Endpoint Protection

 View Only
  • 1.  Upgrade SEPM 11.x to 12.1.4 + switch DB from internal to MS-SQL

    Posted Feb 13, 2014 04:52 AM

    Hi guys,

    I need to upgrade an existing install of SEPM 11 to 12.1.4
    On the same time, I need to bring the DB from internal to Microsoft SQL on a separate server.

    Existing infrastructure:
    - Windows 2008 x86 (Single server)
    - SEPM 11.0.6100.645
    - Internal DB

    Target infrastructure:
    - Windows 2012-R2 (Single server)
    - SEPM 12.1.4
    - Separate MS-SQL 2008R2 server

    Of course, I need to be able to switch my clients from the old infra to the new one.
    I also need to migrate settings and policies.

     

    What scenario would you advise in order to achieve those prerequisite ?

    Thanks in advance !
    JTD

     

     



  • 2.  RE: Upgrade SEPM 11.x to 12.1.4 + switch DB from internal to MS-SQL

    Posted Feb 13, 2014 04:56 AM

    See this thread and chetan commnets

    https://www-secure.symantec.com/connect/forums/need-upgrade-sepm-1212015-1213-and-win-2003-2008#comment-9777191

    Symantec Endpoint Protection 12.1: Best Practices for Disaster Recovery with the Symantec Endpoint Protection Manager

     

    Article:TECH160736 | Created: 2011-05-24 | Updated: 2013-11-25 | Article URL http://www.symantec.com/docs/TECH160736

     



  • 3.  RE: Upgrade SEPM 11.x to 12.1.4 + switch DB from internal to MS-SQL

    Posted Feb 13, 2014 05:10 AM

    Best Practices for Disaster Recovery with the Symantec Endpoint Protection Manager

    http://www.symantec.com/business/support/index?page=content&id=TECH102333

    Best Practices guide for moving the Symantec Endpoint Protection Manager SQL Server database from one drive to another on the same machine.
    http://www.symantec.com/business/support/index?page=content&id=TECH106213

     

    Best Practices guide to moving the Symantec Endpoint Protection Manager SQL Server database from an existing SQL Server database to a new SQL Server database
    http://www.symantec.com/business/support/index?page=content&id=TECH104723



  • 4.  RE: Upgrade SEPM 11.x to 12.1.4 + switch DB from internal to MS-SQL

    Posted Feb 13, 2014 05:12 AM

    My recommendations:

     

    Step 1: Upgrade current SEPM 11 to 12.1 RU4 ->http://www.symantec.com/docs/TECH211821

    Step 2: Move the database from Embedded to SQL -> http://www.symantec.com/docs/TECH102547

    Step 3: Perform SEPM move to new 2012 Server by Disaster recovery -> http://www.symantec.com/docs/TECH171767

     

    Step 2 and Step 3 can be done together if the target server will have same IP and FQDN as the old server - see note in TECH102547 :

    Note: The Symantec Endpoint Protection Manager must be reinstalled to the same computer that it was removed from, or on a computer with the same IP address and host name.



  • 5.  RE: Upgrade SEPM 11.x to 12.1.4 + switch DB from internal to MS-SQL

    Posted Feb 13, 2014 05:17 AM

    I would recommend a phased approach here, and break the process into the below stages and test client connectivity at each stage:

    1. Change SEPM DB Type to offbox SQL (then backup and test)
    2. In place Upgrade to 12.1RU4 of SEPM (then backup and test)
    3. Install 12.1RU4 SEPM on new server (then backup and test)
    4. Move clients across to new SEPM by creating and assigning new Management Server Lists (then backup and test)
    5. Upgrade clients

    Like I say, testing at each stage is recommended.  The rationale behind this order is:

    1. Changing to SQL first frees up a bucket load of disk space that is useful for the version upgrade (2), plus having an off-box SQL DB allow you to connect multiple SEPMs together in a single site (3)
    2. Upgrading to 12.1RU4 first means you won't have to install IIS on the new server when you come to it (3)
    3. Adding the new SEPM into the same SEP site as the original, makes it a load easier to move clients across (4)

    and 4 & 5 are pretty self-evident, as it's your aim after all.  The below articles should aid in each step:

    1. http://www.symantec.com/docs/TECH102547
    2. http://www.symantec.com/docs/TECH211821
      http://www.symantec.com/docs/TECH163700
    3. http://www.symantec.com/docs/HOWTO11097
    4. http://www.symantec.com/docs/HOWTO81154
      http://www.symantec.com/docs/HOWTO80735
      New MSL should list only the new SEPM
    5. http://www.symantec.com/docs/HOWTO80780

    Hope that lot helps



  • 6.  RE: Upgrade SEPM 11.x to 12.1.4 + switch DB from internal to MS-SQL

    Trusted Advisor
    Posted Feb 13, 2014 05:20 AM

    I'd just upgrade to SEPM 11 to 12.1 RU4 then on the new server setup replication between the servers (new and old). Once it has completed a replication job. Then in the old SEPM go to policies > Policy Components > Management server lists and in there then set the policy to point at the new server. Once all clients reporting in to new manager shut down the old manager. 



  • 7.  RE: Upgrade SEPM 11.x to 12.1.4 + switch DB from internal to MS-SQL

    Broadcom Employee
    Posted Feb 13, 2014 07:18 AM

    Hi,

    Total how many clients are in the nework?



  • 8.  RE: Upgrade SEPM 11.x to 12.1.4 + switch DB from internal to MS-SQL

    Posted Feb 13, 2014 12:25 PM

    So we are moving servers and DB backend as well...

     

    Take your backups of course :)

     

    I would think the easiest (especially for large number of clients) way would be to upgrade the current SEPM to 12.1.4 (and DB schema will be upgraded as well)

     

    Then install the second/new SEPM as a replication partner to the 2012 Server, and the replication will go right to a SQL server - once the replication is complete - let a couple days pass to make sure that all the clients receive the newer communications file (that will list the old server AND the new server)

     

    Once a few days pass (if you wait longer [say a week or even two]), you can change the management server lists to point only to the new server, remove the old server from the replication/partnerships then offline the old server...

     

    This is the least messy, and least likely to orphan clients...sure restoring their communications is easy, the only problem is figuring out which machines are missing (especally if you are dealing with hundreds and moreso if thousands)

     

    However, since you are migrating/upgrading a database from 11.x to 12.1 - PLEASE review ALL your policies, quite frankly, I would suggest recreating new policies for AV, Firewall, Application and Device Control, and LiveUpdate - the default settings that come with version 11, are not the best for 12.1 or modern networks/machines/etc - you can use your old policies as a reference but I wouldn't use them for long term...