Test environment to migrate from Symantec Antivirus to Endpoint

I am planning to test migration from SAV to SEP.
As suggested in the symantec manual, I tried to install the legacy Sysmantec System Center and management server in VM that is in our company's domain. When I installed them, the current primary server shew. Should I create a test enviroment that is not belong to our domain in order to set a primary server for this test? I am using windows XP as a server, so that I cannot create the domain and I have to use a workgourp for this test.
Should I create the test environment separted from our current domain?

Tech110Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

jhalapradeepCommented:
Hi,

You can create a group of machines within you domain to test it.

-You can follow these steps:

1) Install Symantec endpoint protection manager on a server or Xp system
2) Create the client install package and install it on a couple of machines chosen for test.
3) Do not interfere with current Primary server.
4) Just for your information, in symantec endpoint protection there is no server-client architecture,
All the machines(server/workstation) acts as a clients and there is One SEPM console which manages all these clients. so its one manager console and other clients.
5) So thats why you can select any machine to install SEPM console and then deploy clients to the machines u selected to manage.

Regards,.
pradeep Jhala

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Tech110Author Commented:
praddep,

Do I need to create a group with 'Group' object under our domain in AD?
jhalapradeepCommented:
Hi,

No that is not required as of now.
-Once you install SEPM console you need to create a group in there or can use the default one.
-> The group creation in AD comes into picture only when u plan to integerate AD with SEPM
-> That too you can import all ur OU directly into SEPM and it will sync and then can rollout the clients to the machines. But that is too advanced part.
-So as of now you can directly install SEPM and then roll out client to selected machines and then test all the policies and settings on them

Regards,
pradeep Jhala
SD-WAN: Making It Work for You

As bandwidth requirements and Internet costs grow, businesses naturally want to manage budgets by reducing reliance on their most expensive connection types. Learn more about how to make SD-WAN work for your business in our on-demand webinar!

jimmymcp02Commented:
signing up for this.
 
During my first test of sep11 mr5 and made the mistake of installing it on windows xp then when i had more than 10 clients my report tabs started to display unexpected errors because windows xp can only have 10 connections... sep manager uses 4 or 5 on its own.
 
What i did was ended up setting up a symantec end point manager on a windows server 2003 then i created all my groups and tailored each group to what it needed to do (schedules updates, policies, scans etc.) All of them are set no to inherit settings from parent otherwise i cant manage each group individually.
jhalapradeepCommented:
Hi,

Yes that is absolutely correct that Xp can manage only 10 connections. For more connections either you need to increase the heartbeat interval for clients , but again using xp to manage more than 10 connections will be a kind of violation of license agreement from microsoft. As this particular disclaimer is clearly mentioned in there.

But as this is just for testing purpose, using less than 10 managed clients / connections should be enough. I think we can manage to test multiple policy and settings combinations within that range.
For Production environment, I would recommend to use a server operating system so that there will be no issues of client management.

Regards,
Pradeep Jhala.
Tech110Author Commented:
I am installing SEPM on the test VM of XP. Now, I got to place to the migration and deployment wizard. Then I am wondering if I want to migrate clients with legacy SAV or I install the client package on clients that don't have any SAV by using VM If I want to test how the migration goes, do I need to use the clients that already use legacy SAV?
Tech110Author Commented:
In the migration and deployment, I need to choose deploy the client or migrate from a previous version of symantec antivirus. Which do I need to choose?
jhalapradeepCommented:
Hi,

If you want to test how all the groups that are in Legacy SAV console  gets migrated to The new SEPM console. You will need to choose "migrate from a previous version" and then it will prompt to input the primary server name. Once you do that the migration of the Structure and policy & settings will take place. When it asks to choose "from parent server group to parent server group" or client group" , leave it to default and then proceed with next and it will be done.

-Its up to you do deploy it to SAV clients or the fresh machines. Because even if u deploy to existing SAV clients it will uninstall it first and then install the SEP client automaticallly.
So the main migration part will be during the phase of "migrate from previous version of symantec antivirus"

Regards,
Pradeep Jhala
Tech110Author Commented:
jhalapradeep,

I chose to migration for test and created the client packages; now I like to test to install them on the test clients. Accoding to the Symantec manual, I need to disable some features such as schedule scans, LiveUpdate, Quarantine and temper protection, deleting histories, uninstalling and deleting reporting servers. I don't want to disable them at the Symantec System Center since most clients are still using the features, so that if so, I need to disable these features for only test clients individually. Do I need to disable them?

I also found on the manual that the port 139 needs to be open in order to install the packgae by msi. Do I need to open the port 139?

Thank you for your help,
Tech110
jhalapradeepCommented:
Hi,

Yes as per the manual all these things needs to be disabled as it might affect the client installation. Reason is that, when the package tries to uninstall the SAV, and if liveupdate or scans are running, it will interrupt in the uninstall process.
So what you can do is disable these settings on few client on which you are running the test.

-Yes if you want to deploy the package then port 139 needs to be open (if firewall is already blocking it). But generally it is not blocked.
So you can try deploying on one machine if it works well then no need to create any port exception. Otherwise, you can open the port if any issues.

Regards,
Pradeep Jhala
jhalapradeepCommented:
Hi,

I hope the test migration was successful. Can you please confirm if the issue is resolved or not?

Regards,
Pradeep Jhala
Tech110Author Commented:
jhalapradeep,

I was wondering it's easy to migrate without perserving server and client groups and settings since there is only one server group to migrate. Then, I don't have to worry about disabling features. As for some features such as deleting histories and quarantine, I have to change features at the server's level. According to the chaper 7, if I don't perserve server and client groups and settings, I just need to follow the first time and installing client software. If I decide to deploy clients, do I need to create the client package since I create it to migrate from previous version of Symantec AntiVirus.

Tech110
Tech110Author Commented:
Since I have already created the client package and figured out that just selecting test group to disable features at the Symantec System Center, I tested the push deployment. Then, all test went fine.

Thank you for your help, jhalapradeep.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.