Upgrading to Encryption Management Server release 10.5.1 from release 3.3.2 or above is described in the Symantec Encryption Management Server 10.5.1 Upgrade Guide.
For the benefits of upgrading to version 10.5 or above see the following article:
150915 - Symantec Encryption Management Server Benefits and Considerations for upgrading to version 10.5
Please note that all releases below 10.5 are End of Service (support).
Note that if you are upgrading from release 10.5 to release 10.5.1 you can do an in place upgrade using a *.pup file. Otherwise, you will need to install from ISO. This article covers the ISO method.
Before updating, please confirm that the DNS servers and any NTP server that Encryption Management Server is configured to use are still valid. Also, ensure that all Encryption Desktop clients connecting to the servers are running Encryption Desktop release 10.4 or above, otherwise they will not be able to communicate with Encryption Management Server using TLS 1.2.
There are two methods of upgrading and the method you choose depends on the size and complexity of your environment:
Both upgrade types involve installing from ISO. Therefore, if Encryption Management Server is a VMware Virtual Machine, be sure to take a VMware snapshot prior to booting from ISO. This will allow you to rollback to snapshot if necessary.
Use the Restore method if all of the following are true:
When upgrading a cluster, please be aware that data inconsistency between cluster members may occur during the upgrade. This will resolve itself after all cluster members have been upgraded. Please see article 225396 for more information about how to avoid the risk of any data inconsistency.
Symantec Encryption Management Server release 10.5 and above.
This consists of the following steps:
The New Installation setup type will:
At the end of the process you will have a fresh installation of Encryption Management Server with default settings.
If the only complexity in your environment is the size of your backup file:
A Simple Web Email Protection template will be restored successfully.
An Advanced Web Email Protection template consists mainly of image files so there is a very good chance that it will be restored successfully but ensure you have a backup of the zipped images in a safe location.
However, a Complete Web Email Protection template will not be restored successfully. This is because there are changes in release 10.5.1 around time zone that guarantees incompatibility.
Therefore install a new Encryption Management Server from ISO in a test environment, create a new complete customization template and export it. When you have upgraded the production environment, import the template that you exported from the test environment.
Many Complete Customization Web Email Protection templates consist of customizations that can be made using an Advanced template. Before you upgrade, consider replacing the Complete Customization template with an Advanced template to avoid all the complexities of dealing with a Complete Customization template. See article 206882 for further details.
When you install from ISO you need to enter an IP address for the server and a default gateway that is on the same subnet. Otherwise you will not be able to connect to the server using a web browser.
When you restore from the backup file, all the original network settings are restored. However, any network routing files in the /etc/sysconfig/network-scripts directory are not backed up and will therefore not be restored.
Therefore, if your connectivity to the Encryption Management Server administration console relies on a manual routing file being present in the /etc/sysconfig/network-scripts directory of the server then you may not be able to connect.
To avoid problems:
The new installation will contain a default /etc/crontab file. If you have customized your /etc/crontab file you need to use SCP to download it to a safe location before you install from ISO.
After installing using either the Restore or New Installation method, the /etc/crontab on the server will contain only the default entries.
You will need to edit the /etc/crontab file on the server and add back any custom entries. Then restart the crond service with:
systemctl restart crond
Only custom scripts and files in the /var/lib/ovid/customization directory are backed up.
If you have custom scripts or files that are not in the /var/lib/ovid/customization directory then use SCP to download them to a safe location before installing using either the Restore or New Installation method.
After installing, use SCP to upload them to their original locations.
If the scripts are being run using entries in the /etc/crontab file then update the /etc/crontab file too.
During the installation, any pgp*.sh scripts that were in the /var/lib/ovid/customization directory are moved to the /var/lib/ovid/customization_legacy directory.
If you have modified any of those scripts, you will need to SSH to the server and add back any customizations you made to the pgp*.sh scripts in the /var/lib/ovid/customization directory.
See article 197045 for further details.
Upgrade Path for Legacy version 2.12 SP4 to 10.5
1. Create backup from 2.12 SP4 (Build 1128)
2. Restore backup to 3.1.2 SP3 (Build 50 - Install with ISO on new "Linux 2.6 Other 32-bit" VMware system)
3. PUP Update to 3.3.0 (Build 8741)
4. PUP Update to 3.3.2 MP13 (Build 21495)
5. Create a backup from 3.3.2 MP13
6. Restore backup to SEMS 10.5 (Install ISO on new VM system "RHEL 7" or "CentOS 7" in VMware)
Upgrade Path for Legacy version 3.0.x to 10.5
1. PUP update from 3.0.x to 3.1.2 SP3.
2. Restore backup to 3.1.2 SP3 (Build 50 - Install with ISO on new "Linux 2.6 Other 32-bit" VMware system)
3. PUP Update to 3.3.0 (Build 8741)
4. PUP Update to 3.3.2 MP13 (Build 21495)
5. Create a backup from 3.3.2 MP13
6. Restore backup to SEMS 10.5 (Install ISO on new VM system "RHEL 7" or "CentOS 7" in VMware)
Upgrade Path for Legacy version 3.1.x to 10.5
1. If you're on a version older than 3.1.2 SP3, then PUP update to 3.1.2 SP3 first (Contact Symantec Support if you do not have the PUP updates as these are no longer housed in the download portal.
2. Once you're on version 3.1.2 SP3, then PUP Update to 3.3.0 (Build 8741).
3. From 3.3.0, PUP Update to 3.3.2 MP13 (Build 21495)
4. Create a backup from 3.3.2 MP13.
5. Restore backup to SEMS 10.5 (Install ISO on new VM system "RHEL 7" or "CentOS 7" in VMware)
Upgrade Path for Legacy version 3.2.1 to 10.5
1. Create a backup on 3.2.1 MP5 (Build 5033).
2. Restore the backup to 3.3.2 MP13 (Build 21495 - Install 3.3.2 MP13 ISO and restore)
3. Create a backup on 3.3.2 MP13
4. Restore the backup to 10.5 (ISO Install of 10.5).