This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SGN Client automatic upgrade or central deployment methodology that works?

Hi there.

Long time user of SafeGuard Enterprise. Initially purchased for laptop FDE, now being used for Data Exchange and File Encryption.

We're in a race against time to complete the rollout of version 7.00.2 to all machines in the enterprise (1300+ at the last count).

This is a mixture of fresh deployments to desktops (where FDE was not needed) and an upgrade of some notebooks which are running various legacy versions of SGN, as far back as 5.6.

I know that there's no direct upgrade path to 7.00.2 from some of the older versions, that's not the reason (directly) for this post.

So, to the point: has anyone found a good way to automatically deploy SGN?

To date, we're stuck using scripts which are run manually on each machine call the 3 msi files in sequence. Typically, the client will eventually be installed using this method (usually 3+ attempts with reboots in between). Pre-reqs and config files typically install without issue.

I'm open to suggestions about how we can better accomplish this!

To say that this current practice is a ball-ache is something of an understatement, especially when we need to upgrade where we usually have the same process again - this is one reason why we've got such a legacy of installed versions.

When I was at Sophos HQ last week, I was shown the persistent file encryption option and (as it fits with a project that I'm currently working on) asked for some more details. At which point I was told that it needed SGN 8.

I rolled my eyes at this and mentioned the fact that upgrade process for us can take several months because of its manual nature. I also pointed out that I was likely to get lynched upon my return if I suggested another SGN upgrade before mid-2017. 

The senior tech that was running through the demo exclaimed that 'it was easy' and then proceeded to click the 'Synchronise' button in SGN which he assured me meant that the machine would download the latest client version from the server and that it would be updated automatically.

Has anyone seen this witchcraft working? Is what I was shown is true then it looks like future upgrades could be very straightforward, however I can't see anything in the (v7) SGN Console that hints as to how this might be achieved.

Any info is gratefully received!

Kind regards,

Mark



This thread was automatically locked due to age.
Parents
  • FormerMember
    +1 FormerMember

    Hello Mark,

    I'm afraid that is Witchcraft indeed, during synchronization the states of the clients are reported to the SafeGuard Enterprise backend, policies are updated and the user-machine assignment is checked, only the following things are changed on the client:

    • Policies that were changed in the Management Center
    • On a Mac, users that have been deleted or blocked in the Management Center are also removed from the list of FileVault 2 users

    In regards to an upgrade of the endpoints this is still an easy process, the pre-install, Client and Configs are all just MSIs (.Zips on a Mac) so can be pushed out via GPO, SCCM, LANDESK or other similar systems. 

    We do have basic documentation for Central Installations (https://docs.sophos.com/esg/sgn/8-0/admin/win/en-us/webhelp/index.htm#concepts/ClientInstallCentralCommand.htm) but if you're looking for some help putting a script together it would be well worth having a chat to our Pro Services team which can be booked in via your account manager.

    I hope that helps Mark but do let me know if you have any questions on that.

Reply
  • FormerMember
    +1 FormerMember

    Hello Mark,

    I'm afraid that is Witchcraft indeed, during synchronization the states of the clients are reported to the SafeGuard Enterprise backend, policies are updated and the user-machine assignment is checked, only the following things are changed on the client:

    • Policies that were changed in the Management Center
    • On a Mac, users that have been deleted or blocked in the Management Center are also removed from the list of FileVault 2 users

    In regards to an upgrade of the endpoints this is still an easy process, the pre-install, Client and Configs are all just MSIs (.Zips on a Mac) so can be pushed out via GPO, SCCM, LANDESK or other similar systems. 

    We do have basic documentation for Central Installations (https://docs.sophos.com/esg/sgn/8-0/admin/win/en-us/webhelp/index.htm#concepts/ClientInstallCentralCommand.htm) but if you're looking for some help putting a script together it would be well worth having a chat to our Pro Services team which can be booked in via your account manager.

    I hope that helps Mark but do let me know if you have any questions on that.

Children
  • Hi Toby

    We have a script which was provided by our Sophos partner for deployment but it is hit-and-miss, as I mentioned.

    Even manually installing the client itself can take 2-3 attempts or more so we have little confidence in an automatic deployment from the MSI but perhaps we'll try it again.

    We'll give this a try over the next few days and report back.

    Thanks,

    Mark