs/TECH171767

Symantec Endpoint Protection 12.1: Best Practices for Disaster Recovery with the Symantec Endpoint Protection Manager

http://www.symantec.com/business/support/index?page=content&id=TECH160736

OR

2. Move the installation of SEPM 11.x from the existing 2k8 32 bit server to the new 2k8 64 bit server, then upgrade it to SEP 12.1 after it's moved.

How to move Symantec Endpoint Protection Manager from one machine to another

http://www.symantec.com/docs/TECH104389

How to point clients to a new SEPM after decommissioning or replacing the primary SEPM.

http://www.symantec.com/docs/TECH92556

 

Migrating from Symantec Endpoint Protection v.11.x clients to Install Symantec Endpoint Protection v.12.1. could migrate flawlessly without any issues.

It is always recommended to perform a Disaster Recovery for SEPM 11.x before Migrating to SEP 12.1 as a Backup step.

Here are the Best Practices for Upgrading to SEP 12.1 RU2 - 

Best practices for upgrading to Symantec Endpoint Protection 12.1.2

http://www.symantec.com/docs/TECH163700

 

Also, check the Articles for the Migration on :

Quick Access to Symantec Knowledgebase Articles of Symantec Endpoint Protection 12.1

https://www-secure.symantec.com/connect/articles/quick-access-symantec-knowledgebase-articles-symantec-endpoint-protection-121

SEP 11.x to SEP 12.1 Upgrade process graphical overview

https://www-secure.symantec.com/connect/articles/sep-11x-sep-121-upgrade-process-graphical-overview

WhitePaper for Migration: https://www-secure.symantec.com/connect/downloads/migration-whitepaper-symantec-endpoint-protection-version-121

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Nguyen Cao's picture

Hi Mithun,

We have SEPM 11.0.7101.1056 running on a Windows server 2003. We want to migrate it to a new windows 2008 server by replicating from the old server.

My question is: Is it possible to replicate from SEPM 11.0.7101 to SEPM 12.1.2?

Can we replicate directly from SEPM 11.0.7101 to SEPM 12.1.2? Or we have to install SEP 11.0.7101 on a new server, replicate after that upgrade the new server to 12.1.2?

Regards,

Nguyen Cao

Ashish-Sharma's picture

HI,

Symantec does not support multi-version manager replication scenarios. Database schemas can change from version to version, and database corruption could occur if the schemas do not match. All Symantec Endpoint Protection sites that replicate should be running the same version.

 

Thanks In Advance

Ashish Sharma

 

 

Nguyen Cao's picture

Thanks Ashish,

So that mean we have to install SEPM 11.0.7101 on new server and replicate first. After that upgrading the new server to SEPM 12.1.2.

Your answer is the direct hit.

Regards,

Nguyen Cao

Chetan Savade's picture

Hi,

Go through the following important note prior to go with replication.

Note : If you wish to move SEPM from one machine to another with the help of replication, Replication is an option, decide whether to go or not.Beacuse if you do replication and remove the old server that is the Primary SEPM , in future if you want to do replication you will not be able to do so.

If you think in future you won't require any replication then can go ahead with the replication.

Check this article as well:

Replications and Considerations

https://www-secure.symantec.com/connect/articles/r...

How replication works

http://www.symantec.com/docs/HOWTO55328

Managing sites and replication

http://www.symantec.com/docs/HOWTO55322

Video: https://www-secure.symantec.com/connect/videos/replication-concepts-and-configuration

Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

louiesulit326's picture

This kind of document is very helpful especially for engineers who are supporting different versions of SEP. Thank you for this Eileen!

AlanR13's picture

Hi, I am new to this forum.Need a suggestion.A client wants to monitor activities on 10Pcs with ability to track key strokes with live monitoring of employee desktops.can u suggest a solution with a product?

Eileen's picture

All the credit goes to our fabulous SEP Content Council team!  Be sure to let us know if you have other ideas for useful articles.

~Eileen

MIXIT's picture

Excellent, thank you very much.  I'm about to do two of these upgraddes this month. 

harvansh Singh's picture

Thanks for these update, these are very usefull documents.

Regards

Harvansh Singh

LGL's picture

Hi,

Nice documents and good information.

We are running a SEP11 environment where we using SSL 443 (with certificates) in the communication between the SEPM and SEP clients. (10k clients)

I havent found any documentation in how too migrate a SEP11 environment to SEP12.1 when using this communicaiton. We cant just switch to http 8014 since this environment is on the "internet".

I would be verry happy if someone got this information and could share it with me.

// LGL

Mithun Sanghavi's picture

Hello,

Migration from SEP 11.x to SEP 12.1 would be normal as provided in the Article above.

However, since SEPM 12.1 works on Apache; once migration is complete, you would have to create a Apache SSL.

Check these Articles:

Symantec Endpoint Protection 12.1: Enabling SSL Between the Manager and Clients

http://www.symantec.com/docs/TECH162326

What is the Endpoint Protection 12.1 IIS ISAPI proxy and when is it installed?

http://www.symantec.com/docs/TECH180596

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

pandher's picture

I just upgraded the Symantec Manager to 12.1.2 last week and now in the process of upgrading the clients too 12.1.2.

 

Can someone tell me if Mac and Linux clients be managed with SEPM on the latest version.?

pete_4u2002's picture

only Mac & Windows clients can be managed.

for linux , you can report the clients log to SEPM
SEP Linux reporting to SEPM
http://www.symantec.com/business/support/index?pag...

Srikanth_Subra's picture

Hi Pete,

iam just planning to manage linux clients..but i do know how to monitor now with your thread it may be useful.

For testing first shall i install only in one machine and monitor?

Thanks & Regards,

 Srikanth.S

"Defeat the Defeat before the Defeat Defeats you"
(Swami Vivekananda)

Ambesh_444's picture

Hi Eileen,

Really nice and helpful.

 

Thank& Regards,

Ambesh

"Your satisfaction is very important to us. If you find above information helpful or it has resolved your issue. Please don't forget to mark the thread as solved."

JXLuengas's picture

Thank You for sharing, is very useful know about the best practices before to upgrade.

ShadowsPapa's picture

Thanks for any and all documentation, especially best practices, or "do this, not that" papers.
  Too often I go to upgrade or perform some sort of maintenance, then find out later they *just released* a "best practices" or "no, don't do that!" document days or weeks after the product release. Sort of like buying some drug off the shelf, then a month later finding out you are only supposed to take 1, not 2, or "never take with milk" - after it's a bit too late, eh.

Hidden in the "read me.txt" files isn't a lot of help - obviously one should always look there, but ideally, folks who have installed the product, upgraded it, even BETA TESTERS, should write the best practices before product release. Task beta testers with sending in a list of suggestions for how to install/upgrade or NOT install/upgrade, what to do in case of fire, etc. Then compile a "best of" from those, try it out, and release the document, THEN post the new product. Please. I'd much rather see a document posted a few days before product release telling me what to do, what not to do, how to prepare - and know just how much thought and effort went into it, THEN see the product and feel totally prepared before cracking the install file open and running it.
Kudos to anyone who can put together "best practices" or "gotcha list - what to avoid" documents - and beat the release of the product. But kudos even to those who produce documents to help us use the product even if it is after it's a bit too late for some..........
I'd rather know how first, not learn later that "it shoud not be done this way"...... how were we to know?
Get the whole team involved - from developers to end support folks. Volunteers to any staff willing to help. If the documents are great, it just figures that the product is great, too - (SEP is - but as seen from the outside - what's the first thing people "should see"? The documentation. If it looks good, and is accurate and very usable, the customer has a warm/fuzzy feeling before they even launch setup.exe)

(when I beta tested Symantec products in the 90s and early 2000s, script? we are to follow a test script? Now you tell me" - and in that way I found bugs and things not anticipated. I guess I acted like a real consumer would act, and not like an engineer who already knows about the bad stuff.)

Maybe it's just me - but two things sell a product to me - and it's NOT the box or logo or colors or marketing. I distrust marketing completely. Those two things are - support and documentation. If those are good, I'll buy product. I weight 3 things equally - each gets 33.333% - documents, support, product. Which ever product ends up higher in any of those 3 areas, even if the other products are equal in the other areas, wins. But if a product is maybe even 1 or 2 points down from another product, if the support is great and the documents totally usable, that's the direction I will go. I want support and documents - armed with those tools, I can make even lesser products work.