Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

Upgrade SEP 11.x to 12.1 Pre-upgrade tasks

  • 1.  Upgrade SEP 11.x to 12.1 Pre-upgrade tasks

    Posted Oct 29, 2012 11:32 AM

    We are about to upgrade from SEP11.x to SEP 12.1 and the upgrade will install on top of the 11.x server(stay on the same VM).  I have gone over the requirements for this and I had a question.  

    1. Do I need to disable secure communications between the server and clients before doing anything?  Or is that only a task when migrating from another Symantec product?   If I need to do this, do the clients automatically start communication again once the setting is changed back(before I create and deploy new clients)?  

    I just wanted to make sure becuse it was not listed in the tasks list when installing the server but only after that in a section for migrating a management server. 

    Also, do I need to configure the policies before the client upgrade to turn off Liveupdate, scheduled scans or anything else?  Thanks in advance.

     



  • 2.  RE: Upgrade SEP 11.x to 12.1 Pre-upgrade tasks

    Posted Oct 29, 2012 11:36 AM

    hi,

    You can check this artical and follow steps

    Upgrading or migrating to Symantec Endpoint Protection 12.1

    http://www.symantec.com/business/support/index?page=content&id=TECH163602

    Symantec Endpoint Protection 11.x: Best Practices for Disaster Recovery with the Symantec Endpoint Protection Manager

    http://www.symantec.com/business/support/index?page=content&id=TECH102333

    SEP 11.x to SEP 12.1 Upgrade process graphical overview

    http://www.symantec.com/connect/articles/sep-11x-sep-121-upgrade-process-graphical-overview

     

    Check this thread

    https://www-secure.symantec.com/connect/forums/symantec-endpoint-protection-manger-upgrade



  • 3.  RE: Upgrade SEP 11.x to 12.1 Pre-upgrade tasks

    Posted Oct 29, 2012 11:42 AM

    Upgrading to 12.1

    https://www.symantec.com/business/support/index?page=content&id=TECH163602

    Upgrade resources for Symantec Endpoint Protection 12.1

    https://www.symantec.com/business/support/index?page=content&id=HOWTO81064



  • 4.  RE: Upgrade SEP 11.x to 12.1 Pre-upgrade tasks

    Broadcom Employee
    Posted Oct 29, 2012 11:43 AM

     Do I need to disable secure communications between the server and clients before doing anything?  Or is that only a task when migrating from another Symantec product?   If I need to do this, do the clients automatically start communication again once the setting is changed back(before I create and deploy new clients)?  

    no need, since you are not changing the certificates.

    Also, do I need to configure the policies before the client upgrade to turn off Liveupdate, scheduled scans or anything else?  Thanks in advance

    yes, it is recommended to stop the scan and disable LU before upgrade.It is there in implementation guide.



  • 5.  RE: Upgrade SEP 11.x to 12.1 Pre-upgrade tasks
    Best Answer

    Trusted Advisor
    Posted Oct 29, 2012 11:49 AM

    Hello,

    Yes, you would have to Disable secure communication between server and clients.

    If your clients and server use the secure communication option, you must disable this option before migration or upgrade. You issue a policy to the clients to make this change.

    Note: After the migration or upgrade, you issue another policy to enable secure communication.

    See Configuring secure communications to prevent clients from being orphaned.

    Check these Articles which would provide all your answers step by step: 

    Migrating a management server

    http://www.symantec.com/docs/HOWTO55378

    Upgrading or migrating to Symantec Endpoint Protection 12.1

    http://www.symantec.com/docs/TECH163602

    Hope that helps!!



  • 6.  RE: Upgrade SEP 11.x to 12.1 Pre-upgrade tasks

    Posted Oct 29, 2012 02:34 PM

    Ok, one of you said no, I do not need to disable secure comms and the other one said yes.  Which one is correct????

    Can someone describe to me the process of the installation to require this?  Is there a new cert created with the upgrade that replaces the one that is currently there causing the clients to fail to communicate?  Or is the same one used after the upgrade?  If the same one is used then I don't see any reason to disable it.  

    I just want to know the specifics, sorry if I am being a nuisance. 

    As far as the rest of the things that people have posted, thanks and I have read over most of the documents and I think all I have left to prepare for is the disaster recovery and to read over the known issues. 



  • 7.  RE: Upgrade SEP 11.x to 12.1 Pre-upgrade tasks

    Posted Oct 29, 2012 02:39 PM

    Yes, you need to disable prior to migration, than you can re-enable after migration is finished:

    https://www.symantec.com/business/support/index?page=content&id=HOWTO55355



  • 8.  RE: Upgrade SEP 11.x to 12.1 Pre-upgrade tasks

    Posted Oct 30, 2012 11:23 AM

    Ok, tow more question and I will be out of your hair.  

    The drive where 11.x is installed now is at 9GB free space and the embedded database is at over 2GB.  I will back that up to another machine before I upgrade.  I know that the installation requires 4-5 GB so how much more should I consider for the database?  Will it grow even more from the over 2GB that it is now?  

    If any machine is not on during the upgrade and does not recevie the policy to disable secure communications, is the only way to upgrade them to manually uninstall through Programs and Features and then to manually install the 12.1 client?  

    It is on a VM so I may can get some more space for it or we may end up moving it to a different VM. 



  • 9.  RE: Upgrade SEP 11.x to 12.1 Pre-upgrade tasks

    Trusted Advisor
    Posted Oct 30, 2012 11:30 AM

    Hello,

    Are you moving the SEPM server to a VM machine? If yes, check this Article:

    How to move the Symantec Endpoint Protection Manager server to a new VM or server machine with a different IP.

    http://www.symantec.com/docs/TECH95311

    Secondly, The Database size grows as per the number of clients reporting to the SEPM, logs / content kept and other factors.

    I would suggest you to check these Article:

    Disk Space Management procedures for the Symantec Endpoint Protection Manager

    http://www.symantec.com/docs/TECH96214

    Symantec Endpoint Protection (SEP) Sizing and Scalability recommendations

    http://www.symantec.com/docs/TECH123242

    Hope that helps!!



  • 10.  RE: Upgrade SEP 11.x to 12.1 Pre-upgrade tasks

    Posted Oct 30, 2012 12:20 PM

    Not moving.  Our current version is already on a VM and I am just upgrading it. I have read over the disk management doc already and I think we were already within the range to keep down on space taken up by the SEP server manager.  

    What about the clients that are turned off when I disable secure communications?  That was the second question in my previous post. 

    Thanks for all of your information.  You have been of great help. 



  • 11.  RE: Upgrade SEP 11.x to 12.1 Pre-upgrade tasks

    Posted Oct 30, 2012 12:51 PM

    Hate to jump in here late in the game, but: if you have not yet disabled secure communications, it is actually NOT needed. In preparing documentation for 12.1.2, this was deemed incorrect and the reference was removed for the Installation and Administration Guide (which is replacing the Implementation Guide in 12.1.2). I don't have an external, web-published KB link that I can point you to, unfortunately, except to the Installation and Administration Guide. The section that previously referred to this has been renamed "Upgrading a Management Server".

    sandra