Whoa.. Hold on everyone.
Mike,
I am former Vontu/Symantec and know the inner workings of this product...so bare with me.
The DLP console/Enforce server is just a front end to the DB. So I would assume that you have already done the following:
- Upgraded all of the DLP servers to the current version
- Upgraded the Oracle DB to 11g
- Taken a Backup of the Oracle DB
- Taken a Backup of the Enforce server
If you have done that and plan to backup the DB just prior to the OS swap..then you are in good shape.
If you wanted to keep the existing DB (hopefully on another server) and just spin up another Enforce server (2008) to connect to it, this is very easy for most of the configurations are stored in the DB. The only things that are not are the customizations that you may have with the LDAP lookups and Script plugins. Though the most important thing is the have a copy of the CryptoMasterKey file and some of the other config files that are in the config directory of the enforce server.
If this is the case then... see here https://kb-vontu.altiris.com/display/1n/index.asp?aid=&cat=&catURL=&r=6.141299E-02
Though it sounds like you would like to keep the existing DLP installation for archival purposes and incase you need to look at old incidents. If this is the case it sounds like you just want to stand up a NEW DLP console and a NEW Oracle DB.
If this is the case then I would just build a fresh install of the Enforce and DB from scratch. If you want to use the existing polices from the old DLP server, then I reccommend to do the following and why.
- I would recreate all of the polices from scratch, do not import or export the existing policies from the old system. Just duplicate them from the old system by hand
- When exporting/importing a policy, it will NOT include any of the repsone rules or any of the "Groups" that it may utilize. These are customizations that are very specific to each installation.
- So you are going to have to create all of the response rules from scratch anyways.
- Also when you import a policy it will show up as an IMPORTED TEMPLATE (see the bottom of the templates page), not as a running policy. So you will still need to go through the process of adding the policies and then adding the repsone rules. Similar to the existing templates that come built in with the system. This is why I say to do it from scratch, its MORE work to import!
From my experience, it is easier to duplicate the system from scratch by importing a solution pack and then starting at the System section and configuring all of those settings (Email, Attributes, lookups, plugins, credentials etc) and then move your way backwards. When you get to the Manage section, start at the bottom (Repsonses first then to Policies) This way by the time you get to the policy you can add the response rules that you already created.
When it comes time to add the Detection servers to the NEW enforce server make sure to copy the communication keys (if you generated ones) to the detection servers. (If you have made any custom settings to the detection servers, make sure to duplicate them in the new enforce server) 90% of the detection configurations settings are in DB so they will inherit the configurations when they connect to the new Enforce server.
Hope this helps
Good Luck...
Ronak