Support Center > Search Results > SecureKnowledge Details
Best Practices - Upgrade Media Encryption and Full Disk Encryption clients from R73 to E80.X
Solution

General information before the upgrade

  • Media Encryption clients are managed by the Media Encryption server and also there is an SQL database, which contains encryption keys for the encrypted devices. The DB can be also embedded on the server machine.
  • File Encryption (in case there is one) is also a standalone client, which is used for directory encryption. This product is EOL and also no longer available in newer Endpoint Security versions.
  • Starting from R76, the Endpoint Security Server is part of the Security Management Server.
  • Endpoint Security Server can run only on a distributed Security Management Server (StandAlone configuration is not supported).
  • To upgrade the existing clients (Media Encryption and Full Disk Encryption clients), you will have to create a PreUpgrade package.
  • The purpose of the PreUpgrade package is to uninstall the Media Encryption and Full Disk Encryption clients, and instead of them install Media Encryption and Full Disk Encryption blades.
  • During the upgrade, the  Media Encryption client will be removed. Full Disk Encryption will be removed, as well, but the drive will NOT be decrypted.
  • File Encryption clients should be uninstalled manually from the machines (in case there is a client on these machines).
  • The server should be fresh installed and cannot be upgraded – sk65202.
  • Information about Secure Access can also be found in sk65202.

Upgrade process

  1. Install Endpoint Security Server as described in the E80.62 and R77.30.01 Release Notes (same as R77) (page 19 "Installation and Configuration").
  2. Preparations for FDE upgrade:

    To prepare the environment for the FDE upgrade, you need to follow the steps, as described in the E80.62 on R77.30.01 Endpoint Security Management Administration Guide (page 61 "Upgrading Legacy Clients").

  3. Preparations for Media Encryption upgrade:

    In order to transfer Devices and Encryption keys from the R73 Media Encryption Server to the new R77.30.01 server, follow the E80.62 on R77.30.01 Endpoint Security Management Administration Guide (page 153 "Upgrading Media Encryption R73.x Devices and Keys").

  4. Create a new deployment rule with Media Encryption and Full Disk Encryption blades, as described in the E80.62 on R77.30.01 Endpoint Security Management Administration Guide (page 48 "Deploying Endpoint Security Clients").

    It is possible to modify the "Entire organization" rule, if the deployment is the same for all clients.

  5. Upgrade options:

    The possible deployment options are Offline upgrade and Online Upgrade.

    In this section, you will also have information about Secure Access clients. The important note here is to add the uninstallation password in the same way as FDE.

  6. When the PreUpgrade package is created, deploy the package on the test machine and check the results.

 


 

To install Endpoint Security Clients, the following licenses are required on the Endpoint Security Server:

  1. Endpoint Security Server license
  2. Container licenses
  3. FDE licenses
  4. Media Encryption Licenses

Note: File Encryption should be manually uninstalled before the deployment of the E80.XX clients

This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment