Endpoint Protection

Good Morning Connect,

I have recently taken over the SEPM solution that our server team had since install. IT Security is taking over the responsibility. We are having a few issues with this turn over which are listed below:

• The server admin that is responsible for it now did't do the install and is took over SEPM like I am now
• The server admin is now engaged in other matters with disaster recovery class / setup
• The server admin never installed or upgraded versions just patch releases to the 11.x environment

So as the Technical Security Analyst, my job is outlined in the task below:

• Migrate (hopefully) all the structure to the new install of 12.1.2015.2015
• Get with the desktop team and server teams to give them the new 12.X client install to bake into image
• Start upgrading current clients on 11.X

I am stuck in a few places with my task as I have been researching without success. Migrating from 11 to 12. There is a new server that we installed version 12 on. This server is a vm server and it has the sql server installed on the same server. (We are under 3000 clients on our network) How would I take our existing structure with groups, roles, policies, and reports into the new environment?

Once the initial migration of structure is complete, pushing out the version 12 client does't seem that bad. I can't however push out the new version to the clients on the network without making sure they are in the correct group and have the correct policies.

We have certain manufacturing servers, etc that have different policies in place. Some software can't be hindered by firewalls, others can't have anything, etc, etc. We also have 1000 field sales laptops. We had to get a custom policy for these laptops since they aren't connected to the vpn for more than a couple of minutes at a time. We put in if the client cannot touch our dns server, then it goes to Symantec Online to receive updates.

As you can see I am stuck and looking for a white paper, a how to guide, or anything that will help me out with migrating to the new version. Any help will be greatly appreciated. I have contacted our technical sales rep for more information but did't know if someone had something accessible so I could start and show progress to management.

Thanks,

Kyle

Here is a good KBA to look at:

Upgrading or migrating to Symantec Endpoint Protection 12.1.2 (RU2)

Article:TECH197426

|

Created: 2012-09-27

|

Updated: 2013-01-14

|

Article URL http://www.symantec.com/docs/TECH197426

 

 

Hello,

If you are planning to upgrade or migrate to Symantec Endpoint Protection 12.1.2, please take a look at the latest how-to article created by our very own SEP content council team.

Best practices for upgrading to Symantec Endpoint Protection 12.1.2

www.symantec.com/business/support/index?page=content&id=TECH163700

Hope that helps!!

Hi,

Main important thing over here is you want to move it to the another server.

Or else upgrade process was very simple.

You should refer this article:

Hot to move SEPM from one server to another server.

https://www-secure.symantec.com/connect/articles/hot-move-sepm-one-server-another-server

Go through this article and let me know which method you have chosen so we can guide more correctly.

One more important thing, Currently installed SQL database is on the same machine where SEPM is installed or it's on another machine? Are you planning to install new SQL database? OR Just trying to point new SEPM to the existing database?

We currently have a new 12.0 environment up and running with a new sql database running on that same server.

 

That means we will be migrating only the data as the old and new server have different host anme and ip addresses

You can upgrade the old SEPM to the same version as the new SEPM and setup replication between the two so you don't lose all your policies, settings, etc.

You have the SQL DB on the same box as the SEPM? I hope the new SEPM has very generous hardware specs to run both a SEPM and SQL server?

Hi,

SEP 12.0 version means Small Business Edition. Are you using SBE version? I think it's Enterprise Edition(EE) because SQL database is supported with EE only.

Let me know the exact version of SEPM. You can refer this article to find out version info.

https://www-secure.symantec.com/connect/articles/what-are-symantec-endpoint-protection-sep-versions-released-officially

Also update with the following info

1) SQL version

2) New VM Operating System details (Server OS name, 32bit or 64 bit)\

That means we will be migrating only the data as the old and new server have different host name and ip addresses -->  Yes, But important thing is you have only 1 SQL database and that too installed on the same SEPM machine. Right?

Attached are screenshots of the about informaiton to your questions.

The reason we are going with a fresh install on a new server is version 11 is installed on server 2003. We have a mandate that any new servers are to be built with 2008R2, unless the software doesn't go up that high.

I asked the same questions when this project started about the sql db on the same server. Since the Server team will be monitoring the servers, they will provide greater resources from the host if needed.

 

 

 

Hi,

I would suggest you to go with Replication. In replication versions of the Policy Manager have to be the same. Reason I am suggesting this option because number of clients are 3000+

1) If you go with the replication then either install SEP 11.x version on another site and then initiate the replication. After successful replication upgrade the SEPM to the latest version.

OR

2) Upgrade the existing SEPM to the latest version first then install same version of SEPM on new server  ( I think you have already installed ) and initiate the replication. After successful replication decommission the old server.

Second option is more easy to implement by looking at your scenario.

https://www-secure.symantec.com/connect/articles/replication-and-considerations

Note : If you wish to move SEPM from one machine to another with the help of replication, Replication is an option, decide whether to go or not.Because if you do replication and remove the old server that is the Primary SEPM , in future if you want to do replication you will not be able to do so.

 

My 2 pence worth 

Given the wide variety of questions you have, have you considered contacting Symantec or a Symantec Partner (such as ourselves) for professional services or assistance on this project?

From our persepctive, we normally provide a lot of knowledge transfer with our engagements, and so would be able to train you up on what you'll need going forward.

The options ahead of you vary depending on if you wish to mirror the current config as well, or if you want to look at SEP anew and with Symantec security best practices in mind.

Also, regarding the database.  If implementing as a VM, I'd recommend using a dedicated off-box SQL (if available) for all but the smallest of installations.  The SEPM and DB both generate a fair amount of disk activity, which can hinder the performance of the other guests if not accounted for beforehand.  If you think the VM Host and disks can handle it however, then the embedded DB option is sufficient for up to 5k endpoints (and saves you a SQL license).

I have and they will be on site Friday. I do however want to do my homework and be able to intelligently speak to my manager about the situation.

The vm host are very beefy here and have no worries with our servers being able to handle the load. 

Hi,

I would like to share the following info then.

Till date SEP releases: https://www-secure.symantec.com/connect/articles/what-are-symantec-endpoint-protection-sep-versions-released-officially 

Product expiry information: http://www.symantec.com/business/support/index?page=releasedetails&key=51852

Embedded database supports upto 5000 clients per SEPM

SQL database supports upto 80,000 clients per SEPM.

Best Practices to Backing up a Microsoft SQL Database on Demand from the Symantec Endpoint Protection Manager Console

http://www.symantec.com/docs/TECH96409

Best Practices guide for Installing the Symantec Endpoint Protection Manager with a SQL Server 2005 Database

http://www.symantec.com/docs/TECH104405

Top 10 Symantec Best Practices - Deploying Symantec Endpoint Protection Architecture

http://www.symantec.com/business/support/index?page=content&id=TECH92051&locale=en_US

Best Practices for Installing Symantec Endpoint Protection (SEP) on Windows Servers

http://www.symantec.com/docs/TECH92440 

Hello, I hope you have recieved your answer. Please let me know if any help required..? Upgrading to Symantec Endpoint Protection 12.1.2 (RU2) Article URL http://www.symantec.com/docs/TECH197426

Update:

I have gotten in touch with SEP engineer and have decided on the following.

We will be standing up two new servers. One will be the SEP server and the other will house both SQL databases. One for SEP and one for the Analytics.

We will be migrating to a different structure but keeping the policies the same for prod servers on the manufaturing floor.

Once the new servers are up and running, we will upgrade the existing environment to version 12 and pushing out the new binaries to the clients. Once this is done, we will slowly migrate the clients to the new environment by pushing the new ip address for the SEP server to the clients.

Thanks to everyone that gave feedback and documentation.