Introduction to Reference Configurations
Reference configurations are deployment scenarios that we recommend, which have undergone extensive testing to ensure proper sequencing. The scenarios reduce the need for restarts and improve ease of execution. Use the reference configuration report finder to find the scenario that you need. The search tool allows you to filter reference configuration documents by product, installation type (fresh installation or upgrade), and Windows version.
For more details about reference configurations and answers to frequently asked questions, see KB88274 - Introduction to Reference Configurations.
This reference configuration document is designed for customers who already have our products deployed. This document was created by building a baseline system matching the most commonly deployed versions of our products at that point in time, and then upgrading to recently released product versions. The intent is to provide a roadmap for upgrading to recent releases.
NOTE: Not all products are included in this document. It represents products that are commonly used. If your product mix is a subset of this configuration, you can skip over any product deployment that does not apply to your needs. The recommended products in this reference configuration don't necessarily represent the latest released versions of many products.
Before You Begin
Before beginning the deployment process, there are several preparatory actions that help lead to a successful deployment process.
Review the latest release notes and known issues
Although we officially recommend this reference configuration, we might discover issues that can impact the success of your deployment. See the "Recommended Product Configuration" table for links to known issues for each product version.
Plan for restarts
Some operating system driver modules installed during product upgrades are properly loaded into memory only at runtime. As a result, they need a restart to facilitate the loading of the new drivers. Limitations of the operating system require that only one version of these drivers be loaded at a time. So, depending on which products you're installing, you might need to restart multiple times. This deployment path has been optimized to minimize the number of restarts needed when you update all products listed in the sequence.
If you're planning to update only a subset of products, plan to restart after the updates are complete.
Adapt this guideline to your specific upgrade plan
Your current deployment baseline might differ from the versions mentioned in the "Recommended Product Configuration" table. If some of your product versions are more recent than this provided baseline, you can still follow the recommended sequence. If you don't use some of the products in the list, you can skip that product.
Recommended Product Configuration
The table below lists commonly deployed products, determined based on telemetry samplings from a large set of customers. We recommend that you deploy these products to take advantage of the recent product offering for ENS 10.6.1. This configuration is extensively tested for cross-product compatibility using the operating systems listed below.
Operating systems: Windows Server 2012 R2 upgrade to Windows Server 2019
| Products |
Common
Versions |
Recommended Versions |
Known Issues |
| ePolicy Orchestrator (ePO) |
5.3.2.1563 |
- |
- |
| Protection Workspace |
- |
Service Extension: 1.0.0.6783
UI Extension: 1.0.0.6713 |
- |
| DXL Broker |
- |
4.1.1.1133 |
- |
| TIE Server |
- |
2.3.0.328 |
KB85172 |
Active Response
Server |
- |
Bundle: 2.4.0.134
Server: 2.4.0.158 |
KB88196 |
| Advanced Threat Defense |
- |
4.4.0 |
KB89507 |
| Web SaaS1 |
- |
Configure to work with
Skyhigh Client Proxy (SCP) |
- |
| McAfee Agent |
5.0.6.2203 |
5.5.1.3883 |
- |
| VSE |
8.8.0 Patch 9
Client: 8.8.0.1804 |
- |
- |
ENS
- ENS Platform
- ENS Threat Prevention
- ENS Firewall
- ENS Web Control
|
- |
10.6.1.1068
10.6.1.1128
10.6.1.1045
10.6.1.1047 |
KB82450 |
| SCP |
- |
2.3.5.243 |
KB83131 |
| DXL Client |
- |
4.1.2.1073 |
- |
| Adaptive Threat Protection |
- |
Extension: 10.6.1.1037
Client: 10.6.1.1064 |
KB88788 |
| AR Client |
- |
2.4.0.158 |
KB88196 |
Host Intrusion
Prevention System |
8.0.0 Update 10
Extension: 8.0.0.1169
Client: 8.0.0.4480 |
8.0.0 Update 12
Extension: 8.0.0.1193
Client: 8.0.0.4789
|
- |
Data Loss Prevention
Endpoint (DLP Endpoint)1 |
Extension: 11.0.200.21
Client: 11.0.200.100 |
- |
KB89301 |
| Drive Encryption |
7.2.1.16 |
Extension: 7.2.7.8
Client: 7.2.7.8 |
KB84502 |
Application and
Change Control (ACC)2 |
Extension: 8.0.0.231
Client: 8.0.0.875 |
- |
KB87839
KB87838 |
| 1 |
DLP Endpoint isn't supported on Windows Server 2019. |
| 2 |
ACC isn't supported on Windows Server 2019. |
| 3 |
The product version has reached its End of Life date.
- EOL period—The time frame that runs from the day we announce product discontinuation, until the last date that we formally support the product. In general, after the EOL period is announced, no enhancements are made.
- EOL date—The last day that the product is supported, according to the terms of our standard support offering.
|
Installation Process
This section outlines the recommended order of operation:
NOTES:
- Check in all extensions to ePO before upgrading the products.
- Green boxes indicate server systems.
- Dark blue boxes indicate when a product upgrade is recommended.
- Light blue boxes indicate a new product deployment.
- Boxes outlined in red indicate that a system reboot is needed to enable that product.
