Upgrade Preparations

Before upgrading your Endpoint Security server to version 2025.1 (8.6.0.80), you must prepare your environment.

Endpoint Security Version Requirements

Only Endpoint Security 8.6 and later can be updated to 2025.1 (8.6.0.80).

Upgradable Server Versions

You can upgrade the following versions of the Ivanti Endpoint Security server to version 2025.1 (8.6.0.80).
You can view the version you have installed by opening the Web console and selecting Help > Technical Support and scrolling to Suite Version Information.

Release	Server Suite Version
Endpoint Security 2024.1	8.6.0.70
Endpoint Security 2023.1	8.6.0.60

Upgradable Agent Versions

You can upgrade the following versions of the Ivanti Endpoint Security Agent to version 2025.1 (8.6.0.80).
You can view the agent version installed on each endpoint by opening the Web console and selecting Manage > Endpoints.

Release	Agent Version
Endpoint Security 2024.1	8.6.0.70
Endpoint Security 2023.1	8.6.0.60

Upgrading from any pre-8.6 installation of Endpoint Security to version 2025.1 (8.6.0.80) is a two-step process. You must first upgrade Endpoint Security to version 8.6, and then upgrade to version 2025.1 (8.6.0.80).

Operating System Requirements

The server must be installed on one of the following operating systems to be eligable to upgrade:

Microsoft Windows Server 2022 (Standard and Datacenter editions)
Microsoft Windows Server 2019 (Standard and Datacenter editions)
Microsoft Windows Server 2016 (Standard and Datacenter editions)
Microsoft Windows Server 2012 R2 (Standard, Datacenter, and Foundation editions)
Microsoft Windows Server 2012 (Standard and Datacenter editions)

Microsoft SQL Server Requirements

The Endpoint Security upgrade requires that your database instance for Endpoint Security is SQL Server 2012 or a later SQL Server release.

User Permissions

Endpoint Security upgrades to 2025.1 (8.6.0.80) are completed using Endpoint Security Installation Manager, which uses the serviceadmin account to update the database. This means that the user completing the upgrade does not require administrative rights to complete the upgrade. However, this user does require access to Installation Manager.

Installation Manager Access

Users performing the upgrade require access to Installation Manager, so they must meet one of the following requirements:

The user must be assigned the administrator role within Endpoint Security.
The user must be assigned a custom role with the Installation Manager access right.

For more information about users and roles, see the Endpoint Security User Guide.

Firewall Settings

Endpoint Security 2025.1 (8.6.0.80) requires access to the following Web sites:

https://cdn.securegss.net
http://cache.patchlinksecure.net
http://cache.lumension.com
http://gssnews.lumension.com
http://download.windowsupdate.com
http://www.download.windowsupdate.com (For Microsoft content)
http://go.microsoft.com (For Microsoft content)
http://ardownload.adobe.com (For Adobe content)
http://swupdl.adobe.com (For Adobe content)
http://armdl.adobe.com (For Adobe content)
http://download.adobe.com (For Adobe content)

Important:

Refer to Lumension's New Content Architecture and Lumension Global Subscription Server and GSS Repository Information for additional URLs and IP Addresses which may be required depending upon your configuration and content subscriptions.
The firewalls on your server may require modification to access these URLs. If your corporate policies do not allow you to make the necessary firewall modifications, please contact Ivanti Support for a recommended configuration.

Additional Prerequisites

During upgrade, you are prompted to install software bundled in with the upgrade if they are not already installed on the server. You may be prompted to reboot your server.

AntiVirus Products

AntiVirus products can prevent the necessary installation processes from running correctly. To ensure a successful installation of Endpoint Security 2025.1 (8.6.0.80) you must stop or disable any third-party AntiVirus products (such as McAfee, Trend-micro, Symantec, and so on) before upgrade.

If you use Endpoint Security AntiVirus as your AntiVirus solution, you do not have to disable it.

Storage Folder Backup

Although the storage folder can grow quite large, creation of a backup content storage folder is recommended for Patch and Remediation users. By default, the storage folder is %Installation Directory%\HEAT Software\EMSS\Content.

Database Backup

During upgrade, Endpoint Security Installation Manager updates the existing Endpoint Security databases. Therefore, creation of database backups before upgrade is recommended.

Some of the databases listed may not be present on server. Their presence is conditional based on your server configuration and module licensing.

Database Name	Product
PLUS	Endpoint Security
PLUS_Reports	Endpoint Security Enterprise Reporting Client
STAT_Guardian	Endpoint Security
UPCCommon	Endpoint Security
UPCExtended	Endpoint Security
ERS	Endpoint Security Enterprise Reporting
ERS_Staging	Endpoint Security Enterprise Reporting
ReportServer ¹	Microsoft SQL Server Reporting Services
ReportServerTempDB ¹	Microsoft SQL Server Reporting Services
Subscription features available in Microsoft SQL Server Reporting Services can be implemented in HEAT Enterprise Reporting. By default, the database names are ReportServer and ReportServerTempDB. Data protection capabilities in is enhanced with a full disk encryption add-on from Sophos. The installation of results in a Safeguard database. Refer to Creating a Database Backup in the Endpoint Security Help for additional information.