Educause Security Discussion mailing list archives

Re: PGP Universal Server 3.1.0

From: Sean Maher <seanm () UAB EDU>
Date: Wed, 2 Mar 2011 08:56:17 -0600

To supplement Chris' description. We also have 2 servers in prod. Since you have to build a new server any time you go 
to a new major build (i.e. 3.0+), we build out the VM that's not currently in use with a different IP but we don't do 
the restore. On the night of the upgrade, we pull a backup from the old server, shut it down, and restore it to the new 
server which will set the IP, hostname, etc. We do this to ensure that if something goes wrong we can just swap back to 
the old server within 5 minutes.

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Chris 
Green
Sent: Monday, February 28, 2011 4:43 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] PGP Universal Server 3.1.0

We have a separate test lab where we have a separate Universal Server we boot up for testing.  Since it only auths 
against AD and we have a limited number of macs to test with, it's exposed to internal IPs.

We have a pretty extensive set of tests we run each upgrade cycle for our supported versions of PGP in our lab 
environment.   Basic builds with Version X of PGP.  Can it report?  Can it enroll?  Can you do key recovery?  Can you 
upgrade it to the latest installer?  Can you upgrade our oldest version?

The only big thing we ever have to watch out for with PGP upgrade mechanics is when a system gets restored from backup, 
it "recovers" the IP address too which is bad for a server where they try to not let you login as root.

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of 
Youngquist, Jason R.
Sent: Monday, February 28, 2011 3:16 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] PGP Universal Server 3.1.0

We are currently running PGP Desktop version 10.0 and PGP Universal Server 2.12 (primary/secondary cluster) in VMWare.  
We are looking to upgrade to 3.1.0 and I was wondering if anyone has ran into any problems/issues.

Also, when going from one version of PGP Universal Server to another, do you test it out in a test environment first?  
If so, I'd be interested in how you do this in a virtual environment such as VMWare.  We tried it awhile ago, and ran 
into some issues because we didn't have a test AD server.

Please feel free to email me off list.

Thanks.
Jason Youngquist
Information Technology Security Engineer
Technology Services
Columbia College
1001 Rogers Street, Columbia, MO  65216
(573) 875-7334
jryoungquist () ccis edu<mailto:jryoungquist () ccis edu>
http://www.ccis.edu<http://www.ccis.edu/>

Current thread:

PGP Universal Server 3.1.0 Youngquist, Jason R. (Feb 28)
- Re: PGP Universal Server 3.1.0 Josh McCune (Feb 28)
- Re: PGP Universal Server 3.1.0 Chris Green (Feb 28)
  - Re: PGP Universal Server 3.1.0 Brad Judy (Mar 01)
  - Re: PGP Universal Server 3.1.0 Sean Maher (Mar 02)