Safend Data Protection Suite 3.4 - Upgrade Instructions.pdf

More documents

Recommendations

Info

Current Environment In this version, upgrade and backward compatibility are supported from Safend Data Protection Suite 3.3 SP7 and up and backward compatibility is supported for 3.2 GA3 and up. If you are currently using an older version of Safend Data Protection Suite, or have legacy agents in your environment which were not upgraded yet, it is recommended that you do not perform an upgrade using this version of the Safend Data Protection Suite. Existing Log Records The system upgrade will maintain all policies and definitions after the upgrade process. However, existing (history) log records and queries will no longer be available after upgrading a 3.3 server to the 3.4 version. If you do wish to keep your existing (history) log records when upgrading from the 3.3 version to the 3.4 version, please refer to Appendix 1. Currently Used Features There are several features which were supported in Safend Data Protection Suite 3.3 and are no longer supported in Safend Data Protection Suite version 3.4. Before performing an upgrade, please make sure you are not using these features: 1. Policy distribution using GPO. In case you have used GPO for policy distribution in the past make sure no old policies are associated with your AD objects. 2. Novel eDirectory integration. 3. Agent installation on Windows 2000 OS. 4. Different alert destinations cannot be set for different policies, alert destinations can only be defined using the Global Policy Settings. 5. Encrypting removable storage devices using “Partition Encryption” mode. Please note: existing devices encrypted using “Partition Encryption” can still be used on a 3.4 agent, new devices will be encrypted using “Volume Encryption” mode. 6. “Log Delegation” between different Management Servers. 7. Integration with 3 rd party content inspection products. a. It is important to note that this option must be unchecked before upgrading the 3.3 server. 8. White list specific CD/DVD media by its content. a. Please note that the current media white list groups will be preserved on the server, but will be not updateable and if they are deleted, there will be no way to recover them. 9. Manually collecting logs from workstations. 10. The "action when max cache size is exceeded" for file shadowing is no longer configurable (always set to “allow”). 11. "Max file size to be shadowed" will no longer be configurable through the UI. 12. Copying device information from the device inventory report. Page 2 of 7 : Copyright © 2011 safend a wave systems company | www.safend.com | www.wave.com
3. Pre-Upgrade Tasks Safend Data Protection Suite 3.4 Training The Safend Data Protection Suite version 3.4 user interface is different from the user interface in older versions. It is highly recommended that you become familiar with the new user interface in a test environment, before upgrading your production server to the new version. You can use the Safend Evaluation Kit for this purpose. Preparing Policies for Upgrade When upgrading the Management Server to version 3.4, all your existing policies will undergo an upgrade procedure. In Safend Data Protection Suite version 3.4, instead of having one policy which defines all aspects of the endpoint behaviour, you will now have separate policies managing separate aspects of the endpoint behaviour. Port control, device control and removable media encryption will be controlled using a Port & Device Control Policy. Encryption of the internal hard disk will be enforced using a Hard Disk Encryption policy. Endpoint configuration, such as the log sending interval, will be controlled using the Settings Policy. When upgrading the Safend Management Server to version 3.4, your existing policies will be converted to the new scheme: For every existing policy, a “Port and Device Control Policy” with an identical name will be created. This policy will contain all the “Security Settings” of the original policy (not including the settings for “Internal Disk Encryption”), as well as the end user messages defined in the Policy Settings. If the existing policy is set to either “Encrypt” or “Decrypt” for the internal hard disk, a “Hard Disk Encryption Policy” with the same name and an “Encryptor –“Prefix will be created. Please note: if you do not have a license for Safend Encryptor such a policy will never be created. The policy will be associated with the same organizational objects as the original policy. If the existing policy is configured to use “Policy Specific Settings”, instead of “Global Policy Settings”, in any of the “settings” tabs, except the “End User Messages” tab, a “Settings Policy” with the same name and a “Settings –“ Prefix will be created. The policy will be associated with the same organizational objects as the original policy. Important Notes Regarding "Policy Specific Setting": 1. End User Messages that were defined using policy specific settings, will still be used on your 3.3 agents, however after the upgrade, those messages will be no longer available, and when applying any other setting policies, the end user messages will be taken from the global policies. 2. Policy-specific settings for media encryption are not being upgraded, and will be shown as taken from the global setting. 3. Policy specific settings for "and Max Cache Size" is not being upgraded, and will be shown as taken from the global setting. Recommended action: to avoid the creation of multiple, redundant policies following the server upgrade, please review your existing policies to make sure policies are not configured to use “policy specific settings”, instead of “global policy settings”, without a good reason. Page 3 of 7 : Copyright © 2011 safend a wave systems company | www.safend.com | www.wave.com
Page 1: safend a w a v e s y s t e m s c o
Page 5 and 6: In order to use GPO, perform the fo
Page 7: Appendix 1: Migrating Old 3.3 Logs

Safend Data Protection Suite 3.4 - Upgrade Instructions.pdf

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?