Migration paths for Symantec Endpoint Protection 11.0

Article:TECH102483  |  Created: 2007-01-13  |  Updated: 2010-01-26  |  Article URL http://www.symantec.com/docs/TECH102483
Article Type
Technical Solution


Issue



This document describes supported and unsupported migration paths for Symantec Endpoint Protection 11.0.


Solution



How to migrate from Symantec AntiVirus or Symantec Client Security

Migrations that are supported
The client installation routinely checks for the existence of the following software and migrates the software if it is detected:
  • Symantec AntiVirus client and server 9.x and later
  • Symantec Client Security client and server 2.x and later

Migrations that are blocked
The client installation routines check for the existence of the following software and blocks migration if the software is detected:
  • Symantec AntiVirus client and server 8.x and earlier
  • Symantec Client Security client and server 1.x
  • Symantec Client Firewall 5.0
  • Symantec System Center, all versions
  • Symantec Reporting Server 10.x
  • Confidence Online Heavy by Whole Security, all versions
  • Norton AntiVirus and Norton Internet Security, all versions

You must uninstall this software first and then install Symantec Endpoint Protection clients

Migrations that are not supported
The following software is not migrated, and can co-exist on the same computer as Symantec Endpoint Protection client software:
  • Symantec Client Firewall Administrator, all versions
  • LiveUpdate Server
    To install the latest version of LiveUpdate Server, first uninstall the legacy version.
  • Netware computers that run any version of Symantec AntiVirus
    Netware operating systems are not supported with this version. Continue to protect these computers with legacy versions.
  • Symantec AntiVirus and Symantec Client Security client and server that run on Itanium hardware
    Itanium hardware is not supported with this version. Continue to protect these computers with legacy versions.

About migrating Central Quarantine
To migrate Central Quarantine Console and Server, you must uninstall and reinstall both components.


Migrating from legacy Symantec Sygate software

About migrating to Symantec Endpoint Protection 11.x
You can migrate Symantec Sygate Enterprise Protection 5.1 and greater and Symantec Network Access Control 5.1 and greater to Symantec Endpoint Protection 11.x. No other legacy Sygate software is supported for this migration. To migrate older legacy Sygate software versions, first migrate them to Symantec Sygate Enterprise Protection 5.1.

About migrating Symantec Sygate server and management software
The migration goal is to install Symantec Endpoint Protection Manager and Symantec Endpoint Protection Management Console for Symantec Endpoint Protection 11.x. The legacy server and management software that you can migrate consists of the following two products:
  • Symantec Sygate Enterprise Protection 5.1 management server, console, and database
    The server components are called Symantec Policy Manager and Symantec Policy Management Console.
  • Symantec Network Access Control 5.1 management server, console, and database
    The server components are also called Symantec Policy Manager and Symantec Policy Management Console.

The legacy product Symantec Sygate Enterprise Protection 5.1 includes all of the functionality that the legacy product Symantec Network Access Control 5.1 provides. The functionality subset that Symantec Network Access Control provides is Host Integrity policies and Enforcer capabilities.


Note: Timestamp values in Host Integrity policies do not migrate correctly. After migration, inspect all Host Integrity settings that are configured for time values and change them if necessary.



Symantec Endpoint Protection 11.0 is similar to Symantec Sygate Enterprise Protection 5.1 with one exception. The exception is that Symantec Endpoint Protection does not include Host Integrity or Enforcer capabilities. Therefore, if you migrate Symantec Sygate Enterprise Protection 5.1 servers that provide Host Integrity or Enforcer capabilities, you must also purchase and install the Symantec Endpoint Protection Manager for Symantec Network Access Control 11.0 on those migrated servers to retain access to that functionality.


Note: Server migration migrates all existing policies and settings that are configured for the servers and site.



Supported server migration paths
The following software is supported for migration to Symantec Endpoint Protection Manager and Management Console for Symantec Endpoint Protection:
  • Symantec Policy Manager and Management Console 5.1
    To gain access to the Host Integrity and Enforcer features, you must also install Symantec Endpoint Protection Manager for Symantec Network Access Control 11.0.
  • Symantec Network Access Control Manager and Console 5.1
    You can migrate this software to Symantec Endpoint Protection 11.0. However, to gain access to the legacy Host Integrity and Enforcer features, you must also install the Symantec Endpoint Protection Manager for Symantec Network Access Control 11.0.

Unsupported server migration paths
Symantec Endpoint Protection Manager for Symantec Endpoint Protection migration is blocked when any of the following software is detected:
  • Sygate Policy Manager 5.0
  • Sygate Management Server 3.x and 4.x
  • Whole Security Management Server, all versions

Before you can install Symantec Endpoint Protection Manager for Symantec Endpoint Protection, you must uninstall this software.


Note: If you try to migrate Symantec Endpoint Protection Manager 5.1, and if any of the unsupported software is detected, the migration is also blocked.


About migrating legacy Symantec Sygate client software
The migration goal is to install Symantec Endpoint Protection 11.x. The legacy agent software that you can migrate consists of the following two products:
  • Symantec Protection Agent 5.1
  • Symantec Enforcement Agent 5.1

Symantec Protection Agent includes all of the functionality that Symantec Enforcement Agent provides. The functionality subset that Symantec Enforcement Agent provides includes Host Integrity only. To migrate the client computers that run Symantec Protection Agent or Symantec Enforcement Agent, install Symantec Endpoint Protection 11.0 on those computers and migration is complete.

Like the Sygate Protection Agent, Symantec Endpoint Protection 11.0 client software includes all functionality that the Symantec Protection Agent and Symantec Enforcement Agent provide and more. So if you have Sygate Protection Agents that provide Host Integrity, you do not need to also install Symantec Network Access Control 11.0 on those clients. You do, however, need to install the Symantec Endpoint Protection Manager for Symantec Network Access Control 11.0 on the management servers to regain access to that client functionality.

Supported client migration paths
The following software is supported for migration to Symantec Endpoint Protection:
  • Symantec Protection Agent 5.1
  • Symantec Protection Agent 5.1 with Symantec AntiVirus 9.x and greater
  • Symantec Protection Agent 5.1 with Symantec Client Security 2.x and greater
  • Symantec Enforcement Agent 5.1
  • Symantec Enforcement Agent 5.1 with Symantec AntiVirus 9.x and greater
  • Symantec Enforcement Agent 5.1 with Symantec Client Security 2.x and greater

Unsupported client migration paths
Symantec Endpoint Protection 11.0 client migration is blocked when any of the following software is detected:
  • Sygate Protection Agent 5.0
  • Sygate Enforcement Agent 5.0
  • Sygate Security Agent 3.x and 4.x
  • Whole Security Confidence Online Enterprise Edition all versions.
  • Symantec Protection Agent 5.1 and Symantec AntiVirus 7.x and 8.x
  • Symantec Protection Agent 5.1 and Symantec Client Security 1.x
  • Symantec Enforcement Agent 5.1 and Symantec AntiVirus 7.x and 8.x
  • Symantec Enforcement Agent 5.1 and Symantec Client Security 1.x




References
This document is available in the following languages:




Legacy ID



2007091315222248


Article URL http://www.symantec.com/docs/TECH102483


Terms of use for this information are found in Legal Notices