We have a SEPM installation with 2 SEPM servers that talk to a single SQL DB backend (the failover/load balance scenario).

I want to upgrade the OS the SEPM servers are running on (but keep the same server names/ips) so I was wondering should this work:

1. Get the backup keys as per the disaster recovery document
2. Turn off existing server. Clients should just report to other server (?)
3. Runup new server with new OS (same name and IP) and install SEPM. Import backup/recovery key and it should become available again as a SEPM server the clients can report to.
4. Done?

How to move Symantec Endpoint Protection Manager from one server to another server

Hi, If you are planning to upgrade or migrate to Symantec Endpoint Protection 12.1.2, please take a look at the latest how-to article created by SEP content council team. http://www.symantec.com/business/support/index?pag.. How to move Symantec Endpoint Protection Manager from one server to another server http://www.symantec.com/business/support/index?page=content&id=TECH199292 https://www-secure.symantec.com/connect/forums/how-move-sepm-one-server-another-different-ip-address-and-host-name

correct the steps are correct

1. Get the backup keys as per the disaster recovery document
2. Turn off existing server. Clients should just report to other server (?) : Turn off 1 SEPM and upgrade the OS . The client will report to other SEPM.
3. Runup new server with new OS (same name and IP) and install SEPM. Import backup/recovery key and it should become available again as a SEPM server the clients can report to.: just add as additional server with sme host name and IP
4. Done? : follow the same steps with other SEPM.

Hi,

Thank you for posting in Symantec community.

I would be glad to answer your question.

Given plan looks good to me. Only make sure have correctly configure Management Server list after installing SEPM on the same box. Because it's a failover/load balancing scenrio.

Creating and assigning a management server list for a Symantec Endpoint Protection Manager

http://www.symantec.com/business/support/index?page=content&id=TECH103175&locale=en_US

 Managed Load Balancing: Setting up Management Server Lists based on locations in Symantec Endpoint Protection Manager.

http://www.symantec.com/docs/TECH104582

Hello,

I believe your plan is perfect.

Best Recomendation would be to take the Backup of Symantec to be prepaired for Disaster

http://www.symantec.com/business/support/index?page=content&id=TECH160736

Then go ahead with Migration of Windows and Install Symantec with SQL as Database and Just Import the Server Certificates.

Once done with Installation, Add MSL changes and create priorities. 

http://www.symantec.com/docs/HOWTO26806

In case, you are planning to migrate the SEPM as well, check this Thread: 

https://www-secure.symantec.com/connect/forums/sep-1106-121-2008-r2-ent

As you already have a load-balanced/failover setup, your process for upgrading the OS is grealy simplified.

Obviously get everythin ready for a DR (backup of the keys, DB and everything is always recommended).  Hopefully you won't have to use them.

It should be as simple as:

1. Shutdown and rebuild SEPM1 with new OS
2. Log onto SEPM2 and delete SEPM1 from the site (under ADMIN -> SERVERS in the SEPM console)
3. Install SEPM1 as additional server to existing site (maintaining same SEP version)
4. Done (Rinse and Repeat)

The certs are stored in the DB, which is why copying these is not invovled in setting up an additional SEPM in the first place (http://www.symantec.com/docs/HOWTO26807).  Just make sure you leave enough time for the clients to pick up and swap over to the other SEPM at each point, and you should be fine.

Essentially, after step 2, you're in the same state as if you were just running a Single SEPM site with an off-box DB.  You're just adding a "new" SEPM into an existing site at that point.