Support tips for upgrading from Endpoint Security and Control version 8 to version 9

To help your upgrade run smoothly, Sophos Technical Support has compiled the following tips for you. We suggest that you also read the Quick Upgrade Guide (if you installed using the defaults) or the Advanced Upgrade Guide (if you customized your installation) before upgrading.

Uninstall the existing role-based consoles

The Helpdesk Console and Enterprise Read-Only Consoles allow you to create role-based admininistration roles on your network. However, Enterprise Console 4 has this functionality built-in and, as a result, the existing role-based administration consoles must be removed before you upgrade to Enterprise Console 4. They can be removed by using Add/Remove Programs.

Back up the database

We recommend that you back up the Enterprise Console database before an upgrade. We have a command line tool to use for backing up. Before using it, ensure that you stop the Sophos Management Service (MgntSvc.exe) so that no new information is written to the database while it is being backed up. For instructions for backing up the database using backupdb, please see section 5.3 of the Advanced Upgrade Guide.

Migrating Enterprise Console to another server

If you're going to take this opportunity to migrate Enterprise Console to another server, please see Enterprise Console Migration Guide or Enterprise Console: updating to the latest version, and migrating the console and configuration to a new 32-bit server.

Upgrade to Enterprise Console 4 and the Update Manager

• If your Sophos database is on a different server than Enterprise Console, you must upgrade the database first.
  
  
• If you use NAC for Endpoint Security and Control, we strongly recommend using section 6 of the Advanced Upgrade Guide to guide you through the upgrade.

There are a few situations where either EM Library or your current settings won't migrate to the new Update Manager automatically:

• If your EM Library is not located on the same computer as Enterprise Console, you will have to perform some of the migration to the Update Manager manually. Please see the Advanced Upgrade Guide for more information.
  
  
• If you currently use a custom file in a Central Installation Directory (CID), the migration to Update Manager will proceed, but you will have to recover the custom file from your existing CID and copy it to the new update location.
  
  
  Not sure whether you have a custom file or not? If you've ever made changes to a policy configuration xml file and rolled that policy out using exportconfig.exe, you have a custom file.
  
  
• If you currently have a custom package in your EM Library CIDs (if you've changed the package name, for example), you won't be able to replace this package in the update manager. Please select the most appropriate package in the list of available packages in the update manager in Enterprise Console.
  
  
• If you use have been using a special schedule using registry keys (that Sophos Technical Support helped you configure) for updating in EM Library, you won't be able to keep using it after the migration to the Update Manager. Please configure a new updating schedule in Enterprise Console's update managers.
  
  
• If you've ever protected a server or computer as an endpoint and now you would like to install a standalone update manager on it, uninstall RMS from that computer using Add/Remove Programs and then use the update manager installer (in Enterprise Console, from the View menu, choose Sophos Update Manager Installer Location to find the installer) to install the standalone update manager.

After you've upgraded Enterprise Console

Before deploying the new software to your endpoints:

• Ensure that the updating structures have all received the package before deploying the new software and updating policies to your groups.
  
  
• If you had device control settings configured in an Application Control policy in Endpoint Security and Control 8, this policy is not automatically migrated over as it is now a separate policy in Endpoint Security and Control 9. To migrate your old device control settings, we have a migration tool available that's described in section 11 of the Advanced Upgrade Guide for instructions on how to do this.
  
  
• Be aware that some endpoints may need a reboot after the upgrade. Please see Upgrading to Endpoint Security and Control 9: is a reboot required? for more information.
  
  
• Warn your users that the firewall icon will disappear when you deploy the upgrade: you’ll save yourself calls to your help desk that way. Also warn them that their computer may need a reboot.

After upgrading your endpoints

• Keep EM Library running until you’ve checked the Updating Hierarchy Report. This report will show you which update source your endpoints are using. If any EM Library CIDs are still being used, be sure to migrate them (see the Advanced Upgrade Guide for more information). When your Windows and Mac endpoints (as well as your computers running Sophos Anti-Virus for UNIX/Linux version 7.x) have all been migrated to new update locations, the legacy updating policies will disappear.
  
  
• You will have to manually configure your computers running Sophos Anti-Virus for UNIX/Linux version 4.x and Sophos Anti-Virus for Netware computers to use the new update location. See Migrating update locations for computers running Sophos Anti-Virus for UNIX and Linux version 4.x and Best Practice: subscribing to Sophos Anti-Virus for Netware from Enterprise Console version 4 for more information.
  
  
• Once you are confident that no computers are updating from EM Library CIDs, and you are ready to remove EM Library, see How to remove EM Library after upgrading to Endpoint Security and Control 9.
  
  
• If you will not be removing EM Library from your network shortly after upgrading, you should check it for problems (for example, ensure that the last downloaded time is current) periodically. Do be aware that keeping both updating systems running will increase the amount of communications in your network, so we do recommend removing EM Library when you are ready to.