This article addresses some of the frequently asked questions regarding subscriptions and product versions.
Applies to the following Sophos product(s) and version(s)
Sophos Endpoint Security and Control
Frequently Asked Questions
Why are Sophos changing from the previous version control system?
There are several reasons for the change, we feel that we should, as a security company, be keeping customers as up to date as possible with the latest protection. If there are many choices of software versions available (some very old) then this task is made more difficult for both the customer and for Sophos, since customers can easily make inappropriate software selections or get “left behind” on older versions. The new lifecycle scheme brings simplicity, and with it less chance of falling behind on older versions of our endpoint software.
Also, maintaining many older versions within Sophos takes a lot of resource, this resource could be better employed developing software that provides better protection rather than testing and developing older versions.
What is the benefit to me the customer?
- A simpler interface with less clutter and potential for confusion.
- A reduced set of choices which should mean more appropriate versions selected for any given environment.
- More frequent but smaller updates mean better protection and less overall change.
What versions of Sophos Enterprise Console does this affect?
All. The change was introduced in June 2013 and applies to all versions of the console. The biggest changes will be seen by new customers (from June 2013) using SEC 5.2.1 (and above) where they will only see the new subscriptions, and will not have access to any fixed versions. Over time all subscriptions will move to the new model, SAV 10.0.x versions will be the last that follow the old scheme, thus, all versions of SEC, and all customers, will be using the new lifecycle by the beginning of 2015 after SAV 10.0.x has retired.
What version of Sophos Anti-Virus and Operating Systems does this affect?
From 10.2 onwards. SAV 10.0.x is the last version that will follow the old lifecycle, and will retire at the end of December 2014.
Are "Preview" versions to be considered a "Beta"?
Absolutely not! The software delivered via the Preview subscription is fully tested production quality code. The reason it is in a separate subscription is to allow customers to see what changes will be delivered into the Recommended and other subscriptions over time. More frequent changes will appear in the Preview subscription which is why customers are advised to use it in test networks or small deployments only. There is no reason why it cannot be deployed site-wide except that we will not announce changes which could be frequent.
What is the difference between a "Major" and a "Minor" upgrade, numerically and physically?
A major upgrade would be when we introduce a version of SAV that replaces 10.x.x. Minor updates are updates that introduce new features or make other more minor changes to the software. Since we are releasing changes more frequently we will have more minor upgrades happening. Previously we would have “batched up” the many minor upgrades and made them into a major upgrade. We do not currently foresee any need for a major upgrade as all changes are being planned and released incrementally.
What testing period is recommended for "Major" and "Minor" upgrades?
This will depend on your own internal systems and processes, however, we allow for 3 months of testing of minor upgrade changes if you use the Extended and Previous Extended subscriptions. This period should be more than enough to allow for regression testing against your existing systems and any required testing of new features, as well as rolling out the software. In the event of a major upgrade, we will give 12 months’ notice of the retirement of the outgoing major version together with a 6 month overlap of versions to allow for more significant testing and evaluation.
Do "fixed" packages automatically upgrade?
This will depend on the type of support you have and which version of SEC you are using. From SEC 5.2.1 onwards fixed versions will normally be hidden unless you have Platinum support and we have re-instated fixed versions for you. Also, there is no option to unselect automatic upgrades of fixed versions, even with Platinum support in place. This is because as soon as Sophos retires a fixed version it will no longer receive security updates, which is against our primary goal of best protection. Older versions of SEC will continue to see fixed versions.
I need to test versions before they are released to our live environment. What is the recommended method to achieve this?
Use the Extended and Previous Extended subscriptions as a complementary pair in order to test prior to roll out. Alternatively, if only a small amount of testing is required you could use Previous Recommended which will normally lag behind Recommended by about 1 month.
How long in advance of an automatic upgrade do I have to test new versions?
We will not provide any notification of automatic upgrades for the Preview subscription. For Recommended and Extended we will give as much notice as possible. Our release calendar shows the next 6 months or so of releases, so you should pay attention to this and choose the appropriate subscriptions based on the change profile of that subscription and your environment. We will also notify of more major upgrades in Recommended and Extended via the console messaging system, emails and support notifications.
Why don't all "Preview" versions move to "Recommended"?
We feel that the rate of change would be too great if we were to move all versions from Preview to Recommended. Also, we want to provide a period of overlap between Preview and Recommend several times each year to allow customers to move between these two subscriptions without having to downgrade. This may be necessary when a new feature is needed or we introduce a fix initially in Preview.
Why don't all "Recommended" versions move to "Extended"?
This is because of the overlap period between Extended and Previous Extended, this overlap period is at least 3 months, we could not have this overlap if we moved every version from Recommended to Extended.
If I am using "Recommended" or "Extended" how do I know which versions to test if not all of them move into these packages, or do I have to test all of them?
The release calendar will inform you which versions are destined for which subscriptions.
Where can I find the predicted version release schedule?
This information is published in the Calendar of release dates.
I have a three month change freeze, how should I configure this to operate?
It would be best to use the Extended and Previous Extended subscription pair to accommodate change freezes such as this.
This appears to be more complicated than the previous system, I was told "Complexity is the enemy of Security" - James Lyne, source bbc.co.uk. How do these changes "simplify" this procedure for us?
Complexity is indeed the enemy of security. This is precisely why we have reduced the number of options that a you have to choose between, made all of the available subscriptions more up to date and also given them "use appropriate" names since the versions are no longer as relevant.