Philadelphia Security User Group

 View Only
  • 1.  upgrade to DLP 14.6

    Posted Feb 13, 2017 03:18 PM

    I'm looking to upgrade from DLP 12.5.3 to 14.6.  I know Mike Phelps gave his story at the last user group meeting.  Just looking to see if anyone else has done this and can offer timelines of how long it took?  Any hints, tips, or tricks also appriciated. 



  • 2.  RE: upgrade to DLP 14.6
    Best Answer

    Posted Feb 14, 2017 12:45 AM

    DLP v14 now Supports/runs with Oracle 11.2.0.4 or 12c Enterprise

    Thus, from DLP 12.5.3 (Oracle 11.2.0.3) you need to update Oracle to 11.2.0.4 (if not upgraded already). After you have upgraded Oracle to 11.2.0.4 you can proceed to upgrade to DLP v14.0

    So to summarize:

    Update Oracle 11.2.0.3 --> Oracle 11.2.0.4  (4-6 hours) --> Upgrade DLP to v14.0 (2 hours) --> Upgrade DLP to v14.5 (2 hours) --> Upgrade DLP to v14.6 (2 hours)

    Note: Timelines may vary depending on hardware, database size, backup strategy, etc.

    Ideally, we need to update the Enforce first, then the Dectection Server followed by Agents & Scanners.

    During most upgrades automatic update feature fails due to the complexity involved - you could use the below link to trigger a manual upgrade, if that happens:

    Enforce Manual Upgrade:
    https://www-secure.symantec.com/connect/articles/m...

    Detection Manual Upgrade:
    https://www-secure.symantec.com/connect/forums/loc...

    Ofcourse, you would need to backup the Oracle DB and Enforce before proceeding. The below article is for 14.x, but the process remains the same:

    https://www.symantec.com/connect/articles/symantec-data-loss-prevention-v1401-server-backup-step-step



  • 3.  RE: upgrade to DLP 14.6

    Trusted Advisor
    Posted Feb 14, 2017 02:01 AM

    hello,

     it may takes lot of times especially if you have all detection servers type deployed, and even worse if they are spread all around the world.

    If you also need to upgrade oracle DB version (and may be also OS version), you may think about starting a new DLP infrastructure from scratch (especially enforce and DB then link all your existing detection server and upgrade them after). This could be really good things if your DLP infrastructre has already been upgraded several times and it is quite "old". so of course there is pros and cons for both scenarii so it really depends of your company constraints and expectation with this upgrade.

     Regards.