Migrate policies to Trend Vision One Endpoint Security - Server & Workload Protection

Views:

Upgrading Deep Security to Trend Vision One Endpoint Security - Server & Workload Protection is a multi-step process.

You may want to use the same policies in Trend Vision One Endpoint Security - Server & Workload Protection as you used in Deep Security. You can manually recreate the policies in Trend Vision One Endpoint Security - Server & Workload Protection, automate the policy migration using the migration tool, or use one of the other available methods for migrating policies.

Prerequisites

Ensure that you are running Deep Security Manager 20.0.513 (20 LTS Update 2021-10-14) or later.
Update to and apply the latest Deep Security Rule Updates (DSRU). In Deep Security Manager, go to Administration > Updates > Security > Rules.

If your migration results in error 303, you likely did not update the DSRU
If you have not done so already, complete the earlier steps in Upgrade Deep Security to Trend Vision One Endpoint Security - Server & Workload Protection including configuring Trend Vision One Endpoint Security - Server & Workload Protection, creating a Trend Cloud One account, creating an API key, and preparing a link to Trend Vision One Endpoint Security - Server & Workload Protection.

Limitations

Policies containing SAP Scanner module configurations can be migrated or imported, but those settings are not visible unless your Trend Vision One Endpoint Security - Server & Workload Protection account is also licensed for the SAP Scanner.
Policies containing VMware agentless configurations are not supported in Trend Vision One Endpoint Security - Server & Workload Protection.
Application Control settings are not migrated.
Network-dependent objects and settings (proxy settings, syslog configurations, and so on) may not be migrated.
Only common objects referenced by the policy are migrated. If a common object being migrated has the same name as an existing common object in Trend Vision One Endpoint Security - Server & Workload Protection, the existing object is overwritten by the migrated object.

For information on migrating common objects, see Migrate common objects to Trend Vision One Endpoint Security - Server & Workload Protection..

Migrate policies using the migration tool

In the Deep Security Manager console, select Support > Upgrade to Trend Vision One Endpoint Security.
When the Upgrade to Trend Vision One Endpoint Security dialog opens with the Configurations tab selected, click Migrate Policy to expand that section.

If a Link to Trend Vision One Endpoint Security Account dialog appears first, see Prepare a link to Trend Vision One Endpoint Security - Server & Workload Protection for information on how to configure the link.
Click Migrate. The migration tool targets all policies on Deep Security Manager.

The migration tool displays a status.

Check the status in Trend Vision One Endpoint Security - Server & Workload Protection by going to Policies. Any migrated policies appear in the list, showing a timestamp and the Deep Security Manager hostname.

The following are the possible statuses:
- Migration requested: A policy migration task to Trend Vision One Endpoint Security - Server & Workload Protection has been requested but the policy migration has not started yet.
- Migrating: Policies are being migrated to Trend Vision One Endpoint Security - Server & Workload Protection. If the status is stuck in Migrating, it means the Deep Security Manager cannot get the response from Trend Vision One Endpoint Security - Server & Workload Protection. Check the network configuration.
- Migrated: Policies have been migrated successfully to Trend Vision One Endpoint Security - Server & Workload Protection.
- Failed: Policies have failed to migrate to Trend Vision One Endpoint Security - Server & Workload Protection for some reason. Check the error code:
  - Error code 303: The policies being migrated reference one or more rules that are not available on Trend Vision One Endpoint Security - Server & Workload Protection. Ensure that Deep Security Manager and Trend Vision One Endpoint Security - Server & Workload Protection are using the same Rule Update version.
  - Other error codes less than 900: There is a failure from Trend Vision One Endpoint Security - Server & Workload Protection. Contact Trend Micro support.
  - Error codes greater than or equal to 900: Deep Security Manager has a problem communicating with Trend Vision One Endpoint Security - Server & Workload Protection. Ensure that the Trend Vision One Endpoint Security - Server & Workload Protection Link is correctly configured, or check server0.log for details.

Next, migrate your common objects to Trend Vision One Endpoint Security - Server & Workload Protection.

Other methods for migrating policies

In addition to using the migration tool, you can use the following method for migrating policies to Trend Vision One Endpoint Security - Server & Workload Protection:

Migrate policies directly using the Deep Security policy migration API and Trend Vision One Endpoint Security - Server & Workload Protection Link available in Deep Security Manager 20.0.463 (20 LTS Update 2021-07-22) and later. For instructions, see Migrate using the Deep Security and Trend Vision One Endpoint Security - Server & Workload Protection APIs.