7 Replies Latest reply on Jan 16, 2017 4:13 AM by PhilR

    Query on EPo upgrade from4.6.9 to 5.3.2

    syedali

      Hi Experts,

       

      Need your expert advice on migrate and upgrade epo 4.6.9 to 5.3.2. We currently have McAfee DLP 9.4. 200, Eepc 7.x. McAfee SIEM and McAfee web gateway.

       

      Note: we will be using our old sql server only for the new EPo server 5.3.2 which is running sql 2008 enterprise

       

      I would like to know what is the best and safe way to migrate policies and tasks and the preferences of old to new and upgrade to new epo version without any adverse impact.

       

      Looking forward to hear back from the EPo experts.

       

      Thanks,

      Syed

        • 1. Re: Query on EPo upgrade from4.6.9 to 5.3.2
          ahawke

          With respect to policies, tasks, ect, export from the old and import into the new.

          There are some items such as Users that require manual add into the new. (typically a good time to do a user audit)

           

          DLP will be OK since you are on the newer module and do not have to convert from legacy module (9.3)

           

          Make sure you transfer your security keys! Save them in 3 places before nuking the legacy ePO version.

          • 2. Re: Query on EPo upgrade from4.6.9 to 5.3.2
            PhilR

            Using the migration tool is the easiest way I know of.

            • 3. Re: Query on EPo upgrade from4.6.9 to 5.3.2
              ahawke

              I neglected to mention nodes. If you are upgrading agent version, IMO, I think its valuable to start fresh. Meaning that once you have policies, tasks, assignment rules, ect. moved over, push agent from the new overtop of the current agent on nodes. This 1. installs upgraded MA 2. "migrates" / new ePO assumes management.

               

              If you collect evidence per DLP rules, just use the same UNC.

              • 4. Re: Query on EPo upgrade from4.6.9 to 5.3.2
                zero_delay

                Additionally I would recommend using the system transfer function, as it only changes the sitelist.xml on the client side so that the agent knows how to communicate with the new epo and server side it adds entries to the new epo database.

                This is cleaner and safer than force installing over an existing installation.

                 

                Furthermore, before transferring, get all your agents to 4.8 patch 3 and then transfer. Unless you have to upgrade to 5.0.4, i'd recommend staying with 4.8 p3.

                • 5. Re: Query on EPo upgrade from4.6.9 to 5.3.2
                  ahawke

                  System transfer is an option...

                  However, if you want an agent upgrade and migration in one change, install over existing MA is the most logical option.

                  Also, if you want a "fresh" DB, you're better off doing a new agent install.

                   

                  It really depends on what you want.

                  • 6. Re: Query on EPo upgrade from4.6.9 to 5.3.2
                    syedali

                    Thank you all for your valuable suggestions.. do we have migration utility for epo ? Where can I find it and would be nice if you have any kb articles on how to use the epo migration utility ??

                     

                    Does migrating security keys from old to new epo and systems will automatically update the sitelist.XML what about sitemgr.XML should I export and import the same from old to new as well ?

                     

                    In addition do I need to decrypt the systems that r running MDE 6.x and 7.x before transferring the systems to the new epo ? What is best recommendation from you all for MDE clients ?

                     

                    Thank you all for your continuous help and valuable suggestions.

                     

                    Regards,

                    Syed

                    • 7. Re: Query on EPo upgrade from4.6.9 to 5.3.2
                      PhilR

                      The migration tool hides under the disguise of "UpgradeCompatibility", so try running UpgradeCompatibility.exe from the UpgradeCompatibility folder in the unpacked ePO 5.3.2 distribution.

                       

                      It's also documented in McAfee's ePO 5.3.2 docs.

                       

                      Cheers,

                       

                      Phil