Endpoint Protection

 View Only

  • 1.  Migration

    Posted Jul 08, 2011 03:38 PM

    Hi

     

    we are running SEP11 ru6 mp3 on a single windows 2003 server DB+SEPM

    What will be the best upgrade path if we want to move to Win2k8R2 and after moving to a Central loging architecture

     

     

    Thanks



  • 2.  RE: Migration

    Posted Jul 08, 2011 10:48 PM

    follow the disaster recovery 

    http://www.symantec.com/business/support/index?page=content&id=TECH102333

    or 

     

    How to move Symantec Endpoint Protection Manager from one machine to another

     

    http://www.symantec.com/business/support/index?page=content&id=TECH104389



  • 3.  RE: Migration
    Best Answer

    Broadcom Employee
    Posted Jul 09, 2011 01:41 PM

    Hi,

    Check this thread.

    https://www-secure.symantec.com/connect/forums/symantec-end-point-protection-manager#comment-5237011

     

    Hi,

    There are two methods to move Symantec Endpoint Protection Manager (SEPM) from one machine to another:

    Method 1: if the SEPM server keeps the same IP and host name, you can refer to "Best Practices for Disaster Recovery with the Symantec Endpoint Protection Manager"

    http://www.symantec.com/business/support/index?pag....

    Method 2: if the new SEPM server has a different IP and host name, there are two alternatives:

    1. Use replication to install a new SEPM and keep the policy the same with old SEPM. See "How to move Symantec Endpoint Protection Manager from one machine to another" 

    2. Install a new SEPM, then use the Sylink file (replace with sylink replacer tool ) to establish communication between the new SEPM and the existing SEP client. 

    Few helpful links:

    http://www.symantec.com/business/support/index?pag...

    http://www.symantec.com/business/support/index?pag...



  • 4.  RE: Migration

    Trusted Advisor
    Posted Jul 11, 2011 09:46 AM

    Hello,

    Please Understand: 

    The differences between 2003 Server and 2008 Server are major. In particular, the change from IIS 6 to IIS 7 introduces a very major overhaul in the way programs 'hook' into IIS. When the SEPM is installed with IIS 6, it is configured differently than it would be if it were installed with IIS 7. There is nothing in the server's migration process that accommodates these configuration differences.

     

    Method 1:
     
    1. Migrate your SEPM Console to the latest version of SEP.
     - Follow the following documentation. 
    http://www.symantec.com/docs/TECH155655
     
    2. Follow the steps in our documentation for Best Practices for Disaster Recovery:
     
    Best Practices for Disaster Recovery with Symantec Endpoint Protection
    http://www.symantec.com/docs/TECH102333
     
    3. Move the disaster recovery files (the database backup and the keystore information) to a backed-up location.
    4. Uninstall the SEPM.
    5. Perform the migration to Windows 2008 Server.
    6. Install the SEPM.
    7. Perform the recovery steps in the Best Practices for Disaster Recovery documentation to restore the database from a backup and import the communication settings.
    8. Clients should automatically begin checking into the SEPM Console if Step 7 is successful.
     
     
    Method 2:
     
    1. Export any policies that you would like to keep and save them in a backed-up location.
     - Right-click the policy in the main Policies tab and select Export Policy...
    2. Make note of your current group structure
     - Expand all the groups in the main Clients tab and take a screenshot.
    3. Uninstall the SEPM.
    4. Perform the migration to Windows 2008 Server.
    5. Install the SEPM.
    6. Log into the SEPM and re-create the group structure in the main Clients tab and import the policies in the main Policies tab.
    7. Download and run SylinkReplacer (https://www-secure.symantec.com/connect/downloads/sylinkreplacer-tool-connecting-sep-clients-sepm)


     - You can export a sylink.xml from the SEPM. In the Clients tab, right-click a group and select "Export communication settings". Rename the file it exports to "sylink.xml". 
    8. Clients should automatically begin checking into the SEPM Console under their previous groups after SylinkReplacer is finished.

     

    Both methods have their advantages/disadvantages... Method 1 requires a little more work on the front-end (before migration to Win2008) and will be more convenient when re-connecting clients. However, it is prone to failure and is therefore less reliable (although, worst case scenario is to revert to the second method). Method 2 requires very little pre-migration work and a little more work afterwards, but it's very reliable.
     



  • 5.  RE: Migration

    Posted Jul 11, 2011 10:14 AM

    I have 2 SEPM consoles each with their own database and they do replicate.   I also would like to move from 2003 to 2008R2 on my servers.  I am running my servers on ESX so that may give me some options. Here was my plan which I think will work

     

    1 upgrade the existing servers to 12 and get them replicating again

    2 Install new SEPM servers on the new 2008R2 servers in each of my data centers and link them to the existing databases

    3 export new packages for installs that point to the new servers and get them in my images and have server team start using them for new server installs.

    4 Remove the old 2003 servers

     

    Does that sound like it should work in my mind in seems like it should and be fairly painless.