3 Replies Latest reply on Nov 24, 2011 8:56 AM by whgibbo

    Migration of EEPC 6.1 Clients from ePO 4.5 to ePO 4.6

    hubertcarpet

      Has anyone gone through the process of migrating EEPC 6.1 clients from ePO 4.5 to ePO 4.6 and have a procedure that they are willing to share?

       

      I have approx 150 EEPC clients, mainly VIPs and mobile laptop users and need to progress with the minimum disruption to users and exposure of unencrypted data during the process. I understand from documentation and service requests that this "is not supported" but my thoughts run along these lines:

       

      ePO 4.5:

      1. Decrypt endpoint

      2. Uninstall EEPC application and client to clear links to ePO 4.5.

       

      ePO 4.6:

      1. Install new ePO agent.

      2. Wakeup agent and update policies.

      3. Reinstall EEPC agent and application.

      4. Re-encrypt.

       

      Does this seem overkill? I have tried just a decrypt and then the ePO 4.6 agent but then EEPC fails to trigger into encryption.

       

      Having just fallen foul of the issue where moving encrypted clients down the AD OU structure wipes all the allowed users from the preboot environment (KB72615) and annoys VIP users, I can't afford this process to be disruptive!

       

      All thoughts most welcome.

        • 1. Re: Migration of EEPC 6.1 Clients from ePO 4.5 to ePO 4.6
          whgibbo

          Hi,

          Could you please clarify if this is a new server or are you upgrading from ePO 4.5 to 4.6 ?

          • 2. Re: Migration of EEPC 6.1 Clients from ePO 4.5 to ePO 4.6
            hubertcarpet

            Hi,

             

            Thanks for your swift response.

             

            These are 2 separate, existing, production servers as I am migrating users between 2 data centres. The EEPC encrypted machines are currently on the ePO 4.5 server and I need to move them to the new ePO 4.6 server. Once complete, the ePO 4.5 server will be decommissioned.

            • 3. Re: Migration of EEPC 6.1 Clients from ePO 4.5 to ePO 4.6
              whgibbo

              Hi,

              Firstly, there is no option to migrate Endpoint Encryption users between ePO servers..  This is currently being looked into.

               

              But you can migrate a EEPC client machine from one ePO Server to another.  In order to for this to work, you will need to ensure the following:

              • The product policies are the same on both ePO servers. (Failing to do so could result in the machine having the wrong encryption state).
              • The user based policies are the same on both ePO servers.
              • You have assigned users to the machine on the new ePO servers. (Failing to do so could result in the machine having no users and you would have to do a administrator recovery, either from the old the server of the new depending on when a reboot was done.  As the machine keys need to be sent to the new ePO server.).

               

              Once you have done this, you have two options.

              1. Configure the old ePO server to have the new ePO servers key (Menu->Configuration->Server Settings->Security Keys).  Please refer to the ePO documentation for this.
                1. Then from the System tree page, select the required machines and then click actions->Agent->Transfer Systems.
              2. From the new ePO Server, do a force agent install to the required machines.

               

              In both cases, it will require at least 2 ASCIs to ensure that the machine keys have been transfer to the new ePO Server and the users.

               

              Please ensure you test this with a test machine first. 

               

              Hope this helps.

               

              Message was edited by: whgibbo on 24/11/11 08:56:30 CST