iis website manual update (optional)download01.norman.no/enterprise_security_suite/docs/8.3/... ·...

IntroductionThis document provides instructions for upgrading a Norman Enterprise Security (NESEC) v8.2 system to a HEAT Endpoint Management & Security Suite (HEAT EMSS) v8.3 system.

Upgrade RequirementsPrior to conducting an upgrade of a NESEC system on a customer site, the following requirements should be met.

1) The upgrade steps outlined below should be tested out on a lab/test system prior to conducting this on a customer system. The upgrade steps have put been through a high level QA test by HEAT software. Testing was conducted for Core and Patch modules only with Windows Content and did not include Content Wizard, Custom content, Power Management or Wake-on-LAN. Norman should conduct a more detailed test to confirm that they are satisfied with the upgrade process prior to upgrading any customer systems.

2) An alternative option to performing the upgrade steps outlined below is to uninstall the NESEC agents and server and then install HEAT EMSS v8.3. This may be simpler for smaller systems, particularly if they are running older NESEC versions.

3) The upgrade steps outlined below apply to systems with Patch & Remediation only. If systems have additional modules installed, these should first be removed prior to performing the upgrade.

4) The NESEC system should be backed up prior to performing the upgrade.

5) The NESEC server must be upgraded to NESEC 8.2 (version 8.2.8.10) before it can be upgraded to HEAT EMSS 8.3. Upgrades from earlier NESEC versions to HEAT EMSS 8.3 are not supported.

6) All NESEC endpoints must be upgraded to NESEC 8.2 (version 8.2.8.10) before they can be upgraded to HEAT EMSS 8.3. Upgrades from earlier NESEC versions to HEAT EMSS 8.3 are not supported.

7) Version 8.2.8.10 endpoints are supported when connected to a HEAT EMSS 8.3 server. This is so that customers can transition their endpoints over time to 8.3 (rather than having to upgrade them all at once immediately). However, we recommend that customers complete this transition as quickly as possible as some issues may occur – see known issues section for more information. In particular, all endpoints should be upgraded to 8.3 prior to upgrading the HEAT EMSS server to v8.4 or later.

8) The NESEC system should be backed-up prior to performing the upgrade steps outlined below.

© 2015 HEAT software. All Rights Reserved. PG 2

Upgrade StepsSet up a HEAT EMSS 8.3 server to copy server files from

1) Install HEAT EMSS 8.3 with Core and Patch and Remediation only (to avoid confusion, it is best to use a serial number that is only licensed for Patch and Remediation).

2) Put the Install Manager in AirgapProvider mode a. Add a registry key under HKEY_LOCAL_MACHINE\Software\Lumension called EMSSb. Within the EMSS key, add a string value of AirgapState, with a value of AirgapProvider

3) Open Install Manager on the 8.3 Server

4) Select the Airgap Components tab and download the Core and Patch and Remediation components for 8.3.0.10.


5) Tools> Subscription Updates> update.

6) Ensure all components completed True.

7) Navigate to %INSTALLDIR%\EMSS\Content\0000…0000\ModuleComponents\Modules and look to see if Update.XAP is present. If this file is missing, download it from HTTP://cache.lumension.com/InstallManager/Lumension/Modules/InstallManager/8.3.0.50/Update.xap

8) Copy Update.xap file to a location that will be accessible from your Norman ESEC 8.2 server.

9) Copy the Modules and Sets folders from %INSTALLDIR%\EMSS\Content\0000…0000\ModuleComponents to a location that will be accessible from your Norman ESEC 8.2 server.

Upgrade Norman ESEC 8.2

10) Install Norman ESEC 8.2 w/ Core and Patch and Remediation. (this step is for testing only; skip this step if your Norman ESEC 8.2 server is already installed)


http://cache.lumension.com/InstallManager/Lumension/Modules/InstallManager/8.3.0.50/Update.xap

http://cache.lumension.com/InstallManager/Lumension/Modules/InstallManager/8.3.0.50/Update.xap

11) Put the Install Manager in AirgapClient mode.a. Add a registry key under HKEY_LOCAL_MACHINE\Software\Lumension called EMSSb. Within the EMSS key, add a string value of AirgapState, with a value of AirgapClient

12) Copy paste the Modules and Sets folders from the HEAT EMSS 8.3 server into the Norman ModuleComponents folder. (%INSTALLDIR%\EMSS\Content\0000…0000\ModuleComponents\)

13) Copy the “Update.xap” file to the following location on NESEC:

(%INSTALLDIR%\EMSS\Content\0000…0000\ModuleComponents\Modules\)

14) Launch Install Manager on the Norman ESEC 8.2 server and proceed with the Install Manager upgrade.


15) Remove Airgap client settings from registry. 16) On already opened Install Manager’s GUI, proceed with the installation of Core and patch and

remediation.

If asked for reboot: Reboot the machine.


After reboot wait for All NESEC services to be up and running. And proceed with installation of Core and patch and remediation only.


Newly installed components will be shown under “Existing components” tab:


17) Once the Install Manager upgrade is complete. Close Install Manager and NSEC GUI. 18) Now Edit and save the Theme reference in Program Files\Norman\ESEC\Web\User Interface\

Web.config to Default from Norman.

Before: <add key="Theme" value="Norman" />After: <add key="Theme" value="Default" />

19) Open Console and wait for First replication.


20) Check Tools>subscription updates> Under Subscription Service History for all component replication is “True”


21) Proceed with Agents upgrade.

Manage> Endpoints> Select all Agents listed> click on Agent versions.


Change Agent version from 8.2 to 8.3, Click on “Apply to All Agents” and press “OK”.

22) After some time check all Agents got upgraded to 8.3.


IIS Website Manual Update (optional)

This is not absolutely required but should be performed for consistency and to avoid issues with Support Tools like the Account Utility.

1) Stop W3SVC (NET STOP W3SVC from a CMD Prompt).

2) Open IIS Manager and drill down to the Norman Site.

3) Rename Norman to EMSS.

4) Right-click on EMSS and choose Manage Application Advanced Settings…5) Change the Application Pool reference from its original assignment (in this case, Norman User

Interface) to the DefaultAppPool and click OK and OK.

6) Repeat this step for the following applications (IMPORTANT: remember the original assignment for each application):

a. AgentCenter [Norman Services]b. ConfigurationManagement [Norman User Interface]c. DAgent [Norman ISAPI]d. Gravitix [Norman ISAPI]e. Update [Norman ISAPI]


f. UpdateStorage [Norman Storage]g. WebSync [Norman WebSync]

7) Under the Application Pools, right-click and rename each Norman application pool to EMSS (e.g., Norman Services EMSS Services, etc.).

8) Reassign each application from step 4-6 to its appropriate and newly-renamed application pool (8 total).

9) Restart W3SVC (NET START W3SVC from a CMD Prompt).

10) Verify you are able to log in and PR endpoints are able to perform DAUs.


Known IssuesThe following issues were identified during HEAT Software upgrade testing:

37902 - The agent build upgrade fails via AMJ with check overwrite checkbox.The upgrade steps recommend using the manifest process for upgrades. Customers are not prevented from using AMJ (Agent Management Jobs). However, if they do, it will fail.

37755 - The job displays "Missing agent service" when installing the 8.2 Norman agent on the server that is upgraded from NESEC 8.2 to HEAT EMSS 8.3Installing the 8.2 Norman agent is not supported on a HEAT EMSS 8.3 system. Users will encounter issues if they do this.

37903 - There are many errors present in the event log related to the truncate processes on Norman 8.2.8.10.This only occurs for Norman 8.2.8.10 endpoints. If users use the “Truncate” button available on the Patch Module endpoint control panel, users will see errors when viewing event logs via the event viewer.

37873 - There is no rebrand from NESEC 8.2 upgrade to HEAT EMSS 8.3 when the user clicks the hyperlink from the Control Panel to Support Info window.This relates to the “Add or Remove Programs” from the Control Panel. See screen-shot below. This information including the hyperlink does not change following the upgrade.

End of Document


iis website manual update (optional)download01.norman.no/enterprise_security_suite/docs/8.3/... ·...

Documents