Best Practices for Disaster Recovery with Symantec Endpoint Protection



Similar documents
5.6.3 Lab: Registry Backup and Recovery in Windows XP

Backup Exec Private Cloud Services. Planning and Deployment Guide

TSM for Windows Installation Instructions: Download the latest TSM Client Using the following link:

VMware vcenter Configuration Manager Backup and Disaster Recovery Guide vcenter Configuration Manager 5.4.1

STATISTICA VERSION 9 STATISTICA ENTERPRISE INSTALLATION INSTRUCTIONS FOR USE WITH TERMINAL SERVER

Symantec AntiVirus Corporate Edition Patch Update

Symantec Client Firewall Policy Migration Guide

WhatsUp Gold v16.3 Installation and Configuration Guide

Changing Passwords in Cisco Unity 8.x

Lab - Data Backup and Recovery in Windows XP

vcenter Configuration Manager Backup and Disaster Recovery Guide VCM 5.3

VMware vcenter Configuration Manager Backup and Disaster Recovery Guide vcenter Configuration Manager 5.7

Cloud Services for Backup Exec. Planning and Deployment Guide

Operating System Installation Guide

IBM Security QRadar Vulnerability Manager Version User Guide

Getting Started. Symantec Client Security. About Symantec Client Security. How to get started

Getting Started with Symantec Endpoint Protection

WhatsUp Gold v16.1 Installation and Configuration Guide

How To Install And Configure Windows Server 2003 On A Student Computer

RoomWizard Synchronization Software Manual Installation Instructions

Lab: Data Backup and Recovery in Windows XP

Legal Notes. Regarding Trademarks KYOCERA Document Solutions Inc.

Setting up your new Live Server Account

Exchange Reporter Plus SSL Configuration Guide

Magaya Software Installation Guide

Installing and Configuring vcenter Multi-Hypervisor Manager

Configuring SSL in OBIEE 11g

Installation Instruction STATISTICA Enterprise Small Business

Create, Link, or Edit a GPO with Active Directory Users and Computers

ZENworks 11 Support Pack 4 Full Disk Encryption Agent Reference. May 2016

GO!NotifyLink. Database Maintenance. GO!NotifyLink Database Maintenance 1

WhatsUp Gold v16.2 Installation and Configuration Guide

Sophos Enterprise Console server to server migration guide. Product version: 5.1 Document date: June 2012

MTA Course: Windows Operating System Fundamentals Topic: Understand backup and recovery methods File name: 10753_WindowsOS_SA_6.

Symantec Integrated Enforcer for Microsoft DHCP Servers Getting Started Guide

Xopero Backup Build your private cloud backup environment. Getting started

Backup Exec 15. Quick Installation Guide

NSi Mobile Installation Guide. Version 6.2

Moving the TRITON Reporting Databases

Sophos Enterprise Console server to server migration guide. Product version: 5.2

ez Agent Administrator s Guide

Symantec Endpoint Encryption Full Disk

Configuration Guide. Remote Backups How-To Guide. Overview

Active Directory integration with CloudByte ElastiStor

LPR for Windows 95/98/Me/2000/XP TCP/IP Printing User s Guide. Rev. 03 (November, 2001)

Course: WIN310. Student Lab Setup Guide. Summer Microsoft Windows Server 2003 Network Infrastructure (70-291)

12 NETWORK MANAGEMENT

STATISTICA VERSION 10 STATISTICA ENTERPRISE SERVER INSTALLATION INSTRUCTIONS

LifeSize Control Installation Guide

1. If there is a temporary SSL certificate in your /ServerRoot/ssl/certs/ directory, move or delete it. 2. Run the following command:

4 Backing Up and Restoring System Software

How to install Small Business Server 2003 in an existing Active

NetVanta Unified Communications Server Backup and Restore Procedures

Windows Domain Network Configuration Guide

Reconfiguring VMware vsphere Update Manager

Symantec Backup Exec 12.5 for Windows Servers. Quick Installation Guide

Wavecrest Certificate

Symantec Backup ExecTM11d

BioWin Network Installation

Installation Instruction STATISTICA Enterprise Server

How To Use Gfi Mailarchiver On A Pc Or Macbook With Gfi From A Windows 7.5 (Windows 7) On A Microsoft Mail Server On A Gfi Server On An Ipod Or Gfi.Org (

HTTP communication between Symantec Enterprise Vault and Clearwell E- Discovery

DX8100 Series Symantec AntiVirus Corporate Edition Installation Instructions. Version

DigitalPersona Pro Server for Active Directory v4.x Quick Start Installation Guide

AVG Business SSO Connecting to Active Directory

How To Create An Easybelle History Database On A Microsoft Powerbook (Windows)

Backup and Disaster Recovery Restoration Guide

EXPRESSCLUSTER X for Windows Quick Start Guide for Microsoft SQL Server Version 1

Error: "Object reference not set to an instance of an object" When Opening Any Database

Symantec Mail Security for Domino

BrightStor ARCserve Backup Disaster Recovery From Physical Machines to Virtual Machines

Configuring Outlook for Windows to use your Exchange

Mobility Services Platform Software Installation Guide

Exchange Server Backup and Restore

STIDistrict Server Replacement

MadCap Software. Upgrading Guide. Pulse

Table of Contents. Requirements and Options 1. Checklist for Server Installation 5. Checklist for Importing from CyberAudit

STATISTICA VERSION 12 STATISTICA ENTERPRISE SMALL BUSINESS INSTALLATION INSTRUCTIONS

Configuring Windows 2000/XP IPsec for Site-to-Site VPN

NeuralStar Installation Guide

Upgrade Guide BES12. Version 12.1

Juris Installation / Upgrade Guide

In the Active Directory Domain Services Window, click Active Directory Domain Services.

Managing Multi-Hypervisor Environments with vcenter Server

This document describes the installation of the Web Server for Bosch Recording Station 8.10.

VERITAS Backup Exec TM 10.0 for Windows Servers

Network Server for Windows. Overview of the Sequencher Network Page 2. Installing Sequencher Server for the First Time Page 3

+27O.557+! RM Auditor Additions - Web Monitor. Contents

How to Install Multiple Monitoring Agents on a Microsoft Operating System. Version StoneGate Firewall/VPN 2.6 and SMC 3.2

CTERA Agent for Windows

Sophos Anti-Virus for NetApp Storage Systems startup guide

HP ProtectTools Embedded Security Guide

S/MIME on Good for Enterprise MS Online Certificate Status Protocol. Installation and Configuration Notes. Updated: October 08, 2014

Desktop Surveillance Help

Portions of this product were created using LEADTOOLS LEAD Technologies, Inc. ALL RIGHTS RESERVED.

Horizon Debt Collect. User s and Administrator s Guide

Sharp Remote Device Manager (SRDM) Server Software Setup Guide

Sophos Enterprise Console Help. Product version: 5.1 Document date: June 2012

Course 2277: Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure: Network Services

Transcription:

Best Practices for Disaster Recovery with Symantec Endpoint Protection 1 of 5 Symantec.com VERITAS.com Partners About Symantec Cart United States Welcome Products & Services Security Response Support Solutions & Industries Licensing Training Store Webcasts Events News Search All of Symantec Symantec.com > Enterprise > Support > Knowledge Base Best Practices for Disaster Recovery with Symantec Endpoint Protection PRINT THIS PAGE Question/Issue: How do I use Disaster Recovery with Symantec Endpoint Protection? Solution: This section references information covered in the "Installation Guide" (installation_guide.pdf) provided under the "Documentation" folder on the Symantec Endpoint Protection CD1. How to prepare for disaster recovery To perform disaster recovery, you must prepare for disaster recovery. You prepare for disaster recovery by collecting files and information during and after Symantec Endpoint Protection Manager installation. For example, you must document your encryption password during the installation. You must locate and move your keystore file to a secure location. High-level tasks to prepare for disaster recovery: Task Back up your database on a regular basis, preferably weekly, and store the backups off site. Locate your keystore file and your server.xml file. The keystore file name is keystore_<timestamp>.jks. The keystore contains the private-public key pair and the self-signed certificate. The server.xml file name is server_<timestamp>.xml. Create and open a text file with a text editor. Name the file Backup.txt, or a similar name. Open server.xml, locate the keystorepass password, and copy and paste it into the text file. Leave the text file open. If you have one domain only, find and copy the sylink.xml file from a directory in \\Program Files\Symantec\ Symantec Endpoint Protection Manager\data \outbox\agent\. Then, paste it to \\Program Files\Symantec\ Symantec Endpoint Protection Manager\Server Private Key Backup\. If you have multiple domains, for each domain, locate and copy a sylink.xml file on a client computer. Then paste it into the following location: \\Program Files\Symantec\ Symantec Endpoint Protection Manager\Server Private Key Backup. Additional information The database backup directory is located in \\Program Files\Symantec\Symantec Endpoint Protection Manager\data\backup. The backup file is named <date_timestamp>.zip. During the installation, these files were backed up to the directory that is named \\Program Files\Symantec\Symantec Endpoint Protection Manager\Server Private Key Backup. You can also back up these files from the Admin panel in the Symantec Endpoint Protection Manager Console. The password is used for both storepass and keypass. Storepass protects the JKS file. Keypass protects the private key. You enter these passwords to restore the certificate. The password string looks like the below: keystorepass=wjcuzx7kmx$qa1u1 The domain IDs are required if you do not have a backup of the database. This ID is in the sylink.xml file on the clients computers in each domain.

Best Practices for Disaster Recovery with Symantec Endpoint Protection 2 of 5 Open each sylink.xml file, locate the DomainId, and copy and paste it into the Backup.txt text file. You add this ID to a new domain that you create to contain your existing clients. If the Symantec Endpoint Protection Manager was installed to a Custom Web site and configured to use a custom HTTP port, type the custom port in the Backup.txt text file. In the Backup.txt file, type the encryption password that you used when you installed the first site in the installation instance. Note: If the Symantec Endpoint Protection Manager was installed in Simple mode, the password specified for use for the Admin account for the Symantec Endpoint Protection Manager is also the encryption password. If the Admin password is reset post-installation, the encryption password does not change. In the Backup.txt text file, type the IP address and host name of the computer that runs the Symantec Endpoint Protection Manager. In the Backup.txt file, type the site name that identifies Symantec Endpoint Protection Manager. Save and close the Backup.txt file, which now contains the essential information that is required for disaster recovery. Copy these files to removable media, and store the media in a secure location, preferably in a safe. The string in the sylink.xml file looks like DomainId=B44AC676C08A165009ED819B746F1. If the proper port is not used on restore, communication will not work properly. You retype this key when you reinstall the Symantec Endpoint Protection Manager. You must retype the identical key if you do not have a backed up database to restore. It is not required if you have a backed up database to restore, but it is a best practice. If you have a catastrophic hardware failure, you must reinstall Symantec Endpoint Protection Manager on a computer that has the same IP address and host name. While the site name is not strictly required for reinstallation, it helps to create a consistent restoration. After you secure the files, you should remove these files from the computer that runs the Symantec Endpoint Protection Manager. C Appendix The following illustrates a text file that contains the information that is required to perform a successful disaster recovery. If you create this file, you can copy and paste this information when required during disaster recovery. About the disaster recovery process The disaster recovery process requires you to sequentially complete the following procedures: Restore the Symantec Endpoint Protection Manager. Restore the server certificate. Restore client communications. Note: How you restore client communications depends on whether or not you have access to a database backup. Restoring the Symantec Endpoint Protection Manager If you have a disaster, recover the files that were secured after initial installation. Then open the Backup.txt file that contains the passwords, domain IDs, and so forth.

Best Practices for Disaster Recovery with Symantec Endpoint Protection 3 of 5 About identifying the new or the rebuilt computer If you had a catastrophic hardware failure, you may need to rebuild the computer. If you rebuild the computer, you must assign it the original IP address and host name. This information should be in the Backup.txt file. Reinstalling the Symantec Endpoint Protection Manager The key task to perform when you reinstall the Symantec Endpoint Protection Manager is to type the same encryption password you specified during installation of Symantec Endpoint Protection Manager on the server that failed. You should also use the same settings that you used for other options during the previous installation, such as Web site creation, database type, and password used for the admin user account. Restoring the server certificate The server certificate is a Java keystore that contains the public certificate and the private-public key pairs. You must enter the password that is contained in the Backup.txt file. This password is also in the original server_timestamp.xml file. To restore the server certificate 1. Log on to the Console, and then click Admin. 2. In the Admin pane, under Tasks, click Servers. 3. Under View Servers, expand Local Site, and then click the computer name that identifies the local site. 4. Under Tasks, click Manage Server Certificate. 5. In the "Welcome" panel, click Next. 6. In the Manage Server Certificate panel, check Update the Server Certificate and click Next. 7. Under "Select the type of certificate to import", check JKS keystore and click Next. Note: If you have implemented one of the other certificate types, select that type. 8. In the "JKS Keystore" panel, click Browse, locate and select your backed up as "keystore_<timestamp>.jks" keystore file, and then click OK. 9. Open your disaster recovery text file and then select and copy the keystore password. 10. Activate the "JKS Keystore" dialog box and then paste the keystore password into the "Keystore" and "Key" boxes. Note: The only supported paste mechanism is Ctrl + V. 11. Click Next. Note: If you get an error message that says you have an invalid keystore file, it is likely you entered invalid passwords. Retry the password copy and paste process as described above. 12. In the "Complete" panel, click Finish. 13. Log off of the Console. 14. Click Start> Settings> Control Panel> Administrative Tools> Services. 15. In the "Services" window, right-click Symantec Endpoint Protection Manager and click Stop. Note: Do not close the Services window until you are finished with disaster recovery and establish client communications. 16. Right-click Symantec Endpoint Protection Manager and click Start. Note: By stopping and starting Symantec Endpoint Protection Manager, you fully restore the certificate. Restoring client communications If you have access to a database backup, you can restore this database and then resume client communications. The advantage to restoring with a database backup is that your clients reappear in their groups and they are subject to the original policies. If you do not have access to a database backup, you can still recover communications with your clients, but they appear in the "Temporary group." Then you can recreate your group and your policy structure. Restoring client communications with a database backup You cannot restore a database on a computer that runs an active Symantec Endpoint Protection Manager service. You must stop and start it a few times. To restore client communications with a database backup 1. If you closed the Services window, click Start> Settings> Control Panel> Administrative Tools> Services. 2. In the Services window, right-click Symantec Endpoint Protection Manager, and then click Stop. Note: Do not close the Services window until you are finished with this procedure. 3. Create the following directory: \\Program Files\Symantec\Symantec Endpoint Protection Manager\data\backup 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. Copy your database backup file to the directory. Note: By default, the database backup file is named date_timestamp.zip. Click Start> Programs> Symantec Endpoint Protection Manager> Database Back Up and Restore. In the Database Back Up and Restore dialog box, click Restore. In the Restore Site dialog box, select the backup file that you copied to the backup directory, and then click OK. Note: The database restoration time varies and depends on the size of your database. When the Message prompt appears, click OK. Click Exit. Click Start> Programs> Symantec Endpoint Protection Manager> Management Server Configuration Wizard. In the Welcome panel, check Reconfigure the Management Server, and then click Next. In the Server Information panel, modify input values if necessary to match previous inputs, and then click Next. In the Database Server Choice panel, check the database type to match the previous type, and then click Next. In the Database Information panel, modify and insert input values to match previous inputs, and then click Next.

Best Practices for Disaster Recovery with Symantec Endpoint Protection 4 of 5 Note: The configuration takes a few minutes. 15. In the Configuration Completed dialog box, click Finish. 16. Log on to the Symantec Endpoint Protection Manager Console. 17. Right-click your groups, and then click Run Command on Group> Update Content. Note: If the clients do not respond after about one half hour, restart the clients. Restoring client communications without a database backup For each domain that you use, you must create a new domain and insert the same domain ID into the database. These domain IDs are in the disaster recovery text file if they were typed in to this file. The default domain is the "Default domain." A best practice is to create a domain name that is identical to the previous domain name. To recreate the "Default (default) domain", append some value such as "_2" ( Example: Default_2). After you restore domains, you can delete the old default domain. Then rename the new domain back to "Default." To restore client communications without a database backup 1. Log on to the Symantec Endpoint Protection Manager Console. 2. Click Admin. 3. In the "System Administrator" pane, click Domains. 4. Under "Tasks", click Add Domain. 5. Click Advanced. 6. Open the disaster recovery text file, select and copy the domain ID and then paste the domain ID into the "Domain ID" box.

Best Practices for Disaster Recovery with Symantec Endpoint Protection 5 of 5 7. Click OK. 8. Repeat this procedure for each domain to recover. 9. Under "Tasks", click Administer Domain. 10. Click Yes on the "Administer Domain" dialog box. 11. Click OK. 12. Restart all of the client computers. Note: The computers appear in the Temporary group. 13. If you use one domain only, delete the unused Default domain, and rename the newly created domain to Default. References: This document is available in the following languages: Brazilian-Portuguese: http://service1.symantec.com/support/inter/ent-securityintl.nsf/br_docid/20080227100719935 French: http://service1.symantec.com/support/inter/ent-securityintl.nsf/fr_docid/20080229140832935 German: http://service1.symantec.com/support/inter/ent-securityintl.nsf/de_docid/20080229140856935 Italian: http://service1.symantec.com/support/inter/ent-securityintl.nsf/it_docid/20080229140919935 Spanish: http://service1.symantec.com/support/inter/ent-securityintl.nsf/es_docid/20080227100747935 Available Translations: Other Support Options X Need More Help? Contact a Support professional through MySupport Online or Phone. Customer Care For non-technical assistance with product purchases, subscriptions, online services, events, training courses, corporate sales, and more. Support Forums Pose a question to other users. Discussion Forums about specific Symantec products. Was this article helpful to you? Yes No If any information was unclear, or the information you were seeking was not provided, please let us know. Your feedback will help us improve this service. NOTE: Comments entered here will NOT receive support services. If you need Symantec Enterprise product support, please click here. Document ID: 2007082112135948 Last Modified: 08/20/2008 Date Created: 08/21/2007 Operating System(s): Windows 2000 Professional, Windows 2000 Server/Advanced Server, Windows XP Professional Edition, Windows Server 2003 Web/Standard/Enterprise/Datacenter Edition Product(s): Endpoint Protection 11 Release(s): Endpoint Protection 11 [All Releases], Endpoint Protection 11.0 Site Index Legal Notices Privacy Policy Site Feedback Contact Us Global Sites License Agreements 1995-2008 Symantec Corporation

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information