Client Management Suite

Symantec ITMS 8.1 Upgrade Methodology  

Apr 09, 2017 09:13 AM

 

 

Symantec’s IT Management Suite (ITMS) is a highly functional endpoint management product.  It possesses numerous infrastructure scaling features to assist organisations with complex network and use-case requirements. Using these however can be a double-edged sword. The more complex the configuration of your management components, the more necessarily complex your subsequent infrastructure upgrades will be. Upgrades should therefore be executed with a level of care that is appropriate to both your infrastructure complexity and the implementation’s business criticality.

Our infrastructure configuration is not uncommon in the ITMS world; a few thousand nodes, an SMP (Symantec Management Platform), a site server and a cloud gateway. We are fairly mature ITMS customers and have over the years gained a lot of experience in what works well for our environment upgrades. To give you an idea of the time scales behind our SMP upgrades, we anticipate each major upgrade taking one Altiris Administrator a month. This breaks down as nearly 4 weeks of preparation, a day upgrading the live infrastructure, and a day of acceptance testing.

Like many enterprise customers, before any of our upgrades can be signed off from a change management perspective, we are required to put in place a robust ‘rollback’ plan. To facilitate this, the Altiris infrastructure is firewalled off from client access throughout most of the upgrade window. This keeps the upgrading environment encapsulated, permitting a seamless rollback in the unlikely event of unresolvable issues arising. As a side note, in the 6 or more years that we’ve had this style of upgrade plan in place, we’ve never had to rollback and reschedule an ITMS infrastructure upgrade.

Following the upgrade of our SMP infrastructure components, we execute acceptance testing plans. Should these pass, the firewalls on the SMP, Site Server and Internet Gateway are opened up in stages to allow communication with our client estate.  From this point, agents and plugins will being their rollout. The client connection profile of our estate means that we expect 60% of clients to upgrade within the first 24hrs.

This article runs through our upgrade process, and hope this will assist other Altiris Administrators out there who are considering their upgrade plans. The key takeaway is that the bulk of our upgrade work is spent in preparation. This methodology underpinned our 7.5SP1 to 8.0 upgrade (which we detailed here on Symantec Connect) as well as our more recent server management infrastructure upgrade of 8.0 to 8.1.

 I hope this helps, and if you've anything to add/correct/share please feel free to comment.

 

Statistics
0 Favorited
2 Views
2 Files
0 Shares
1 Downloads
Attachment(s)
xlsx file
SMP Upgrade Checklist-CONNECT.xlsx   24 KB   1 version
Uploaded - Feb 25, 2020
pdf file
Symantec ITMS 8.1 Upgrade Methodology.pdf   1.28 MB   1 version
Uploaded - Feb 25, 2020

Tags and Keywords

Comments

May 12, 2017 04:24 PM

I don't currently use ITMS or SMP, but the methodology here rings true to most any major infrastructure rollouts.  The preparation and planning is key.  Careful planning makes sure that nothing is missed.  And planning for any possible outcome all but guarantees no risk of downtime.  Nice write up!

May 09, 2017 02:33 PM

I would love for my company to bring in ITMS. Just seeing Symantec have an upgrade write like this makes it so much better then our current tool. Hopefully when the time comes to find a new management tool I can use the Symantec Connect community support as a selling point. Keep up the good work.

Apr 26, 2017 10:40 AM

Great one Ian. make it as simple as possible. We need to go through multiple CR forms and approvals. Migration needs to be simple and stright forward with backward compatibility.  I had few problems in 7.0 to 7.5 migration. We missed some data and auditor hold us responsible but anyway....looking for more such information.

Apr 25, 2017 08:15 AM

Great article Ian. We trust and beleive your efforts and the solution is getting towards more n more matured with cloud hosting and peer to peer support for those small and mid size customers who want small TCO but good ROI. Upgrade is important and must to have. All the best and way to go.

Apr 25, 2017 07:29 AM

Maybe you'll start a trend?

We can only hope..... ;-)

Apr 25, 2017 07:26 AM

@Rishiraj -that's a good point. What I hope to see in the figure is an 'Upgrade Portal'. This would have on it a synopsis of the relevant filters and targets so at least you can have a screenshot of the salient aspects of your current configuration.

I've got some SQL which could be recycled for this, and will work this into my upgrade checklist to accelerate this aspect.

Apr 25, 2017 07:06 AM

Great Ian ....the article gives ample of information on the upgrade methodology. What I beleive is that Altiris should have some kind of "Take Config Backup" button or option to take the backup of those time consuming configuration like jobs/tasks/filters etc and one can restore them post upgrade. Anyway the server side upgrade is easy but takes a lot of time. Overall we have not same across major issue. Good article

Apr 25, 2017 04:44 AM

Article and detailed and good. There could be many customers running different versions and shifting the entire infrastrucutre from one version to other it tiresome and difficult. Need to have simple methodology which can followed with ease and get the latest version running. Though we never had issues previously, but it can not be that they wont come in future. One thing is good that Altiris versions are not like others who comes every month or two.

Apr 24, 2017 09:27 AM

Excellent document Ian!  This will be very useful for us and many others.  Keep these guides coming - they are invaluable!

Apr 24, 2017 09:16 AM

Nice one Ian, great to see this sort of methodology shared with the Symantec community. I'm sure everyone will have slightly different methods of doing things but we can all learn from each other. Key here is in the planning stage, which can be made harder by things outside of your control ;-)

Apr 21, 2017 01:49 AM

Interesting Article Ian. Previously the upgrades were time cosuming and lead to some other issues. Hope the process now goes smooth. I see many customers are still on 7.5 and keen to move to 8.X Finally the load on Altiris Administrators are going to ease with time. Keep it up Symantec.

Apr 18, 2017 03:38 PM

En experiencia pasadas donde las mejoras importantes no fueron perfectas por el apoyo de Symantec siempre ha estado con nosotros. Muy buen articulo funciona como una guia para la mejora. Excelente.


Apr 18, 2017 06:35 AM

Good work Ian, nice to see Symantec allowing users to share their experiences in this way. Not a product I use but I think premise of the methodology applies to all upgrades - planning planning planning! 

Apr 17, 2017 10:42 AM

Upgrade processes can be a daunting task. There is always the risk of the unknown if something were to go south. I have had my experiences with Symantec products and upgrading and as I go through them they have gone smoother and knowing I can reach out to my account rep and support to escalate as needed puts my mind at ease. Articles such as this one help as well.

Apr 16, 2017 12:43 AM

I do not have much experiences of ITMS, but this is an interesting article, be honest, the procedue author mentioned is something very fundmental and we all should do on most of the products we are running the upgrade. test and signoff plus a roll back plan is time consuming, but they are very necessary. 

Apr 15, 2017 03:06 AM

I'm interested to read more, its somthing that we don't use currently but I have been looking into IT Managment Suite.

Apr 14, 2017 11:16 PM

Implementing security controls without testing and I lab first could be career suicide. I was at a job where a guy enabled who space IPS without testing and applied the full policy. Needless to say he was walked to the door. Glad Symantec is doing the right thing.

Apr 14, 2017 06:18 PM

download.jpg

Apr 14, 2017 05:42 PM

LOL

Apr 14, 2017 04:21 PM

Well written, thank you!  Will be useful in future.

Apr 14, 2017 05:13 AM

#NeverForgiveNeverForget

Let it go man. This will eat you up faster, than say, I can make your pizza vanish before your eyes.... ;-)

Apr 13, 2017 11:24 PM

This is very helpful. I've had past experiences where major upgrades were not perfect by Symantec support has always been with us through and through. Thanks for the content! See you in 8.1!

Apr 13, 2017 04:48 PM

Interesting read. While there is no plans for us to move to this, it's good to see something like this is published so we can come across this in case we needed something/some help & guidance with setting it up.

Keep 'em coming!

Apr 13, 2017 03:17 PM

I read this article, voted it up, and left a comment of the highest quality because I wanted the points, not because I understood it. My hope is that I can one day redeem the "Pizza Party!" reward in the rewards section on Gold. It's a $300 value and more pizza than I could ever eat in a single sitting. I would invite you but force you to watch me eat all of the pizza while giving none to you. Only then would we call it even.

Great article though! Keep 'em coming, Doc.

RIP (rest in pizza)

Apr 13, 2017 03:05 PM

Good job Ian,

 

I have always enjoyed your articles, forum posts and helpful tools you have created over the years.

We have had no isses with upgrades either in the past, even though we are still sitting on 7.5 sp1 with the comapny debating the sccm route versus letting us go to 8.x, the whole process is very efficient.

I always try to upgrade on a test server first, granted the test server is not as "customized" as the prod server it at least gives us an idea of the tasks being performed and potential port upgrade tweaks we may have to redo.

 

Thanks for all your input to the product.

Apr 13, 2017 12:29 PM

Thanks for the post! This info will come in handy to many people. I like that the PDF has full color images in it. That makes for an easily understandable guide :)

Apr 13, 2017 10:52 AM

A good article, cheers. Not a product that i've used but interesting principles of any infrastructure upgrade. Nice to see that acceptance testing forms such an important part of the upgrade process. Something that we all should be thinking about.

Apr 13, 2017 10:49 AM

Another good article from Ian and Symantec, thanks. As you said, planning is key to any upgrades. Interesting to read how it took you nearly 4 weeks of preparation, a day upgrading the live infrastructure, and a day of acceptance testing. Job well done!

Apr 13, 2017 10:45 AM

An interesting to read about the IT Management Suite (ITMS), although it's not something I use. Good points about make time in your upgrade change schedule to ensure that critical funtionality are fully tested. Thanks.

Apr 13, 2017 10:32 AM

Was an intriguing artical, we currently do not use ITMS... Going to do some research to way out the pros/cons. We also moved a way from altiris a couple years ago to sccm because of certain deployment related issues. Hopefully all those idiosyncrasies have been resolved... Gotta luv technology.

Apr 13, 2017 10:23 AM

I'm pleased to hear that acceptance testing forms such a critical part of the upgrade methodology.  It's SO important, nay critical, to make time in your upgrade change schedule to ensure that critical funtionality is fully tested.  Great Job! I believe that sharing this article will encourage others to upgrade and your experiences here are invaluable.

Apr 13, 2017 09:42 AM

As well written as usual, Ian. It's not a product that we currently use live but I was looking to run the upgrade at some point anyway, just to keep up-to-date.

As Alex noted above, I think this is the first time I've seen a picture in Symantec documentation. Maybe you'll start a trend?

Apr 13, 2017 09:41 AM

Great write up IAN, glad too see content like this being added to Symantec Connect.

 

Good job buddy

Apr 13, 2017 09:11 AM

Awesome methodology write up!

In my environment, we are currently at 7.5SP1, but we have aspirations to upgrade to 8.0 (or 8.1).  I've read many good things about the 8 platform and look forward to seeing it's new CEM features at hand!

Apr 13, 2017 06:17 AM

Wonderful writeup by Ian.

The Writeup, actually shows the your indepth knowledge and experience in ITMS.

Your Detailed article on methodology for upgrade of ITMS 7.5SP1 to 8.0 can only be written by someone who is "Best" with the planning and implementation methodology.

Great work and keep it up..!!

 

Apr 13, 2017 04:19 AM

@reto -Thanks and good to hear that you've a high success rate with rollouts. The aim of my strategy here is to reduce the probability of upgrade failure, and think that every partner will agree that planning is key. It's therefore really less about upgrade day, but more about everything you've done in advance of that.

The idea of the firewall to block the connections is also to allow you to test the agent rollout and functionality at a more measured pace. I personally find that just disabling/enabling policies to be rather coarse, and generally need something a bit more fine grained. Altiris allows the use of targets for this, but as I say in the article, I find it far simpler just to update the Windows firewall.

@Alex -There are many in Symantec who understand that 'enhanced' documentation is needed for these things -I hope we'll see more docs like this (and with more even more detail) in the months to come.

Apr 13, 2017 04:13 AM

It will be interesting to upgrade to Symantec’s IT Management Suite and at the same time to manage the complexity of the configuration files. We too never had issues in upgrading in past. This article will help a lot no doubt. Thanks for the article

Apr 13, 2017 03:20 AM

I never had issues upgrading the Altiris environment with connections from clients during and directly after the upgrade. Just disable the agent upgrade policies before the update! But thank you for your upgrade guide, it's very deep and interesting to see how other guys doing such upgrades! I've done a lot Altiris upgrades and the most of it were successful with the first try. 

Apr 13, 2017 03:19 AM

Great write up Ian,

Is that images I see in a Symantec Article? I think I need to sit down for a while :p

Planning is key, what's that famous quote again "Failing to plan is planning to fail"

Related Entries and Links

No Related Resource entered.