search cancel

Move a DLP Endpoint server to a new server as part of a hardware refresh or operating system upgrade.

book

Article ID: 173957

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent

Issue/Introduction

You are performing an upgrade of the operating system on your Symantec Data Loss Prevention (DLP) Server or moving to a new system as part of a hardware refresh.

Resolution

Please note the following:

  • If you plan to upgrade the existing operating system, shut down DLP services prior to performing the OS upgrade and ensure that the version of Java used to run DLP is compatible with the new OS version. 
  • If you are migrating the Enforce server, It is recommended that you take a full backup of the system before proceeding with the following steps.  See the maintenance guide below for steps to back it up (Link below).
  • Detection servers don't retain sensitive data, so there is minimal impact installing the software onto a new server.  Migration isn't always necessary.  If you have made custom configuration changes or use custom certificates, those will need to be migrated from the old detection server to the new one. 
  • If you are moving an endpoint server, the endpoint agents will continue to attempt connection to the DNS name or IP address per their existing configuration.  
    • If you are using an IP address in the agent configuration, make sure the agents are updated before removing the endpoint server or you will need to update the configuration manually on each endpoint agent.  
    • If you are using DNS for the endpoint agents, make sure the appropriate DNS entries are updated for the new detection server. 

The guides in the links below have specific steps to perform the backup/install/migration. 

  1. Backup up the configuration files and keystore per the Symantec Data Loss Prevention System Maintenance Guide.
  2. Uninstall the Endpoint server per the Symantec_DLP_15.8_Install_Guide_Win.pdf (broadcom.com) or Symantec_DLP_15.8_Install_Guide_Lin.pdf (broadcom.com)
  3. Upgrade the OS, (if applicable)
  4. Install the detection server per the Symantec_DLP_15.8_Install_Guide_Win.pdf (broadcom.com) or Symantec_DLP_15.8_Install_Guide_Lin.pdf (broadcom.com)
  5. Restore the configuration files and keystore per the Symantec Data Loss Prevention System Maintenance Guide.