Endpoint Protection

 View Only

  • 1.  SEPM (Upgrade Query)

    Posted May 23, 2014 01:54 AM

    Hello, I hope you all are doing great. I have to perform an SEPM upgrade task and therfore I need your input to do it seamlessly and smoothly.

    Here is the scenerio. I have SEPM 12.1 running with an SQL DB instance on SQL Server 2000 with about 1200 clients.Both SEPM and SQL server instance are on Server 2003

    Now when I tried to upgrade it to the latest version it gave me an error since the current SQL version is not supported. I need atleast SQL 2005,2008 or 2012. Now the password of that box on which SQL server is hosted is forgotten so I cannot login into that machine to upgrade first the SQL server to new version to satisfy this need.

    So I was wondering what is the best approach to cater this problem. I am planning to take the backup of current SEPM. Then on a new machine with server 2008 as base OS install the same version of SEPM restore the backup and server certifcate and once then clients are reported to this new machine then upgrade this to the latest version of SEPM 12.1.4 MP1

    Second option which I have in my mind is to on a new machine install the same version of SEPM with embedded database and configure it in replication mode. Then apply a MSL to this new replication partner as Priority 1 to all the groups. Once all the clients are moved to this SEPM, then upgrade this SEPM to the latest version and after few days de-commision the old SEPM machine.

    Now which approach you guys suggest to acheive the required objectives ? Few of my queries regarding this are:

     

    1. In future if I want to configure replication would this be possible with the new SEPM on the box? 

    2. I dont want any activity to be performed at the client end. It should only be peformed at the server end

    3. When configuring gup for a group ( lets see a group have endpoints in it which are on diffrent subnets and I configure a GUP for this particular group what will be the mode of operation )

     

    Regards.

     



  • 2.  RE: SEPM (Upgrade Query)

    Posted May 23, 2014 02:10 AM

    Any 1 ??????



  • 3.  RE: SEPM (Upgrade Query)
    Best Answer

    Trusted Advisor
    Posted May 23, 2014 04:06 AM

    The way that we did ours to make it easier was we setup a second SEPM new SQL database and installed to the same version as our current SEPM and setup replication. Once replication was complete we upgraded the new SEPM to latest version. Then you should be able to take your old SEPM offline and wipe the old SQL server to upgrade and set it back up as the backup for your new SEPM. 

    1. So yes once upgraded you'll be able to setup replication. Replication in the first instance both SEPM's have to be on the same version. 

    2. No client end update will be needed maybe only a policy update but users will not notice any difference at the client end

    3. Latest SEPM 12 can support multiple GUP setups and on different subnets. You can even force a specific GUP if machine can not be contacted by multiple GUPs.



  • 4.  RE: SEPM (Upgrade Query)

    Posted May 23, 2014 04:08 AM

    So you are trying to say that I should go with option 2



  • 5.  RE: SEPM (Upgrade Query)

    Trusted Advisor
    Posted May 23, 2014 04:12 AM

    Yeah step 2 is the easiest way as when you setup replication your two SEPM's should then have the same certificate, so you won't need to do a sylink drop to all client machines to point them at a new SEPM. 



  • 6.  RE: SEPM (Upgrade Query)

    Broadcom Employee
    Posted May 23, 2014 07:37 AM

    Hi,

    Though you have forgotten the password of box where SQL is hosted, Do you have a SQL backup and SQL username & password?



  • 7.  RE: SEPM (Upgrade Query)

    Posted May 23, 2014 08:12 AM

    Hello Cheta thanks for your reply. Yes I have taken the backup through SEPM and yes I also have SEPM SQL instance DB username and password. What do you suggest ? Regards



  • 8.  RE: SEPM (Upgrade Query)

    Broadcom Employee
    Posted May 23, 2014 09:41 AM

    If new machine hold the same IP address & hostname then I would suggest disaster recovery option.

     1.  In future if I want to configure replication would this be possible with the new SEPM on the box? 

    --> I think it won't be possible.

    2. I dont want any activity to be performed at the client end. It should only be peformed at the server end

    --> In any case no activity would required at the client end.

    3. When configuring gup for a group ( lets see a group have endpoints in it which are on diffrent subnets and I configure a GUP for this particular group what will be the mode of operation )

    --> You need to configure mulitple group update providers/Explicit group update provider. Single group update provide wont't work in this case.



  • 9.  RE: SEPM (Upgrade Query)

    Broadcom Employee
    Posted May 25, 2014 10:47 AM

    you have SQL client installe don SEPM, install SQL managment studio and login using SQL authentication ( do you have pwd of SQL)? if yes, take the SQL back up , if not take the SEPM backup using SEPM wizard.

    1. In future if I want to configure replication would this be possible with the new SEPM on the box? 

    yes, it's possible. The new SEPM will be the primary for any new repliacation SEPM.  

    2. I dont want any activity to be performed at the client end. It should only be peformed at the server end

    nothing on client side.

    3. When configuring gup for a group ( lets see a group have endpoints in it which are on diffrent subnets and I configure a GUP for this particular group what will be the mode of operation )

    yes, explicit GUP will help.