Endpoint Protection

 View Only

  • 1.  best practise upgrading 2 managers connected to one sql DB without replication

    Posted Apr 19, 2016 03:31 AM

    hi,

    i made an upgrade plan based on the official one.

    I want to upgrade 2 Managers (12.1.6 MP1) without replication and both are connected two one shared SQL DB.

    Step 1: Create an upgrade plan
    Step 2: Back up and prepare for disaster recovery (critical)

      - Disable the "Protect client files and registry keys" Application Control Policy
      - Remove client packages assigned to the client groups

    Step 3: Enable local authentication
    Step 4: Stop the Symantec Endpoint Protection Manager service on both Managers.
    Step 5: Upgrade the Symantec Endpoint Protection Manager (Primary First)

    Step 6: Upgrade the Symantec Endpoint Protection clients

    is there anything else to add or does this look good?

    i found nothing official on this exact scenario, if there is something, a link would be nice.

    Thanks.



  • 2.  RE: best practise upgrading 2 managers connected to one sql DB without replication

    Posted Apr 19, 2016 03:45 AM

    This looks good, just make sure that your DR steps are correct ( Cert backup)



  • 3.  RE: best practise upgrading 2 managers connected to one sql DB without replication

    Trusted Advisor
    Posted Apr 19, 2016 04:47 AM

    Looks like a decent list - you've done your research.

    This might be of help 'just in case'

    Disaster recovery best practices for Symantec Endpoint Protection 12.1: https://support.symantec.com/en_US/article.TECH160736.html



  • 4.  RE: best practise upgrading 2 managers connected to one sql DB without replication

    Posted Apr 19, 2016 04:48 AM

    I beleive you are talking about upgrading both the SEPM's to SEPM 12.1.6 MP4. here are few correction.

     

    Step 1: Create an upgrade plan  --- Good to Go
    Step 2: Back up and prepare for disaster recovery (critical) --- Good to Go Just ensure that you backup the DB and server certificate from both the SEPM

      - Disable the "Protect client files and registry keys" Application Control Policy --- Good to Go (spot on)
      - Remove client packages assigned to the client groups -- not necessary unless you you want the older clients to 12.1.6 MP4 post upgrade

    Step 3: Enable local authentication --- Good to Go
    Step 4: Stop the Symantec Endpoint Protection Manager service on both Managers. --- Good to Go
    Step 5: Upgrade the Symantec Endpoint Protection Manager (Primary First) --- Good to Go

    your Step 6: should be to upgrade the Second SEPM so that you can communicate with upgraded DB

    Step 7: Upgrade the Symantec Endpoint Protection clients --- Good to Go

     



  • 5.  RE: best practise upgrading 2 managers connected to one sql DB without replication

    Posted Apr 19, 2016 07:58 AM

    Hi , I seek some clarification on STEP 2. regarding backup of the certificate from both SEPMs . Is it mandatory to backup the Secondary SEPM server cert as well? becuase in the MSL they are already configured either as Active/Active or Active/Passive.

    So if the server crashes and we have to re-build , which cert to use while doing the DR , cert from Primary or Secondary?

     

    Thanks



  • 6.  RE: best practise upgrading 2 managers connected to one sql DB without replication

    Posted Apr 19, 2016 10:09 AM

    that was just a precautionary step, one server's certificate should be more than enough as both the servers will have the same certificate.