Educause Security Discussion mailing list archives
Re: PGP Universal Server 3.1.0
From: Sean Maher <seanm () UAB EDU>
Date: Wed, 2 Mar 2011 08:56:17 -0600
To supplement Chris' description. We also have 2 servers in prod. Since you have to build a new server any time you go to a new major build (i.e. 3.0+), we build out the VM that's not currently in use with a different IP but we don't do the restore. On the night of the upgrade, we pull a backup from the old server, shut it down, and restore it to the new server which will set the IP, hostname, etc. We do this to ensure that if something goes wrong we can just swap back to the old server within 5 minutes. From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Chris Green Sent: Monday, February 28, 2011 4:43 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] PGP Universal Server 3.1.0 We have a separate test lab where we have a separate Universal Server we boot up for testing. Since it only auths against AD and we have a limited number of macs to test with, it's exposed to internal IPs. We have a pretty extensive set of tests we run each upgrade cycle for our supported versions of PGP in our lab environment. Basic builds with Version X of PGP. Can it report? Can it enroll? Can you do key recovery? Can you upgrade it to the latest installer? Can you upgrade our oldest version? The only big thing we ever have to watch out for with PGP upgrade mechanics is when a system gets restored from backup, it "recovers" the IP address too which is bad for a server where they try to not let you login as root. From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Youngquist, Jason R. Sent: Monday, February 28, 2011 3:16 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] PGP Universal Server 3.1.0 We are currently running PGP Desktop version 10.0 and PGP Universal Server 2.12 (primary/secondary cluster) in VMWare. We are looking to upgrade to 3.1.0 and I was wondering if anyone has ran into any problems/issues. Also, when going from one version of PGP Universal Server to another, do you test it out in a test environment first? If so, I'd be interested in how you do this in a virtual environment such as VMWare. We tried it awhile ago, and ran into some issues because we didn't have a test AD server. Please feel free to email me off list. Thanks. Jason Youngquist Information Technology Security Engineer Technology Services Columbia College 1001 Rogers Street, Columbia, MO 65216 (573) 875-7334 jryoungquist () ccis edu<mailto:jryoungquist () ccis edu> http://www.ccis.edu<http://www.ccis.edu/>
Current thread:
- PGP Universal Server 3.1.0 Youngquist, Jason R. (Feb 28)
- Re: PGP Universal Server 3.1.0 Josh McCune (Feb 28)
- Re: PGP Universal Server 3.1.0 Chris Green (Feb 28)
- Re: PGP Universal Server 3.1.0 Brad Judy (Mar 01)
- Re: PGP Universal Server 3.1.0 Sean Maher (Mar 02)