6 Replies Latest reply on Jun 8, 2017 11:43 AM by tucker84

    Migrating from DLP 9.3 to 9.4

    Fademidun

      Hello,

       

      Anyone with doc/links/advise on how to migrate DLP from 9.3 to 9.4 then 10.x

      Please I need as much info as possible especially from someone who has done this before.

       

      I'm currently running both side by side

       

      Thanks

        • 1. Re: Migrating from DLP 9.3 to 9.4
          catdaddy

          Discussion successfully moved from Community Support to Data Loss Prevention (DLP)

          For better assistance and better exposure.

          • 2. Re: Migrating from DLP 9.3 to 9.4
            tucker84

            What do you mean you're running both side by side? Are you running all three versions right now or just 9.3 and 9.4?

            • 3. Re: Migrating from DLP 9.3 to 9.4
              Fademidun

              Of course 9.3 and 9.4

              • 4. Re: Migrating from DLP 9.3 to 9.4
                tucker84

                Why do you have 9.3 in your environment? Moving over to 10 is a fairly big deal. From the documentation it looks like you'll need to do a fair amount of policy recreation.

                Is there a functionality reason why you want to migrate versions? 9.4 doesn't have an EOL date as of now, and it looks like it won't be until at least 2019 judging by the EOL for 9.3

                 

                Have you looked into DLP 11 that was recently released? Both migration guides are listed below.

                 

                McAfee Corporate KB - Data Loss Prevention 11.x Migration Guide PD27068

                McAfee Corporate KB - Data Loss Prevention 10.x Migration Guide PD27013

                • 5. Re: Migrating from DLP 9.3 to 9.4
                  Fademidun

                  Thanks for sharing these docs. I've decided to settle for new Build, not that we have a choice anyway as our current environment is on Win2K8 R2/SQL2K8/ePO 5.3.0.400

                  We're moving to W2K12 R2/W2K16, ePO 5.9 and SQL2K16. So new build, Policy Migration and Upgrade are mandatory (We're waiting for Patch 1 to be release for ePO 5.9)

                   

                  I have 2 choices either (1) build new environment with new OS-12/16 and SQL-16 and replicate ePO to current version - 5.3.0, migrate all rules and policies etc., move systems then Upgrade to 5.9.1 or (2) start from scratch afresh everything new then migrate and move systems. Whichever option I choose I know for sure it's going to be a fairly big Job.

                   

                  Honestly DLP 9.4 is non functional, just install to have a feel!

                   

                  What do you suggest/advise

                  • 6. Re: Migrating from DLP 9.3 to 9.4
                    tucker84

                    I would recommend going with server 2016 not server 2012. It'll make it less painful in the future for updates. Is it supported going from 2008 SQL to 2016 SQL?

                     

                    If you're a smaller shop with only a few custom policies I would say start from scratch. This will let you get very familiar with your current policies and show you how to implement them in the new environment especially if you're not the admin who created them to start with. It will also let you revise the policies and make updates to them that you may not have realized were possible before.  The larger your organization the more tedious this becomes. McAfee's new update tool should work well if you decide to do a supported update route instead.

                     

                    No matter what make sure to make backups. I've done a few ePO updates and while I only had issues with one it took ePO completely off the server and failed to install the new version. Reverting to a backup made recovery easy.

                     

                    If you use McAfee for Encryption you'll want to read the encryption guide to updating. There are a few caveats especially when moving servers.

                    Just a warning when you move off from DLP 9.3 the regex syntax changes since McAfee moved to Google's RE2.