3 Replies Latest reply on Mar 23, 2012 5:59 AM by cisadmin

    Upgrade advice needed - ePO+DLP+EEPC+EncUSB

      We are planning to upgrade our existing McAfee infrastructure to the latest versions.  The main driver is upgrading ePO but we will use this as an opportunity to upgrade DLP, Endpoint Encryption for PC and Encrypted USB managemnt as well.

       

      I'm looking for advice from others who have gone through the same or similar process.  Specifically I would appreciate any help on the following:

      • Upgrade order; which product(s) should be updated before others
      • Common pitfalls, problems, etc. that we might encounter through the upgrade process (and how to avoid or mitigate)

       

      Our current environment:

      • ePO v4.0 Patch 7 (4.0.0 build 1363)
      • DLP v3.0.0.708
      • EEPC v5.1.6 (management not ePO integrated)
      • Encrypted USB management v3.1.1 (not ePO integrated)

       

      Thanks to all who can help.

        • 1. Re: Upgrade advice needed - ePO+DLP+EEPC+EncUSB

          Sorry, forgot to mention that we would like to update to the most recent versions of those products and integrate management into ePO for EEPC and Enc. USB.

          • 2. Re: Upgrade advice needed - ePO+DLP+EEPC+EncUSB

            *bump*

             

            I'd really appreciate any help/suggestions/friendly chatter re: this question.  Most important to me is what order to upgrade the systems in.

            • 3. Re: Upgrade advice needed - ePO+DLP+EEPC+EncUSB
              cisadmin

              Hi KAO. Your firt port of call is to review what you have and whether or not they will go to the latest versions. For example EEPC 5.1.6 would need to be upgraded to 5.1.7 first as far as I am aware. There are KB articles for each product you can review. ePO 4.0 P7 has a direct upgrade path but I am not sure on your DLP version.

               

              For EEPC you have two options - 1. Migration or 2. Start Fresh

               

              If you currently use SSO I would advise doing your upgrade in a staged way with preboot disabled initially (Please be aware this reduces the security of your system). You may also want to use EEGO prior to deploying as well as doing backups and chkdsk /r to make sure you have no issues. I know this is not always practical but it is advised.

              With preboot disabled and SSO on this means after users are upgraded, when they login their passwords will be cached. You can then simply enable preboot again and your users will be able to login again as they had previously done.

              A fresh install as opposed to the migration tends to be the quickest and most hassle free way of doing it. The migration will work fine but adds unecessary administration time.

               

              The one thing I will say in relation to upgrading to ePO 4.6 is if you can purge your database of all uneccessary data and have it in as clean and small a state as possible prior to doing the upgrade it will make it a lot cleaner and quicker for you.

               

              ePO 4.6 in my own opinion is very good and much better for administrators where you can actually now view client events and threat events for individual systems. It's only small but just one of those little things that makes your job easier. Also peoples confusion over extensions can be resolved using the software manager where it now installs them for you. McAfee's main product is VSE but anyone I talk to that uses McAfee still do not know the extension files are within the software .zip that you download. You need to extract those extension files and check them in seperately. I'm sure most people in this community know that already but just one of those things I see a lot.

               

              Hope the above helps and best of luck with your rollout.