Migrating to Symantec Endpoint Protection 11.0 MR4

Migrating to Symantec Endpoint Protection 11.0 MR4

Question/Issue:
This document describes how to migrate to Symantec Endpoint Protection 11.0 Maintenance Release 4 (MR4).


Solution:
Before you begin
This section gives the information that you need to know in order to plan for migration. This information includes supported migration paths and factors that can affect the success of the migration.

---

Note:
This document is meant only for migrations in which a previous version of Symantec Endpoint Protection 11.0 exists on the network or on individual computers. If no previous versions of Symantec Endpoint Protection products are already installed, please read the installation guide.

---

Things to know to ensure a successful migration
The following is a list of critical information that you need to know in order for your migration to succeed.

• Before you upgrade, you should back up the database. Please read "Best Practices for Disaster Recovery with Symantec Endpoint Protection" at:
  http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007082112135948
• If your site uses replication, you must disable replication before upgrading Symantec Endpoint Protection Manager. You must disable replication at each site that replicates.

Migration paths
This section lists the platforms that are supported during migration to the current version of Symantec Endpoint Protection.

Supported platforms
Symantec Endpoint Protection 11.0.4000 (MR4) can migrate seamlessly over the following:

• Symantec Endpoint Protection 11.0 (RTM), 11.0.1000 (MR1), 11.0.1006 (MR1 MP1), 11.0.2000 (MR2), 11.0.2010 (MR2 MP1), 11.0.2020 (MR2 MP2), and 11.0.3001 (MR3).

Downloading the Symantec Endpoint Protection 11.0.4000 MR4 Maintenance Release

• The installer package to upgrade Symantec Endpoint Protection is available from the Symantec Fileconnect site.
https://fileconnect.symantec.com/

Migration overview
The following table gives an overview of the migration process for each component of Symantec Endpoint Protection:

Component	Migration overview
Symantec Endpoint Protection Manager	When you migrate a server, the installation automatically detects and configures it appropriately. You do not need to uninstall management servers before you install the new version. The overinstall process saves legacy settings, and then upgrades to the latest version.
Symantec Endpoint Clients	When you migrate a client, the overinstall automatically detects the client, and migrates and installs it appropriately. You do not need to uninstall existing clients before you install the new version.

Overview of the migration process
Migration to the current version of Symantec Endpoint Protection includes the following steps in order:

• Create a migration plan
  Before you begin to install the Symantec Endpoint client, manager, and any administration upgrades, you should have a solid understanding of your network topology and a streamlined plan to maximize the protection of the resources on your network during the upgrade. Symantec strongly recommends that you migrate the entire network to the current version rather than managing multiple versions of Symantec Endpoint Protection.
• Backup up the database
  Before you upgrade, you should back up the database.
• Disable replication
  If your site uses replication, you must disable replication before upgrading Symantec Endpoint Protection Manager. You must disable replication at each site that replicates.
• Stop the Symantec Endpoint Protection Manager service
  Before you upgrade, you must manually stop the Symantec Endpoint Protection Manager service on every management server in your site. After you upgrade, the service is started automatically.
  WARNING: You must stop the Symantec Endpoint Protection Manager service before you perform this procedure or you will corrupt your existing installation of Symantec Endpoint Protection Manager.
• Upgrade the Symantec Endpoint Protection Manager
  You do not need to uninstall management servers before you install the new version. The overinstall process saves legacy settings, and then upgrades to the latest version.
• Enabling replication after migration
  After you migrate all servers that used replication including the servers that were configured for failover and load balancing, you need to re-enable replication. After migration, you add a replication partner to enable replication. You only need to add replication partners on the computer on which you first installed the management server. Replication partners automatically appear on the other management servers.
• Upgrade the Symantec Endpoint Protection Clients
  You do not need to uninstall previous clients before you install the new version. The overinstall process saves legacy settings, and then upgrades to the latest version.

Backing up the database
Before you upgrade, you should back up the database.

To back up the database
1. Click Start > Programs > Symantec Endpoint Protection Manager > Database Back Up and Restore.
2. In the Database Backup and Restore dialog box, click Back Up.
3. When asked "Are you sure you want to back up the database?" click Yes.
4. When you see the message "The database has been backed up successfully," click OK.
5. In the Database Backup and Restore dialog box, click Exit.

Disabling replication
If your site uses replication, you must disable replication before upgrading Symantec Endpoint Protection Manager. You must disable replication at each site that replicates.

To disable replication
1. Log-on to the Symantec Endpoint Protection Manager Console.
2. Click the Admin tab, then Click the blue Servers tab at the bottoms of the pane
3. On the Servers tab, in the left pane, expand Local Site, and then expand Replication Partners.
4. For each site that is listed under Replication Partners, right-click the site, and then click Delete.
5. In the Delete Partner prompt, click Yes.
6. Log-off the console, and repeat this procedure at all sites that replicate data.

Stopping the Symantec Endpoint Protection Manager service
Before you upgrade, you must manually stop the Symantec Endpoint Protection Manager service on every management server in your site. After you upgrade, the service is started automatically.

---

WARNING: You must stop the Symantec Endpoint Protection Manager service before you perform this procedure or you will corrupt your existing installation of Symantec Endpoint Protection Manager.

---

To stop the Symantec Endpoint Protection service
1. Click Start > Settings > Control Panel > Administrative Tools.
2. Double Click Services to launch the Services MMC snap-in.
3. In the Services window, under Name, scroll to and right-click Symantec Endpoint Protection Manager.
4. Click Stop.
5. Close the Services window.
   • Warning: Close the Services window or your upgrade may fail.
6. Repeat this procedure for all Symantec Endpoint Protection Managers.

Upgrading the Symantec Endpoint Protection Manager
You must upgrade all Symantec Endpoint Protection Managers on which you stopped the Symantec Endpoint Protection service.

To upgrade Symantec Endpoint Protection Manager
1. Download and unzip the maintenance release.
2. Browse to the location where you unzipped the maintenance release.
3. Double Click on setup.exe to start the installation.
4. In the Symantec Endpoint Protection panel, click Install Symantec Endpoint Protection Manager.
5. In the Install Wizard Welcome panel, click Next.
6. At the License Agreement panel, select "I accept..." then click Next
7. At the Ready to install the Program panel, click Install.
8. In the Install Wizard Completed panel, click Finish.
9. In the Upgrade Wizard Welcome panel, click Next.
10. In the Information panel, click Continue.
11. When the Upgrade completes, click Next.
12. In the Upgrade Succeeded panel, click Finish.

Repeat the above steps on all other Symantec Endpoint Protection Managers on which you stopped the Symantec Endpoint Protection Manager service.

Enabling replication after migration
After you migrate all servers that used replication including the servers that were configured for failover and load balancing, you need to re-enable replication. After migration, you add a replication partner to enable replication. You only need to add replication partners on the computer on which you first installed the management server. Replication partners automatically appear on the other management servers.

To enable replication after migration
1. Log-on to the Symantec Policy Management Console if you are not logged on.
2. Click the Admin tab, then click the blue Servers tab at the bottom of the pane.
3. On the Servers tab, in the left pane, expand Local Site, and then click Add Replication Partner.
4. In the Add Replication Partner panel, click Next.
5. In the Remote Site Information panel, enter the identifying information about the replication partner, enter the authentication information, and then click Next.
6. In the Schedule Replication panel, set the schedule for when replication occurs automatically, and then click Next.
7. In the Replication of Log Files and Client Packages panel, check the items to replicate, and then click Next.
   (Replicating packages generally involves large amounts of traffic and storage requirements.)
8. To complete the Add Replication Partner Wizard panel, click Finish.
9. Repeat this procedure for all computers that replicate data with this computer.

Upgrading the Symantec Endpoint Protection clients
The easiest way to migrate Symantec Endpoint Protection clients is by using the auto-upgrade feature. All other client software deployment methods are supported, but the auto-upgrade approach is the easiest way. The client migration installation can take up to 30 minutes. It is recommended to migrate when most users are not logged on to their computers.

---

Note: Test this migration approach before rolling out migration to a large number of computers. Create a new group and place a small number of client computers in that group for testing purposes.

---

To migrate client software
1. Log-on to the newly migrated Symantec Endpoint Protection Manager Console if you are not logged on.
2. Click Admin > Install Packages.
3. In the lower-left pane, under Tasks, click Upgrade Groups with Package.
4. In the Welcome to the Upgrade Groups Wizard panel, click Next.
5. In the Select Client Install Package panel, all existing client packages are listed in the drop down box. Select one of the following:
   • Symantec Endpoint Protection .
   • Symantec Network Access Control .
6. Click Next.
7. In the Specify Groups panel, check one or more groups that contain the client computers to be migrated, then click Next.
8. In the Package Upgrade Settings panel, check Download client from the management server.
9. Click Upgrade Settings.
10. In the Add Client Install Package dialog box, on the General tab, specify whether or not to keep existing client features or specify new ones, then configure a schedule for when to migrate the client computers. Under the Notification tab, specify a message to display to users during the migration.
    • If the clients in the group run a version of Symantec Endpoint Protection previous to MR2, turn off scheduling. Scheduling is on by default when a new client install package is added to a group. If scheduling is turned on, the upgrade fails. To turn off scheduling, in the Add Client Install Package dialog box, uncheck Upgrade Schedule.
11. For details about settings on these tabs, click Help.
12. Click OK.
13. In the Upgrade Groups Wizard dialog box, click Next.
14. In the Upgrade Groups Wizard Complete panel, click Finish.

References:
Creating new Client Installation packages in the Symantec Endpoint Protection Manager Console
Release notes for Symantec Client Security 3.1.x and Symantec AntiVirus 10.1.x


Document ID: 2008121712452848
Last Modified: 12/22/2008
Date Created: 12/17/2008
Operating System(s): Windows 2000 Professional, Windows 2000 Server/Advanced Server, Windows XP Home Edition, Windows XP Professional Edition, Windows XP Tablet PC Edition, Windows Server 2003 Web/Standard/Enterprise/Datacenter Edition, Windows Vista, Windows XP Professional x64 Edition, Windows Server 2003 x64 Edition, Windows Vista x64 Edition, Windows Server 2008 DataCenter 64-bit, Windows Server 2008 DataCenter 32-bit, Windows Server 2008 Enterprise 64-bit, Windows Server 2008 Enterprise 32-bit, Windows Server 2008 Standard 64-bit, Windows Server 2008 Standard 32-bit, Windows Server 2008 Web Server 64-bit, Windows Server 2008 Web Server 32-bit
Product(s): Endpoint Protection 11
Release(s): Endpoint Protection 11 [All Releases]

How to determine the appropriate page file size for 64-bit versions of Windows Server 2003 or Windows XP

The 64-bit versions of Microsoft Windows Server 2003 and Microsoft Windows XP can support more RAM than the 32-bit versions of these products. When lots of memory is added to a computer, a paging file may not be required. When you use the Pages/sec counter to measure paging file use, the value that is returned may not be accurate. To obtain an accurate measurement of paging file use, you must also use other performance counters. You can use System Monitor measurements to calculate the size of the paging file that your computer requires.

Windows Server 2003 Domain Controllers are not supported without a configured pagefile. Because the algorithm the LSASS database cache depends on the "transition pages repurposed/second" perfmon counter, a pagefile is required to make sure that the database cache is capable to release memory if memory is requested by other services or applications.

Note If you are running Microsoft SQL Server together with MSDTC (COM+), the pagefile should be at least 1 percent larger than how much RAM is installed in the system. For example, when you are using 32 GB of RAM, the pagefile should be at least 32.32 GB of RAM.

INTRODUCTION

When you set up a 64-bit version of Microsoft Windows Server 2003 or Microsoft Windows XP, the operating system will create a page file that is one and a half times the amount of RAM that is installed in your computer. However, as the amount of RAM in a computer increases, the need for a page file decreases. The following guidelines and methods will help you determine the appropriate page file size for your system.

Comparison of memory and CPU limits in the 32-bit and 64-bit versions of Windows

When you set up a 32-bit version or a 64-bit version of Windows Server 2003 or Windows XP, a page file is created that is one and a half times the amount of RAM that is installed in the computer provided there is sufficient free space on the system hard disk. However, as more RAM is added to a computer, the need for a page file decreases. If you have enough RAM installed in your computer, you may not require a page file at all, unless one is required by a specific application.

The following chart illustrates the amount of RAM and the number of CPUs that can be installed on a computer depending on the operating system that is installed. RAM and CPU limits are much larger in 64-bit operating systems than in 32-bit operating systems.

Collapse this tableExpand this table

General memory limits	32-bit	64-bit
Total virtual address space	4 gigabytes (GB)	16 terabytes
Virtual address space per 32-bit process	2 GB, 3 GB if the system is booted with the /3GB switch	2 GB, 4 GB if the application is compiled with the /LARGEADDRESSAWARE switch
Virtual address space per 64-bit process	Not applicable	8 terabytes
Paged pool	470 megabytes (MB)	128 GB
Non-paged pool	256 MB	128 GB
System cache	1 GB	1 terabyte

Physical memory and CPU limits	32-bit	64-bit
Windows XP Professional	4 GB / 1-2 CPUs	128 GB / 1-2 CPUs
Windows Server 2003, Standard Edition	4 GB / 1-4 CPUs	32 GB / 1-4 CPUs
Windows Server 2003, Enterprise Edition	32 GB / 1-8 CPUs	1 terabyte / 1-8 CPUs
Windows Server 2003, Datacenter Edition	64 GB / 1-32 CPUs	1 terabyte / 1-64 CPUs
Windows Server 2003 SP1, Enterprise Edition	64 GB / 1-8 CPUs	1 terabyte / 1-8 CPUs
Windows Server 2003 SP1, Datacenter Edition	128 GB / 1-32 CPUs	1 terabyte / 1-64 CPUs

There is no specific recommendation for page file size. Your requirements will be based on the hardware and software that you use and the load that you put on the computer. To monitor page file usage and requirements, run System Monitor, and gather a log during typical usage conditions. Focus on the following counters.

Collapse this tableExpand this table

Counter threshold	Suggested value
Memory\\Available Bytes	No less than 4 MB
Memory\\Pages Input/sec	No more than 10 pages
Paging File\\% Usage	No more than 70 percent
Paging File\\% Usage Peak	No more than 70 percent
Process\\Page File Bytes Peak	Not applicable

Note Page file use should be tracked periodically. When you increase the use or the load on the system, you generally increase the demand for virtual address space and page file space.

The Pages/sec counter

When you use System Monitor, the values that are returned by the Pages/sec counter for the Memory performance object may be more than you expect. These values may not be related to either paging file activity or cache activity. Instead, these values may be caused by an application that is sequentially reading a memory-mapped file.

The Pages/sec counter counts the number of pages that are read from the disk or that are written to the disk to resolve memory references to pages. These pages were not in memory at the time of the reference. The Pages/sec value is the sum of the Pages Input/sec and Pages Output/sec counter values. The Pages/sec counter includes paging traffic on behalf of the system cache to access file data for applications.

Pages/sec is the primary counter to watch if you are concerned about excessive memory pressure (thrashing) and the excessive paging that may result.

However, the Pages/sec counter also accounts for other activity, such as the sequential reading of memory-mapped files that are either cached or not. Typically, the Pages/sec counter is counting other activity when you see the following:

• A high value for the Memory: Pages/sec counter.
• An average value, relative to the system being monitored, or a high value for the Memory: Available Bytes counter.
• An average or small value for the Paging File: % Usage counter.
• For a non-cached memory-mapped file, you also see average or low cache activity. (Low cache activity is also known as cache fault activity.)

Therefore, a high value for the Memory: Pages/sec counter does not necessarily indicate memory pressure or a System Monitor reporting error. To gain an accurate reading of your system, you must also monitor other counters.

How to calculate page file size

Use one or more of the following methods to help you calculate page file size.

Method 1: Use performance logs to understand the paging activity on your computer

1. Click Start, point to Administrative Tools, and then click Performance.
2. Expand Performance Logs and Alerts, click Counter Logs, right-click the blank space in the right-pane, and then click New Log Settings.
3. In the Name box, type a name for the log, and then click OK.
4. On the General tab, click Add Counters.
5. Click Use local computer counters.
6. In the Performance object list, click Paging File.
7. Click Select counters from list, click % Usage, and then click Add.
8. In the Performance object list, click Memory.
9. In Select counters from list, click Available Bytes, and then click Add.
10. In Select counters from list, click Pages Input/sec, click Add, and then click Close.
11. Click OK.

Use the log that you collect during typical computer use to understand the paging activity on your computer. Then, adjust the page file size accordingly.

Method 2: Use the Page File Bytes Peak counter to calculate page file size

1. Click Start, point to Administrative Tools, and then click Performance.
2. Click System Monitor.
3. In the right pane, click + (the Add button).
4. Click Use local computer counters.
5. In the Performance object list, click Process.
6. Click Select counters from list, click Page File Bytes Peak, click Add, and then click Close.
7. Let the counter run during typical use of your computer.
8. Note the maximum value for the Page File Bytes Peak counter, and then multiply the value by 0.70. The sum of the equation is the size to set for your page file.

Method 3: Calculate the minimum and maximum page file size

To determine the approximate minimum page file that is required by your system, calculate the sum of peak private bytes that are used by each process on the system. Then, subtract the amount of memory on the system.

To determine the approximate maximum page file space that is required for your system, calculate the sum of peak private bytes that are used by each process on the system. Then, add a margin of additional space. Do not subtract the amount of memory on the system. The size of the additional margin can be adjusted based on your confidence in the snapshot data that is used to estimate page file requirements.

Note This estimate is accurate only if the snapshot of data that is used to make the calculations is accurate.

Page file input/output rates

To avoid overloading the system or other disks with page input/output (I/O) activity, use the following guidelines when you set up the page file on your computer:

• If the page I/O (real disk I/O) rate is more than 10 pages per second, we recommend that you do not put the page file where the I/O activity occurs on the system disk. When the page I/O rate is 10 pages per second or more, we recommend that you dedicate a separate hard disk for paging.
• If the page I/O rate to a particular disk that is used for paging is more than 60 disk I/O operations per second, use more than one dedicated page hard disk to obtain better performance. To do this, use multiple non-striped disks for paging, or use raid 0 striped disks for paging. Dedicate approximately one I/O hard disk to paging for every 60 pages per second of I/O activity.
  
  For example, if a system is averaging 150 pages of I/O activity per second, use three individual hard disks, or a three-disk raid 0 stripe set for the page file.
  
  Note These estimates are for hard disks that run at 7200 revolutions per minute (rpm). If you use a hard disk that runs faster, the I/O rate a disk can handle for page I/O will increase.
  
  Note If peak performance is critical to your system, use peak I/O rates instead of average I/O rates for these calculations.

Important Supportability Information: This article is specifically for computers that do not need kernel mode or full memory dump analysis. For business-critical servers where business processes require to server to capture physical memory dumps for analysis, the traditional model of the page file should be at least the size of physical ram plus 1 MB, or 1.5 times the default physical RAM. This makes sure that the free disk space of the operating system partition is large enough to hold the OS, hotfixes, installed applications, installed services, a dump file, and the page file. On a server that has 32 GB of memory, drive C may have to be at least 86 GB to 90 GB. This is 32 GB for memory dump, 48 GB for the page file (1.5 times the physical memory), 4 GB for the operating system, and 2 to 4 GB for the applications, the installed services, the temp files, and so on. Remember that a driver or kernel mode service leak could consume all free physical RAM. Therefore, a Windows Server 2003 x64 SP1-based server in 64-bit mode with 32GB of RAM could have a 32 GB kernel memory dump file, where you would expect only a 1 to 2 GB dump file in 32-bit mode. This behavior occurs because of the greatly increased memory pools.

For more information, click the following article number to view the article in the Microsoft Knowledge Base:

294418 (http://support.microsoft.com/kb/294418/ ) Comparison of 32-bit and 64-bit memory architecture for 64-bit editions of Windows XP and Windows Server 2003

MORE INFORMATION

Technical support for Windows x64 editions

Your hardware manufacturer provides technical support and assistance for Microsoft Windows x64 editions. Your hardware manufacturer provides support because a Windows x64 edition was included with your hardware. Your hardware manufacturer might have customized the Windows x64 edition installation with unique components. Unique components might include specific device drivers or might include optional settings to maximize the performance of the hardware. Microsoft will provide reasonable-effort assistance if you need technical help with your Windows x64 edition. However, you might have to contact your manufacturer directly. Your manufacturer is best qualified to support the software that your manufacturer installed on the hardware.

For product information about Microsoft Windows XP Professional x64 Edition, visit the following Microsoft Web site:

http://www.microsoft.com/windowsxp/64bit/default.mspx (http://www.microsoft.com/windowsxp/64bit/default.mspx)

For product information about Microsoft Windows Server 2003 x64 editions, visit the following Microsoft Web site:

http://www.microsoft.com/windowsserver2003/64bit/x64/editions.mspx (http://www.microsoft.com/windowsserver2003/64bit/x64/editions.mspx)

Back to the top

---

APPLIES TO

• Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
• Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
• Microsoft Windows Server 2003, Standard x64 Edition
• Microsoft Windows Server 2003, Datacenter x64 Edition
• Microsoft Windows Server 2003, Enterprise x64 Edition
• Microsoft Windows XP Professional 64-Bit Edition (Itanium)
• Microsoft Windows XP Professional x64 Edition
• Windows Server 2008 for Itanium-Based Systems
• Windows Server 2008 Datacenter
• Windows Server 2008 Enterprise
• Windows Server 2008 Standard

Keywords:

kbhowtomaster kbdiskmemory kbvirtualmem kbtshoot kbinfo KB889654