Symantec’s IT Management Suite (ITMS) is a highly functional endpoint management product. It possesses numerous infrastructure scaling features to assist organisations with complex network and use-case requirements. Using these however can be a double-edged sword. The more complex the configuration of your management components, the more necessarily complex your subsequent infrastructure upgrades will be. Upgrades should therefore be executed with a level of care that is appropriate to both your infrastructure complexity and the implementation’s business criticality.
Our infrastructure configuration is not uncommon in the ITMS world; a few thousand nodes, an SMP (Symantec Management Platform), a site server and a cloud gateway. We are fairly mature ITMS customers and have over the years gained a lot of experience in what works well for our environment upgrades. To give you an idea of the time scales behind our SMP upgrades, we anticipate each major upgrade taking one Altiris Administrator a month. This breaks down as nearly 4 weeks of preparation, a day upgrading the live infrastructure, and a day of acceptance testing.
Like many enterprise customers, before any of our upgrades can be signed off from a change management perspective, we are required to put in place a robust ‘rollback’ plan. To facilitate this, the Altiris infrastructure is firewalled off from client access throughout most of the upgrade window. This keeps the upgrading environment encapsulated, permitting a seamless rollback in the unlikely event of unresolvable issues arising. As a side note, in the 6 or more years that we’ve had this style of upgrade plan in place, we’ve never had to rollback and reschedule an ITMS infrastructure upgrade.
Following the upgrade of our SMP infrastructure components, we execute acceptance testing plans. Should these pass, the firewalls on the SMP, Site Server and Internet Gateway are opened up in stages to allow communication with our client estate. From this point, agents and plugins will being their rollout. The client connection profile of our estate means that we expect 60% of clients to upgrade within the first 24hrs.
This article runs through our upgrade process, and hope this will assist other Altiris Administrators out there who are considering their upgrade plans. The key takeaway is that the bulk of our upgrade work is spent in preparation. This methodology underpinned our 7.5SP1 to 8.0 upgrade (which we detailed here on Symantec Connect) as well as our more recent server management infrastructure upgrade of 8.0 to 8.1.
I hope this helps, and if you've anything to add/correct/share please feel free to comment.