Migrate policies to Trend Vision One Endpoint Security - Server & Workload Protection
Upgrade to Trend Vision One Endpoint Security - Server & Workload Protection is a multi-step process.
You may want to use the same policies in Trend Vision One Endpoint Security - Server & Workload Protection as you used in Deep Security. You can manually recreate the policies in Trend Vision One Endpoint Security - Server & Workload Protection, automate the policy migration using the migration tool, or use one of the other available methods for migrating policies.
Prerequisites
- Ensure that you are running Deep Security Manager 20.0.513 (20 LTS Update 2021-10-14) or later.
-
Update to and apply the latest Deep Security Rule Updates (DSRU). In Deep Security Manager, go to Administration > Updates > Security > Rules.
If your migration results in error 303, you likely did not update the DSRU
- If you have not done so already, complete the earlier steps in Upgrade to Trend Vision One Endpoint Security - Server & Workload Protection including configuring Trend Vision One Endpoint Security - Server & Workload Protection, creating a Trend Cloud One account, creating an API key, and preparing a link to Trend Vision One Endpoint Security - Server & Workload Protection.
Limitations
- Policies containing SAP Scanner module configurations can be migrated or imported, but those settings are not visible unless your Trend Vision One Endpoint Security - Server & Workload Protection account is also licensed for the SAP Scanner.
- Policies containing VMware agentless configurations are not supported in Trend Vision One Endpoint Security - Server & Workload Protection.
- Application Control settings are not migrated.
- Network-dependent objects and settings (proxy settings, syslog configurations, and so on) may not be migrated.
- Only common objects referenced by the policy are migrated. If a common object being migrated has the same name as an existing common object in Trend Vision One Endpoint Security - Server & Workload Protection, the existing object is overwritten by the migrated object.
For information on migrating common objects, see Migrate common objects to Trend Vision One Endpoint Security - Server & Workload Protection..
Migrate policies using the migration tool
- In the Deep Security Manager console, select Support > Upgrade to Trend Vision One Endpoint Security.
- When the Upgrade to Trend Vision One Endpoint Security dialog opens with the Configurations tab selected, click Migrate Policy to expand that section.
If a Link to Trend Vision One Endpoint Security Account dialog appears first, see Prepare a link to Trend Vision One Endpoint Security - Server & Workload Protection for information on how to configure the link.
- Click Migrate. The migration tool targets all policies on Deep Security Manager.
- Migration requested: A policy migration task to Trend Vision One Endpoint Security - Server & Workload Protection has been requested but the policy migration has not started yet.
- Migrating: Policies are being migrated to Trend Vision One Endpoint Security - Server & Workload Protection. If the status is stuck in Migrating, it means the Deep Security Manager cannot get the response from Trend Vision One Endpoint Security - Server & Workload Protection. Check the network configuration.
- Migrated: Policies have been migrated successfully to Trend Vision One Endpoint Security - Server & Workload Protection.
- Failed: Policies have failed to migrate to Trend Vision One Endpoint Security - Server & Workload Protection for some reason. Check the error code:
- Error code 303: The policies being migrated reference one or more rules that are not available on Trend Vision One Endpoint Security - Server & Workload Protection. Ensure that Deep Security Manager and Trend Vision One Endpoint Security - Server & Workload Protection are using the same Rule Update version.
- Other error codes less than 900: There is a failure from Trend Vision One Endpoint Security - Server & Workload Protection. Contact Trend Micro support.
- Error codes greater than or equal to 900: Deep Security Manager has a problem communicating with Trend Vision One Endpoint Security - Server & Workload Protection. Ensure that the Trend Vision One Endpoint Security - Server & Workload Protection Link is correctly configured, or check server0.log for details.
The migration tool displays a status.
Check the status in Trend Vision One Endpoint Security - Server & Workload Protection by going to Policies. Any migrated policies appear in the list, showing a timestamp and the Deep Security Manager hostname.
The following are the possible statuses:
Next, migrate your common objects to Trend Vision One Endpoint Security - Server & Workload Protection.
Other methods for migrating policies
In addition to using the migration tool, you can use the following method for migrating policies to Trend Vision One Endpoint Security - Server & Workload Protection:
- Migrate policies directly using the Deep Security policy migration API and Trend Vision One Endpoint Security - Server & Workload Protection Link available in Deep Security Manager 20.0.463 (20 LTS Update 2021-07-22) and later. For instructions, see Upgrade using the Deep Security and Trend Vision One Endpoint Security - Server & Workload Protection APIs.