PGP Universal Server - 3.2 Upgrade Manual

PGP™ Universal Server

Upgrade Guide

3.2

The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the agreement.

Version 3.2.0. Last updated: July 2011.

Legal Notice

Symantec, the Symantec Logo, PGP, Pretty Good Privacy, and the PGP logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any.

THE DOCUMENTATION IS PROVIDED"AS IS"AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.

The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial Computer Software - Restricted Rights" and DFARS 227.7202, et seq. “Commercial Computer Software and Commercial Computer Software Documentation”, as applicable, and any successor regulations. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement.

Symantec Corporation 350 Ellis Street Mountain View, CA 94043

Symantec Home Page (

Printed in the United States of America.

10 9 8 7 6 5 4 3 2 1

http://www.symantec.com)

Contents

About the PGP Universal Server Upgrade Guide

Who Should Read This Guide 1 Common Criteria Environments 1 Using the PGP Universal Server with the Command Line 1 Symbols 2 Getting Assistance 2

Getting product information 2 Technical Support 3 Contacting Technical Support 3 Licensing and registration 4 Customer service 4 Support agreement resources 4

About Upgrading PGP Universal Server 5

Upgrade Licenses 5 Backing Up the Data and Organization Key 6 Overview of the Upgrade Process 6 Upgrading Your PGP Universal Server 3.2.0 7

Verifying Your Upgrade 8 Best Practices for Upgrade 9

Supported Client and PGP Universal Server Version Combinations 10 Configuring the PGP Universal Server 11 Restoring Configuration and Data 12

Updating Your PGP Universal Web Messenger Complete Customizations 13

Migrate Groups from PGP Universal Server 2.12 SP4 13

About Restoring Mail Policy Rules 13

Migrating a Cluster

Cluster Migration Overview 21 Cluster Synchronization Issues Before You Migrate 23

Accessing the PGP Universal Server using SSH 23 Migrating your Primary Cluster Server 24 Migrating a Secondary Cluster Member 25

Manually Reconfiguring Non-Replicated Server Settings 27 Changing Your Web Messenger Message Replication Settings 28

Index 29

About the PGP Universal Server Upgrade Guide

This Upgrade Guide describes how to upgrade previous versions of PGP Universal Server to version 3.2.0 and how to migrate a cluster to version 3.2.0.

This section provides a high-level overview of PGP Universal Server.

Who Should Read This Guide

This Upgrade Guide is for administrators who will be upgrading PGP Universal Server or migrating the data in your organization’s PGP Universal Server environment.

Common Criteria Environments

To be Common Criteria compliant, see the best practices in PGP Universal Server 2.9 Common Criteria Supplemental. These best practices supersede recommendations made

elsewhere in this and other documentation.

Using the PGP Universal Server with the Command Line

You can use the PGP Universal Server command line for read-only access to, for example, view settings, services, logs, processes, disk space, query the database, and so on.

Note: If you modify your configuration using the command line, and you do not

follow these procedures, your PGP Support agreement is void.

Changes to the PGP Universal Server using command line must be:

 Authorized in writing by PGP Support.

 Implemented by PGP's partner, reseller, or internal employee who is certified in

the PGP Advanced Administration and Deployment Training.

 Summarized and documented in a text file in /var/lib/ovid/customization

on the PGP Universal Server.

Changes made through the command line may not persist through reboots and may become incompatible in a future release. When troubleshooting new issues, Technical Support can require you to revert custom configurations on the PGP Universal Server to a default state.

2 About the PGP Universal Server Upgrade Guide

Symbols

Notes, Cautions, and Warnings are used in the following ways.

Note: Notes are extra, but important, information. A Note calls your attention to

important aspects of the product. You can use the product better if you read the Notes.

Caution: Cautions indicate the possibility of loss of data or a minor security breach. A

Caution tells you about a situation where problems can occur unless precautions are taken. Pay attention to Cautions.

Warning: Warnings indicate the possibility of significant data loss or a major security

breach. A Warning means serious problems will occur unless you take the appropriate action. Please take Warnings very seriously.

Getting Assistance

For additional resources, see these sections.

Getting product information

The following documents and online help are companions to the PGP Universal Server Administrator’s Guide. This guide occasionally refers to information that can be found

in one or more of these sources:

 Online help is installed and is available in the PGP Universal Server product.

 PGP Universal Server Installation Guide—Describes how to install the PGP

Universal Server.

 PGP Universal Server Upgrade Guide—Describes the process of upgrading your

PGP Universal Server.

 PGP Universal Mail Policy Diagram—Provides a graphical representation of how

email is processed through mail policy. You can access this document via the PGP Universal Server online help.

 Tutorials—Provides animated introductions on how to manage the mail policy

feature in PGP Universal Server 2.5 and later, and how upgraded PGP Universal Server settings migrate into the new mail policy feature.

You can also access all the documentation and tutorials by clicking the online help icon in the upper-right corner of the PGP Universal Server screen.

 PGP Universal Satellite for Windows and Mac OS X includes online help.

 PGP Universal Server and PGP Satellite release notes are also provided, which may

have last-minute information not found in the product documentation.

Technical Support

Getting Assistance

3 About the PGP Universal Server Upgrade Guide

Symantec Technical Support maintains support centers globally. Technical Support’s primary role is to respond to specific queries about product features and functionality. The Technical Support group also creates content for our online Knowledge Base. The Technical Support group works collaboratively with the other functional areas within Symantec to answer your questions in a timely fashion. For example, the Technical Support group works with Product Engineering and Symantec Security Response to provide alerting services and virus definition updates.

Symantec’s support offerings include the following:

 A range of support options that give you the flexibility to select the right amount

of service for any size organization

 Telephone and/or Web-based support that provides rapid response and

up-to-the-minute information

 Upgrade assurance that delivers software upgrades

 Global support purchased on a regional business hours or 24 hours a day, 7 days a

week basis

 Premium service offerings that include Account Management Services

For information about Symantec’s support offerings, you can visit our Web site at the following URL:

www.symantec.com/business/support/

All support services will be delivered in accordance with your support agreement and the then-current enterprise technical support policy.

Contacting Technical Support

Customers with a current support agreement may access Technical Support information at the following URL:

www.symantec.com/business/support/

Before contacting Technical Support, make sure you have satisfied the system requirements that are listed in your product documentation. Also, you should be at the computer on which the problem occurred, in case it is necessary to replicate the problem.

When you contact Technical Support, please have the following information available:

 Product release level

 Hardware information

 Available memory, disk space, and NIC information

 Operating system

 Version and patch level

 Network topology

 Router, gateway, and IP address information

 Problem description:

4 About the PGP Universal Server Upgrade Guide

Getting Assistance

 Error messages and log files

 Troubleshooting that was performed before contacting Symantec

 Recent software configuration changes and network changes

Licensing and registration

If your Symantec product requires registration or a license key, access our technical support Web page at the following URL:

www.symantec.com/business/support/

Customer service

Customer service information is available at the following URL:

www.symantec.com/business/support/

Customer Service is available to assist with non-technical questions, such as the following types of issues:

 Questions regarding product licensing or serialization

 Product registration updates, such as address or name changes

 General product information (features, language availability, local dealers)

 Latest information about product updates and upgrades

 Information about upgrade assurance and support contracts

 Information about the Symantec Buying Programs

 Advice about Symantec's technical support options

 Nontechnical presales questions

 Issues that are related to CD-ROMs or manuals

Support agreement resources

If you want to contact Symantec regarding an existing support agreement, please contact the support agreement administration team for your region as follows:

Asia-Pacific and Japan customercare_apac@symantec.com

Europe, Middle-East, Africa

North America, Latin America

semea@symantec.com

supportsolutions@symantec.com

About Upgrading PGP Universal Server

This chapter describes how to upgrade previous versions of PGP Universal Server to version 3.2 for a server.

Warning: If you have a hardware token Ignition Key or a Hardware Security Module

(HSM), you must contact Technical Support before you migrate to PGP Universal Server 3.2. Migrating to version 3.2 requires that you create a new setting on the upgraded (3.2) version of PGP Universal Server before you restore the backup file from your previous system. This setting can only be added through SSH access with the help of Technical Support. If you migrate to version 3.2 without adding this preference, you will be locked out of the user interface after the upgrade. As a result, you cannot use your hardware token Ignition Key to unlock your PGP Universal Server. This can also occur if you upgrade from 3.0.0 to 3.1.0 using a PUP update. If you do a PUP update from 3.0.0, you must edit the settings in your 3.0.0 installation BEFORE the update. If you are running PGP Universal Server version 3.0.1, you do not need to change any settings.

Warning: If you plan to migrate a cluster from PGP Universal Server version 2.12 SP4

to PGP Universal Server version 3.2.0, before you migrate, run the latest version of the pgpSyncUsers utility on your 2.12 SP4 cluster to ensure that the user data is consistent. For more information, see Migrating a Cluster (on page

To migrate your data from PGP Universal Server 2.12 SP4 to PGP Universal Server version 3.2.0, you need disk space that is 10 times the size of the backup file. (The backup file will be significantly smaller than the original database.) For example, if your version 2.12 SP4 backup file is 1 GB, you should have 10 GB of disk space to allow for the migration and re-expansion of your data into the 3.2 database.

21).

Upgrade Licenses

Although the licensing mechanism for the PGP Universal Server and the managed PGP Desktop has changed, if you have a valid subscription license or Perpetual 2.x License, you do not need a new license to use PGP Universal Server 3.2.0.

If you had PGP Desktop licenses configured through Consumer (User) Policies, these licenses are still valid, and the appropriate features are enabled after you upgrade. If you install a new version of PGP Universal Server version 3.2, you cannot add your old PGP Desktop licenses through the Client Licensing page on the Consumer Policies tab. To use your old PGP Desktop licenses, you must restore a backup that includes your previous licenses.

+ 24 hidden pages