4 Replies Latest reply on Jul 27, 2011 7:40 AM by mark.tizzard

    EEPC v6.0.2 encryption system migration

    mark.tizzard

      Hi All,

       

      I am looking for some input on migrating encrypted EEPC v6.0.2 systems from a ePO v4.5 server to a v4.6 ePO server. My initial plan was to set EEPC to be unencrypted and inactive then push a new agent via SCCM, then once the new system shows up in the new v4.6 ePO server set the policy to active and re-encrypt.

       

      Is this method safe? Is there a better or easier way that I should handle this? My current ePO server is at v4.5 with the latest patch and EEPC hotfix. Also if it makes things easier I wouldn't be against going to EEPC v6.2 before migrating to a new server.

       

      Thanks

       

      Mark

        • 1. Re: EEPC v6.0.2 encryption system migration
          whgibbo

          Hi Mark,

          I am looking for some input on migrating encrypted EEPC v6.0.2 systems from a ePO v4.5 server to a v4.6 ePO server. My initial plan was to set EEPC to be unencrypted and inactive then push a new agent via SCCM, then once the new system shows up in the new v4.6 ePO server set the policy to active and re-encrypt.

          This will work, but of course it means decrypting all the machines..  Also means that the users token data will be lost as well..

           

          6.0.2 did support transferring the machines (whilst encrypted) from one ePO server to another,  you would have to ensure that the policies on new ePO server match those on the old ePO server.  There were a couple of cases where the machine keys weren't sent up from, but these were addressed in EEPC 6.1.

           

          Also transferring machines from one ePO server to another, does not transfer any user data.  Although in theory if the same users were assigned to the ePO branches and systems it may sent it up from the client, you would need to test this..

           

          If you can I would upgrade to EEPC 6.1, then upgrade to ePO 4.6.  This would save having to transfer any systems and keep the machines encrypted and all the user data intact.

           

          Hope that helps

          • 2. Re: EEPC v6.0.2 encryption system migration
            mark.tizzard

            Thanks for the explanation - that is very helpful - I will note that I use EEPC for encrypted drives and not PBA so really my concerns are that once i migrate the systems they will report to the new ePO that they are encrypted and I will be able to recover them using the code of the day and the eetech disc.

             

            In my current setup can you confirm if I need to upgrade to EEPC v6.1 before migrating them to ePO 4.6?

             

            Also some things to also note - i didn't intend on upgrading my current ePO server, once all systems are migrated to the new server the old will be decommissioned so I had intended to do as little work as possible to the old server and focus my attention on the new environment.

             

            thanks again for the input.

             

            Mark

            • 3. Re: EEPC v6.0.2 encryption system migration
              whgibbo

              Hi Mark

              mark.tizzard wrote:

               

              Thanks for the explanation - that is very helpful - I will note that I use EEPC for encrypted drives and not PBA so really my concerns are that once i migrate the systems they will report to the new ePO that they are encrypted and I will be able to recover them using the code of the day and the eetech disc.

               

              Ok, so you have autoboot enabled..  The keypoint, is ensuring that the ePO Policies match on both servers, providing this is done you should have a problem.  Another point to take into account is that the clients will have to perform at least one asci from the new server for the keys to be transferred.  During that time, you will be able to do a administrator recovery from the old server.  Once it has performed the policy enforcement on the new server, then yes you will be able to use eetech.

               

              In my current setup can you confirm if I need to upgrade to EEPC v6.1 before migrating them to ePO 4.6?

               

              No you don't need to upgrade your ePO server to 4.6.  But EEPC does have a requirement of ePO 4.5 Patch 4 Hotfix 1.

               

              Hope this helps..

              1 of 1 people found this helpful
              • 4. Re: EEPC v6.0.2 encryption system migration
                mark.tizzard

                thanks again for the explanation - I have ePO v4.5 P4 HF 1 installed as I was required to do this per McAfee T3 support for the issue I had in the past with EEPC\ePO.