4 Replies Latest reply on Jul 17, 2014 2:34 AM by westland

    Best way to migrate to ePolicy Orchestrator 5.1

    westland

      I'm busy trying to find out what would be the best way for us to opgrade our McAfee ePolicy Orchistrator enviroment.

      There are a lot of possibilities, but i can't seem to find what is the best for us

       

      We have a current shared server with other software:

      Server 2003 x86

      SQL 2005 SP3 (ePO DB 3,8Gb)

      ePolicy Orchestrator 4.5.0.851 (Patch 1)

       

      Want to go to a new dedicated server (new name/IP)

      Server 2008 R2

      SQL 2008/2012 express edition

      ePolicy Orchestrator 5.1

       

      We currently have 250 clients + 100 servers running below software:

      McAfee Agent 4.5.0.1852

      Product Coverage Reports 4.5.0.1852

      VirusScan Enterprise 8.7.0.570 Patch 4

      AntiSpyware 8.7.0.129

       

      About 15 laptops running Endpoint Encryption 1.0.1.7, but we'll remove the software and install the newest version when the client is over to the new enviroment.

       

      Thank you in advance.

        • 1. Re: Best way to migrate to ePolicy Orchestrator 5.1
          rgc

          Hi Jeroen Stive,

           

          The best way is to go with new install of epo 5.1 and redeploy the agents to all the machines with forceinstall switch.

           

          Because, youa re with epo 4.5.1, and mentioned managed only vse 8.7 and for EEPC you are confirmed will remove and go with new DE 7.1 with epo 5.1.

           

          The upgrade plan contains huge steps to follow, becuase of your existing epo version and patch.

           

          I will guide you both the ways new install and upgrade plan, you can deside which is easier for you.

           

          Upgrade Plan:

          =============

           

          >. Since you are with EPO 4.5.1, you need to upgrade to 4.5.3 before upgrading to EPO 4.6 or later.

           

          >> Every upgrade, you need to take complete eppo folder and FULL EPO DB backup and then follow the KB71825 EPO checklist as mandatory.

           

          Once you upgraded to epo 4.5.3, then you can confirm everything is working and agents are reporting, and then follow backup and checklist and perform the EPO 4.6.6 upgrade.

           

          https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/ 24000/PD24351/en_US/ePO_4_6_6_Release_Notes.pdf

           

          >> Then, you need to move the existing EPO 4.6.6 to new windows 2008 R2 64bit, by following the KB71078 ( moving from 32 too 64bit) with same IP and host name.

           

          By the time moving, make sure, you will use sql 2008 R2 sp2 Express / if you have full version of sql, this will helps going to eppo 5.1.0 with supproted SQl.

           

          https://kc.mcafee.com/corporate/index?page=content&id=KB71078

           

          https://kc.mcafee.com/corporate/index?page=content&id=KB76739

           

          https://kc.mcafee.com/corporate/index?page=content&id=KB71825

           

          https://kc.mcafee.com/corporate/index?page=content&id=KB66616

           

          >> Once epo 4.6.6 on windows 2008 R2 64bit OS with SQl 2008 sp2 or later and everything is working fine.

           

          Then again take the backup and follow KB76739 EPO 5.x checklist ( MANDATORY), to perform the in-place upgrade of epo 5.1.0.

           

          NOTE: SInce, you are using vse 8.7, the epo 5.1.0 won't support vse 8.7, hence you can't export and import the policies until you upgrade VSE to 8.8 version.

           

          -------------------------------------------------------------------------------- --

           

          The fresh install:

          ===============

           

          >> Just you need to install the EPO 5.1.0 on new server and then export and import the machines from old to new epo through text file or through AD sync.

           

          >> Then you can redeploy the agents to all the machines with "Forceinstall " option enabled to push new agent from EPO 5.1.0.

           

          NOTE: If you push the agent 4.8 from new epo, with those machines having VSE 8.7, it will block the agent package by default, for this you need to push the policy from old epo stating disable the access protection to all the machines and then push the agent 4.8 from new epo.

           

          Additionally: Attached the document with screenshot for the steps to go with new install and export and import systems and install vse etensions...

           

          I hope this answered all your queries.

           

          Regards,

          RGC

           

          Message was edited by: rgc on 7/16/14 2:02:40 AM CDT
          • 2. Re: Best way to migrate to ePolicy Orchestrator 5.1
            westland

            Hi RGC,

             

            Thank you for the clear answer.

             

            It looks like the upgrade option isn't possible for us because the currently used server is also used for other software so we cant create a new x64 server with the same name and IP.

             

            There is an option to export the current policy's, isn't there an option to import it to ePO 5.1 and connect them to vse 8.8?

             

            What about the new agent installation: we can't install the new agent because vse 8.7 is running from the old server so we have to disable the access protection in the curently used 8.7 policy's?

             

            It looks like the export extensions part in the doc isn't for us because an export from the old server isn't possible due a version error (vse 8.7)?

            We now do an Active Directory sync so we can keep using that and won't have to export and imporrt the systems from the old server

             

            Regards,

            Jeroen

            • 3. Re: Best way to migrate to ePolicy Orchestrator 5.1
              rgc

              Hi Jeroen Stive,

               

              You understanding is absolutely correct.

               

              The export and import systems is am example, If you have AD sync, I suggest use AD sync ONLY.

              For VSE export and import is not applicable for your environment, since it is VSE 8.7..

               

              >> Well, I understand you will go with new install and redpeloy agent with "Froceinstall" option from Actions-Agent- Deploy agent from system tree.

               

              I suggest to perfrom to one or two machines, and then check the requirements are fulfilled, then push toi ALL ( As a good practice).

              >> Before doing this, you need to disable the AP from old epo for vse 8.7, as you mentioned it is correct...

               

              I hope, now you are clear with what steps to follow.

               

              If you still have queries, reply to this post to address your queries.

               

              Regards,

              RGC

              1 of 1 people found this helpful
              • 4. Re: Best way to migrate to ePolicy Orchestrator 5.1
                westland

                Hi RGC,

                 

                I think everything is clear now, thank you for your help.

                 

                Regards,

                Jeroen