Endpoint Protection

 View Only

  • 1.  Migrating SEPM 11 to 12

    Posted Nov 02, 2011 04:32 PM

    We are in the process of getting ready to deploy SEPM 12.  We are currently running SEPM 11 on one server (Windows 2003 32bit) and we would like to migrate to a new server (Windows 2008 R2 64bit).  I found the following document on setting up the new server and setting up replication between the 2.... Just a nice step by step process

    http://community.spiceworks.com/how_to/show/461

    My questions are as follows:

    1. Can we go straight to SEPM 12 on the new sever? Will SEPM 12 manage the SEP 11 clients?

    2. Are there problems with 11 talking to a 12 sever?

    3. If #1 is yes to both parts, then will we be able to automatically push the new client (SEP12) to the clients?

    4. If #1 is No then should we swing to a new server with SEPM 11 on the new server (then upgrade to 12)?

    5. How have you handled laptops that do not sit on your network for extended periods of time that are using SEP?

    Thanks for any assistance. Any documentation that you may have for the migration would be helpful. Thanks!



  • 2.  RE: Migrating SEPM 11 to 12

    Posted Nov 03, 2011 06:15 AM

    SEP 12 can manage SEP 11 clients, without any Issues. Its desinged with Backward compability.

    it wont push package automatically, u have to do it from the console

    for any clients which are off the network or does not have SEP installed. You can enable unmanaged detector

    to upgrade all clients at once You can use Autoupgrade

    http://www.symantec.com/business/support/index?page=content&id=TECH103166

    Google links on forum, these should help you out

    http://www.symantec.com/business/support/index?page=content&id=TECH96234



  • 3.  RE: Migrating SEPM 11 to 12

    Broadcom Employee
    Posted Nov 03, 2011 06:32 AM

    1. Can we go straight to SEPM 12 on the new sever? Will SEPM 12 manage the SEP 11 clients?

    Yes, SEPM 12 can manage SEP 11 clients

    2. Are there problems with 11 talking to a 12 sever?

    None

    3. If #1 is yes to both parts, then will we be able to automatically push the new client (SEP12) to the clients?

    Yes, with auto upgrade feature the client version SEP 12 can be pushed to SEP 11 clients ccommunicating to SEPM

    4. If #1 is No then should we swing to a new server with SEPM 11 on the new server (then upgrade to 12)?

    5. How have you handled laptops that do not sit on your network for extended periods of time that are using SEP?

    enabled the LU, so that wheneve they connect to internet the definition are downloaded from Symantec Liveupdate.



  • 4.  RE: Migrating SEPM 11 to 12
    Best Answer

    Broadcom Employee
    Posted Nov 03, 2011 06:41 AM

    Hi,

    Note : There is one drawback when you do the replication for SEPM tranfer.

    After demoting old server you can't do any further replication with new server.

     

    There are two methods to move Symantec Endpoint Protection Manager (SEPM) from one machine to another:

    Method 1: if the SEPM server keeps the same IP and host name, you can refer to "Best Practices for Disaster Recovery with the Symantec Endpoint Protection Manager"

    http://www.symantec.com/business/support/index?pag....

    Method 2: if the new SEPM server has a different IP and host name, there are two alternatives:

    1. Use replication to install a new SEPM and keep the policy the same with old SEPM. See "How to move Symantec Endpoint Protection Manager from one machine to another" 

    http://www.symantec.com/business/support/index?page=content&id=TECH104389

    2. Install a new SEPM, then use the Sylink file to establish communication between the new SEPM and the existing SEP client through sylink replacer tool.

    Note : Sylink replacer tool is most commonly used option because it's easy to use, sylink.xml file location has changed in SEP 12.1

    Please go through following thread for more details:

    https://www-secure.symantec.com/connect/forums/migration-clients-other-server-sepm#comment-5229601

    Link for more information :

    http://www.symantec.com/business/support/index?pag...



  • 5.  RE: Migrating SEPM 11 to 12

    Posted Nov 03, 2011 10:54 AM

    Chetan,

    Your documents point to using the same version... I want a new server, new name, and new IP using SEPM 12.1. Old server is Window 2003 with SEPM 11. The current SEPM server is multi-purposed and we are not ready to remove those features just yet. therefore I need to keep the IP on that server.

    So from what I am reading...

    1. setup new server with SEPM 12.1

    2. Setup replication

    3. Set new priority for new server to be higher than current

    4. wait for all clients to migrate to the new server

    5. use the Auto Upgrade feature to push the client software out.

    6. Once all clients are onto the new server, remove SEPM 11 from old server.

    Am I missing anything?  I know that the above steps are under stated and easier said then done but that is the jist of what I want to do.



  • 6.  RE: Migrating SEPM 11 to 12

    Broadcom Employee
    Posted Nov 03, 2011 11:02 AM

    Hi,

    Before initiating replication both SEPM's should have the exact same SEPM version.

    You can not replicate SEPM 11.0.6 with SEPM 12.1

    If you have limited number of clients then I would suggest 

    1) Install new SEP 12.1

    2) Replace sylink.xml to restore client communication with SEPM

    3) Use auto upgrade to upgrade clients.

    4) You can import policies if you have set custom policies in SEPM 11.x.

    If you have large environment then you can think 

    i) Disaster recovery

    ii) Replication 

    I hope it will help you