Sophos Endpoint Security and Control 9
quick upgrade guide
Describes upgrading to:
Sophos Enterprise Console version 4.0
Sophos NAC version 3.3
Sophos Endpoint Security and Control version 9.0
Document date: September 2009
Contents
1 About this guide........................................................................................................................................3
2 What's new?...............................................................................................................................................3
3 Can I keep my settings?.............................................................................................................................4
4 What are the key steps?.............................................................................................................................4
5 Prepare for upgrades.................................................................................................................................4
6 Upgrade NAC Manager............................................................................................................................5
7 Upgrade Enterprise Console....................................................................................................................5
8 Migrate to Update Manager.....................................................................................................................6
9 Upgrade endpoint security software........................................................................................................6
10 Troubleshooting......................................................................................................................................7
11 Technical support....................................................................................................................................8
12 Copyright................................................................................................................................................8
2
Sophos Endpoint Security and Control 9 quick upgrade guide
1 About this guide
This guide tells you how to upgrade:
■
Enterprise Console from version 3.1 to version 4.0.
■
NAC Manager from version 3.1 to version 3.3.
■
Sophos Anti-Virus and Sophos Client Firewall to Sophos Endpoint Security and Control 9.0.
It assumes that you have Enterprise Console installed on a single server.
It also assumes that if you use NAC Manager you have it installed on a single server, though this
does not have to be the same server on which you run Enterprise Console.
If you are attempting any other upgrade, see the Sophos Endpoint Security and Control advanced
upgrade guide.
2 What's new?
This section describes the new Sophos security software.
Enterprise Console 4.0
Enterprise Console has these new features:
An integrated tool for downloading updates (Sophos Update Manager).
■
Role-based administration, which enables you to specify how other users can use the console.
■
Data control, which enables you to reduce data leakage from workstations.
■
Device control, which enables you to prevent users from using unauthorized external storage
■
devices and wireless connection technologies.
NAC Manager 3.3
NAC Manager has these new features:
New "dissolvable agent" that allows guest users access to the network even if they do not have
■
administrator rights.
Simplified DHCP (Dynamic Host Configuration Protocol) enforcement to ensure that
■
computers comply with health standards before they can access the network.
Enhanced assessment of whether computers are protected by Sophos Anti-Virus and
■
Sophos Client Firewall.
Assessment of whether computers are protected by encryption.
■
There is also a new version of the Compliance Agent that runs on endpoint computers, enabling
NAC Manager to assess them.
3
Sophos Endpoint Security and Control 9 quick upgrade guide
Sophos Endpoint Security and Control 9.0
This combines Sophos Anti-Virus and Sophos Client Firewall. It also provides the data control
and device control functions that you manage from Enterprise Console.
3 Can I keep my settings?
If you upgrade as described in this guide:
■
Computer groups do not change.
■
Updating policies do not change. New updating policies with the same settings are created,
ready for your migration to a new updating technology.
■
Anti-virus and HIPS, firewall and application control policies do not change.
■
The security software on endpoint computers does not change version until you decide to
upgrade it.
4 What are the key steps?
You carry out these key steps:
■
Prepare for upgrades.
■
Upgrade NAC Manager.
■
Upgrade Enterprise Console.
■
Migrate to Update Manager.
■
Upgrade endpoint security software.
Note: If you use both Enterprise Console and NAC Manager, it is important that you upgrade
them in the order shown here.
5 Prepare for upgrades
Before you upgrade, you should back up your databases.You will need the backups if you encounter
any problems during upgrading.
5.1 Back up the NAC databases
If you use Sophos NAC, do as follows:
Back up the ReportStore and PolicyStore databases.
❖
4
Sophos Endpoint Security and Control 9 quick upgrade guide
5.2 Back up the SEC database
1. Back up your database.
The default installation folder is C:\Program Files\Microsoft SQL Server\MSSQL$SOPHOS.
2. Export the registry key: HKLM\Software\Sophos\Certification Manager.
If you need to restore the database later, restore the database to the instance you use. The default
is SOPHOS. Then restore the registry key.
6 Upgrade NAC Manager
If you use NAC Manager, upgrade it as follows.
1. Log on as follows:
■
If the computer is in a domain, log on as a domain administrator.
■
If the computer is in a workgroup, log on as a local administrator.
2. Go to the Sophos website. On the web page for Endpoint Security and Control downloads,
download the NAC Manager installer.
3. Double-click the downloaded installer.
4. In the Sophos NAC Manager dialog box, click Install.
5. A wizard guides you through the upgrade.
If upgrade errors occur, use the Event Log to view further information. If the NAC databases
upgrade fails, see Troubleshooting (page 7).
7 Upgrade Enterprise Console
To upgrade Enterprise Console:
1. Log on as an administrator.
■
If the computer is in a domain, log on as a domain administrator.
■
If the computer is in a workgroup, log on as a local administrator.
2. Go to the Sophos website. On the web page for Endpoint Security and Control downloads,
download the Enterprise Console installer.
3. Double-click the downloaded installer.
4.
In the Sophos Network Installer dialog box, click Install.
5. A wizard guides you through the upgrade.
You should accept the default setting on the Database Population page. This is the correct
setting for your type of upgrade.
5
Sophos Endpoint Security and Control 9 quick upgrade guide
The wizard upgrades Enterprise Console, upgrades your Sophos databases, and installs
Sophos Update Manager.
When installation is complete, log off or restart the server (the final dialog in the wizard shows
which is required).
8 Migrate to Update Manager
When you log back on to the computer, Enterprise Console opens automatically and a wizard
runs.
Note: If you see an error message or a warning that an existing software "library" cannot be
migrated, your migration cannot be handled automatically. See the Sophos Endpoint Security and
Control advanced upgrade guide.
The wizard guides you through migrating your computers so that in future they can be updated
by Update Manager, the new updating technology.
You should do as follows:
1. In the Groups that can be migrated dialog box, leave Migrate endpoint computers in these
groups selected.
2. In the Groups that cannot be migrated dialog box, a list of any unmigrated computer groups
is displayed.
The computers in these groups are still being updated by EM Library. You can migrate them
manually at any time you wish. See Troubleshooting (page 7).
Update Manager now takes over updating of your computers. However, it does not change the
version of the security software installed on them until you decide you are ready.
You can upgrade the software on your endpoint computers at any time (see next section).
9 Upgrade endpoint security software
This section describes how to plan and carry out an upgrade of the security software on your
endpoint computers.
The procedures described here upgrade all the security software components, including the
Compliance Agent for NAC (if you already use Sophos NAC).
6
Sophos Endpoint Security and Control 9 quick upgrade guide
9.1 About upgrading endpoint computers
You can upgrade endpoint computers whenever you are ready.
■
If you want to continue using your existing versions of Sophos Anti-Virus and Sophos Client
Firewall, you can do so. When Sophos stops supporting these versions, your computers will
be upgraded automatically.
■
If you want to begin using the new features in the latest versions, you can upgrade now. See
Upgrade endpoint computers now (page 7)
Note: If you want to try out the latest versions before upgrading all computers, you can do phased
upgrading. See the Sophos Endpoint Security and Control advanced upgrade guide.
9.2 Upgrade endpoint computers now
To upgrade your endpoint computers, you must change the version of the software that Update
Manager is downloading from Sophos, as follows.
Note: The software you download is defined in a "software subscription".
1. On the View menu, click Update managers.
2. In the Software subscriptions pane, double-click the subscription you want to change. The
default subscription is Recommended.
3. Next to Windows 2000 and later, click in the Version field and then click again.
A drop-down list of available versions is displayed.
4. Select version 9 with the type of updating you want.
Normally you subscribe to Recommended to ensure that your software is kept up to date
automatically.
The next time Enterprise Console downloads updates, it will download the new version of the
endpoint software. Your Windows computers will then upgrade themselves automatically.
Note: When the computers upgrade, the computer details in Enterprise Console may show "Differs
from policy" in the Policy Compliance column. To correct this, right-click the computers and
select Comply with and then the relevant policy or policies.
10 Troubleshooting
NAC database upgrade fails
Use the Event Log to view additional information. In many cases, you can resolve the problem as
follows:
7
Sophos Endpoint Security and Control 9 quick upgrade guide
1. Delete the following NAC Databases if they have been created: AlertStore, AuditStore,
GeneralStore, PolicyStore, ReportStore, SecurityStore.
2. Re-attach the ReportStore and PolicyStore databases from the backup.
3. Attempt a reinstallation.
After the SEC upgrade a "Download security software wizard" runs
This wizard is intended for first-time installation, not for upgrading. However, it is displayed if:
The computer did not previously have Enterprise Console installed.
■
The previous installation of Enterprise Console on this computer did not include the updating
■
component EM Library.
If you want to upgrade but still preserve your updating settings, you should install SEC and/or
Sophos Update Manager on the computer where EM Library was installed before.
Groups could not be migrated to Update Manager
If any groups are not migrated to Update Manager automatically, you can migrate them manually.
To do this, you apply the new updating policy created by Update Manager, as follows.
In the Groups pane, right-click the group and select View group policy details. In the Updating
field, the Legacy updating checkbox is selected if the group is still using the old policy. Clear the
checkbox.
For more help on migration, see the Sophos Endpoint Security and Control advanced upgrade guide.
11 Technical support
For technical support, visit http://www.sophos.com/support.
If you contact technical support, provide as much information as possible, including the following:
■
Sophos software version number(s)
■
Operating system(s) and patch level(s)
■
The exact text of any error messages
12 Copyright
Copyright © 2009 Sophos Group.All rights reserved. No part of this publication may be reproduced,
stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical,
photocopying, recording or otherwise unless you are either a valid licensee where the documentation
can be reproduced in accordance with the licence terms or you otherwise have the prior permission
in writing of the copyright owner.
8
Sophos Endpoint Security and Control 9 quick upgrade guide
Sophos and Sophos Anti-Virus are registered trademarks of Sophos Plc and Sophos Group. All
other product and company names mentioned are trademarks or registered trademarks of their
respective owners.
The Sophos software that is described in this document includes or may include some software
programs that are licensed (or sublicensed) to the user under the Common Public License (CPL),
which, among other rights, permits the user to have access to the source code. The CPL requires
for any software licensed under the terms of the CPL, which is distributed in object code form,
that the source code for such software also be made available to the users of the object code form.
For any such software covered under the CPL, the source code is available via mail order by
submitting a request to Sophos; via email to support@sophos.com or via the web at
http://www.sophos.com/support/queries/enterprise.html. A copy of the license agreement for any
such included software can be found at http://opensource.org/licenses/cpl1.0.php
9
Loading...