Here is some guidance and recommendations when wishing to upgrade from Symantec Brightmail Gateway 9.0.x to Symantec Messaging Gateway Version 9.5.x or from version 8.0.3.
The following sections contain migration information to read before you update to version 9.5.x.
If you are updating from version 9.0.x, only the "best practice" items in the following section apply to your situation.
Note: You must update to Symantec Messaging Gateway 9.5.x from Symantec Brightmail Gateway 8.0.3 or later. If your Control Center and Scanners are not running version 8.0.3 or later you must update them to 8.0.3 before you update to version 9.5.x.
After you update the Control Center and Scanners to version 8.0.3, ensure that the Control Center can communicate with all Scanners. If the communication is successful, proceed to update the Control Center and Scanners to version 9.5.x.
Table 1-1 Symantec Brightmail Gateway Migration Guidance
|Best practice: Perform a backup||Symantec recommends that you take a full system backup before you run the software update.|
|Important: Do not reboot||The software update process may take several hours to complete. If you reboot before the process is complete, data corruption is likely. If data corruption occurs, the appliance must be reinstalled with a factory image.|
|Important: Reduce Spam Quarantine size||Versions prior to 9.0 used a database for Spam Quarantine messages. In 9.x, Spam Quarantine
messages are stored in the file system to make the message store more robust and scalable.
Migration of Spam Quarantine messages to the file system can take a significant amount of time
depending on the number of messages to be migrated. Migration can take several hours if your
Spam Quarantine contains a large number of messages. To minimize the migration time, reduce
the number of messages in Spam Quarantine before you update the Control Center to version 9.5.x
from version 8.0.3. Use the Spam Quarantine Expunger to reduce the number of Spam Quarantine
messages. This is not applicable if you are already running 9.0.x.
|Important: Reduce content incident folder size||Changes have been made in how content incidents are stored. As a result, migrating content
incidents can take a significant amount of time. In particular, the amount of time can be large if your Control Center has a large number of incidents in the folders. To minimize update time, delete unnecessary incidents before you update the Control Center to version 9.5.x from version 8.0.3.
This is not applicable if you are already running 9.0.x.
|Best practice: Delete log messages||If your site policies let you, delete all Scanner and LDAP log messages.|
|Best practice: Stop mail flow to Scanners and flush queues before updating||To reduce Scanner update time and complexity you should stop mail flow to Scanners and reduce the size of all queues.
To halt incoming messages, click Administration > Hosts > Configuration, click a Scanner, click Do not accept incoming messages, and click Save. To check the queues, click Status > SMTP > Message Queues. Flush the messages that are left in the queues.
|Best practice: Stop mail flow to shared Control Center/Scanner systems if using content incidents||Stop mail flow to all-in-one Control Center and Scanner systems before you update. The new incidents that are created on a combined Control Center and Scanner during the migration process are stored in the default incident folder. This behavior is limited to only the new incidents that are created during the Control Center migration. All previously created incidents are migrated to the correct folders. After you update to version 9.0, new incidents are sent to the correct folder.|
|Best practice: Update Scanners first||Each appliance must be updated individually. As a best practice, Symantec recommends that you update all Scanners before updating the Control Center. You do not have to update all of your Scanners at the same time. You can update some Scanners to version 9.0 and leave some with the older version. That way some Scanners continue to protect your site while you update others. However, if the Control Center and Scanner versions are different, the Control Center cannot make configuration changes to the Scanner.|
|Best practice: Perform software update at off-peak hours||When you update the Control Center, the Control Center appliance is offline and unusable. Scanners cannot deliver messages to quarantine on the Control Center during the software update, so messages build up in a queue. Running software update on a Control Center appliance can take quite some time. Plan to update the Control Center appliance during off-peak hours.
When you migrate a Scanner, it goes offline. Scanner resources are unavailable during the migration process. Software update of a Scanner takes less time than the software update of the Control Center.
|Directory integration considerations||
■ For some installations, you may need to add access to LDAP ports for 9.0.x. The Control Center
|Domino-specific directory integration considerations||
If you are using one or more Domino LDAP Sync sources with one or more "Alias domain" values, add those values as Symantec Messaging Gateway domain aliases before you update to version 9.0.x.
Once you have updated, you can optionally modify the resulting data directory service recipient validation and address resolution query filters to include (mail=%u@<domain>) and (uid=%u@<domain>) clauses as necessary, if you do not want to use domain aliases on the Symantec Messaging Gateway host.
|New content folders are created||
■ After you update a Control Center to version 9.0.x from 8.0.3, the Control Center displays twice
|User Preferences Considerations||
■ Versions of Brightmail Gateway prior to 9.0 used the LDAP synchronization schedule time to
|Change in crash alert mail from||In previous releases, crash alert notifications were sent from process-cleanup@<appliancehostname>. In versions 9.0.x, the envelope sender of a crash alert is the same address as the envelope recipient.|
|URI reporting disabled after update||This release can detect and record Uniform Resource Identifiers (URI) that occur in email messages to improve URI-based filters. Symantec Messaging Gateway sends Symantec Security Response every URI in the messages that Symantec Messaging Gateway scans for spam (inbound and
Symantec uses this information to develop new URI-based filters. You receive
these updated filters through the Conduit. This feature is enabled by default. If you want to change this setting, go to the Email tab of the Spam > Settings > Scan Settings page, check or uncheck the item “Report URIs to Symantec Security Response” then click Save.