Move a DLP server to a new server as part of a hardware refresh or operating system upgrade.
book
Article ID: 173957
calendar_today
Updated On:
Products
Data Loss Prevention Endpoint PreventData Loss PreventionData Loss Prevention EnforceData Loss Prevention Endpoint SuiteData Loss Prevention Endpoint Discover
Issue/Introduction
You are performing an upgrade of the operating system on your Symantec Data Loss Prevention (DLP) Server or moving to a new system as part of a hardware refresh.
Resolution
Please note the following:
If you plan to upgrade the existing operating system, shut down DLP services prior to performing the OS upgrade and ensure that the version of Java used to run DLP is compatible with the new OS version.
If you are migrating the Enforce server, It is recommended that you take a full backup of the system before proceeding with the following steps. See the maintenance guide below for steps to back it up (Link below).
Detection servers don't retain sensitive data, so there is minimal impact installing the software onto a new server. Migration isn't always necessary. If you have made custom configuration changes or use custom certificates, those will need to be migrated from the old detection server to the new one.
If you are moving an endpoint server, the endpoint agents will continue to attempt connection to the DNS name or IP address per their existing configuration.
If you are using an IP address in the agent configuration, make sure the agents are updated before removing the endpoint server or you will need to update the configuration manually on each endpoint agent.
If you are using DNS for the endpoint agents, make sure the appropriate DNS entries are updated for the new detection server.
If you are changing the hostname of the detection server in the process, then you will want to update the policy groups for the detection server as well as any relevant discovery targets if it is a discovery server.
The guides in the links below have specific steps to perform the backup/install/migration.