Brightmail Upgrade
Updated: 14 Oct 2010 | 5 comments
This issue has been solved. See solution.
Currently we are running a VM of Brightmail 8.0.3, we are looking to upgrade it to 9.0. Any suggestions on if we should upgrade the current version or build a new VM and import all the settings into the new one. The documentation for the upgrade says it could take hours to do an upgrade from 8 to 9. If we were to build a new one how would that effect the licesning on the one that is currently up and running? Any thoughts or suggestions would be apprecitated.
Thanks
Discussion Filed Under:
Comments
Doesn't take hours. If you
Doesn't take hours. If you are using LDAP for anything, take a look at the changes in that space. LDAP no longer uses sync, but a live connection (with cache) to your LDAP source. Also Compliance (now Content) polices that use folders will change behavor as quarantine feature has been added. Your SBG license is for your site. You use the same .SLF file on each appliance.
Build a new VM and test. I've been able to use VMware Player to test from my desktop (build a RedHat 5.x 32 bit IM with the OSload ISO mounted. If you havn't been doing LDAP recipient validatation/rejection 9.01 is the time to start.
Also look at the Probe accounts - lets you send mail sent to selected non-existent users to symantec's spam service to improve detection.
My Upgrade Check-off list
Assume you are at 8.0.3
ldapsearch -x -b "dc=yourdomain,dc=com" -D "AD_login@youdomain.com"
-h <LDAP_IP>-W '<search query filter>'
http://service1.symantec.com/SUPPORT/ent-gate.nsf/docid/2010032311222054?Open&seg=ent
"no MXs for this domain"
mta-control all status
mta-control pause-mode resume-accept
mta-control pause-mode status
service mta start
mta-control pause-mod resume-delivery
<your.ldapsource>.domain.com with non-admin, read-only user ID.
Enable Recipient Validation only
tail -f /data/logs/dds/dds.log
Spot on answers
Spot on answers there.
Licensing is per USER so you can have as many SBG instances as you like, so you won't be affected by creating a new one.
The biggest time consumer is the DB upgrade between releases so, the amount of data you store in reporting and quarantine and (logging to an extent) is directly proportional to the time taken to upgrade.
I'd say upgrade from your 8.0.x environment if you can - as above, MAKE SURE YOU PAY ATTENTION TO THE LDAP CHANGES, you'll need direct access to your directory servers from the scanners.
HTH
//ian
Ian, thanks for the
Ian, thanks for the correction (Site/Users).
Arg175 - we have a large environment (12M msgs/day, 45 day log retention). We upgraded 4 scanners across 2 days. Most of the time was spent in prep. Strongly recommend you use the command line update process - update download (2 x to make sure all the bits are downloaded) some time ahead of your upgrade window, and then an update install.
It's not clear how many CC/Scanners you have. if you only have a single combined CC/Scanner, I recommend you build a 2nd 8.03 scanner only box. Get it hooked into your existing CC. Add it to your public MX. If you send outbound mail via SBG, add the 2nd scanner to that config. Now you have mail flow even if you have a longer than expected outage of the main scanner during the upgrade. Scanners can run "headless" (without a CC) for days.
:-)
NP - It wasn't a correction per-se, your answer was correct enough :-)
Would you like to reply?
Login or Register to post your comment.