You are on page 1of 7

1.

Migration Overview

The following table gives an overview of the migration process for each
component of Symantec Endpoint Protection:

Component Migration overview


Symantec Endpoint 1. When you migrate a server, the installation
Protection Manager automatically detects and configures it
appropriately.
2. You do not need to uninstall management
servers before you install the new version.
3. The overinstall process saves legacy settings,
and then upgrades to the latest version.
Symantec Endpoint 1. When you migrate a client, the overinstall
Protection automatically detects the client, and migrates
Clients and installs it appropriately.
2. You do not need to uninstall existing clients
before you install the new version.

Overview of the migration process:


Migration to the current version of Symantec Endpoint Protection includes the
following steps in order:
Backup up the database
Before we upgrade, we should back up the database of all SEPM servers.

Note: We should ensure there is enough drive space on local system to store the
backup for the upgrade to happen smoothly

Disable replication
If our site uses replication, we must disable replication before upgrading
Symantec Endpoint Protection Manager. We must disable replication at each
site that replicates.
Note: We cannot add SEPM servers as replication partners if the version does
not match

Enable local authentication


If Symantec Network Access Control is in use, and then enable Local
Authentication prior to migration.
Disable "Protect client files and registry keys" Application Control Policy
If the setting "Protect client files and registry keys" is used, disable it in the
Application Control policy prior to the migration.

WARNING: If this setting is not disabled, we may face issues at a later stage
when migrating our clients.

Stop the Symantec Endpoint Protection Manager service


Before we upgrade, we must manually stop the Symantec Endpoint Protection
Manager service on every management server in our site. After upgrade, the
service is started automatically.
WARNING: We must stop the Symantec Endpoint Protection Manager Service
before we upgrade, or it will corrupt existing installation of Symantec Endpoint
Protection Manager.

Upgrade the Symantec Endpoint Protection Manager


We do not need to uninstall management servers before we install the new
version. The overinstall process saves legacy settings, and then upgrades to the
latest version.
Enabling replication after migration
After we migrate all servers that used replication, including the servers that
were configured for failover and load balancing, we must add a replication
partner to enable replication.

Note:

a) We only need to add replication partners on the computer on which we first


installed the management server (SEDC-SEPM Server in our case). Replication
partners automatically appear on the other management servers.
b) Take the snapshot of Replication server settings before disabling the
replication

c)For replication to happen all 5 SEPM servers must be on same version.

Upgrade the Symantec Endpoint Protection Clients


we do not need to uninstall previous clients before we install the new version.
The over install process saves legacy settings, and then upgrades to the latest
version.

Note: Below client Operating System cannot be upgraded to SEP 12.1 as they
are not supported but they still can be managed by 12.1

Windows XP (SP1, SP2) or lower

Windows Server 2000

2. Upgrading Symantec Endpoint Protection Manager 11.06X

We need to follow the below steps to upgrade SEP 11.06x version to 12.1

1. Backing up the database

To back up the database


1. Click Start>Programs>Symantec Endpoint Protection Manager
>Symantec Endpoint Protection Manager Tools>Database Back Up and
Restore.
2. In the Database Backup and Restore dialog box, click Back Up.
3. When asked "Are you sure you want to back up the database?" click
Yes.
4. When you see the message "The database has been backed up
successfully," click OK.
5. In the Database Backup and Restore dialog box, click Exit.

2. Disabling replication
To disable replication
1. Log on to the Symantec Endpoint Protection Manager Console.
2. On the Admin tab, click the blue Servers tab at the bottom of the pane.
3. On the Servers tab, in the left pane, expand Local Site>Replication Partners.
4. For each site that is listed under Replication Partners, right-click the site, and
then click Delete.
5. In the Delete Partner prompt, click Yes.
6. Log off of the console, and repeat this procedure at all sites that replicate
data.

Note: You must not re-enable replication between sites until they are
running the same version of the software.

3. Stopping the Symantec Endpoint Protection Manager Service

To stop the Symantec Endpoint Protection service


1. Click Start >Settings >Control Panel >Administrative Tools.
2. Double Click Services to launch the Services MMC snap-in.
3. In the Services window, under Name, scroll to and right-click
Symantec Endpoint Protection Manager.
4. Click Stop.
5. Close the Services window.
Warning: You must close the Services window, or your upgrade may fail.
6. Repeat this procedure for all Symantec Endpoint Protection
Managers.

4. Upgrading the Symantec Endpoint Protection Manager

To upgrade Symantec Endpoint Protection Manager


1. Download and unzip the Release Update.
2. Browse to the location where you unzipped the Release Update.
3. Double-click setup.exe to start the installation.
4. In the Symantec Endpoint Protection panel, click InstallSymantec
Endpoint Protection Manager.
5. In the Install Wizard Welcome panel, click Next.
6. At the License Agreement panel, select "I accept..." then click Next.
7. At the Ready to install the Program panel, click Install.
8. In the Install Wizard Completed panel, click Finish.
9. In the Upgrade Wizard Welcome panel, click Next.
10. In the Information panel, click Continue.
11. When the upgrade completes, click Next.

In the Upgrade Succeeded panel, click Finish.

Repeat the above steps on all other Symantec Endpoint Protection Managers on
which you stopped the Symantec Endpoint Protection Manager Service.

Note: We also need to have Database credentials to finish the upgrade


successfully

5. Enabling replication after migration

To enable replication after migration


1. Log on to the Symantec Policy Management Console if you are not
logged on.
2. On the Admin tab, click the blue Servers tab at the bottom of the
pane.
3. On the Servers tab, in the left pane, expand Local Site, and then click
Add Replication Partner.
4. In the Add Replication Partner panel, click Next.
5. In the Remote Site Information panel, enter the identifying
information about the replication partner, enter the authentication
information, and then click Next.
6. In the Schedule Replication panel, set the schedule for when
replication occurs automatically, and then click Next.
7. In the Replication of Log Files and Client Packages panel, check the
items to replicate, and then click Next.
(Replicating packages generally involves large amounts of traffic and storage
requirements.)
8. To complete the Add Replication Partner Wizard panel, click Finish.
9. Repeat this procedure for all 4 SEPM Servers that replicate data with
this SEDC SEPM server.

6. Activating Product license for SEP 12.1 on SEDC SEPM Server

When migrating from SEP11.x or 12.0), we get license that expires in 241 days.
We can activate the license either by contacting Symantec customer Support
or by log into SEPM console

1. Click Admin, and then click Licenses.


2. Under Tasks, click Activate license.
Follow the instructions in the License Activation Wizard to complete the
activation process.

7. Upgrade client software

Once we upgrade all SEPM managers to latest version 12.1 we can start upgrading
clients on different sites in different phases by applying client packages on groups
with the below methods
1. AutoUpgrade*--assign client packages to groups in the Manager console,
either manually or by using the Upgrade Groups Wizard. Run the Client
Deployment

2. Wizard from the Manager console. It will walk you through the creation of
a client package that can be deployed via a weblink and email, remote push,
or saved for later local installation or deployment using third-party tools.