Upgrading Deep Security to
Trend Vision One Endpoint Security - Server & Workload Protection is a multi-step
process.
You may want to use the same policies in Trend Vision One Endpoint Security - Server
&
Workload Protection as you used in Deep Security. You can manually recreate the policies
in
Trend Vision One Endpoint Security - Server & Workload Protection, automate the policy
migration using the migration tool, or use one of the other available methods for migrating policies.
Prerequisites
-
Ensure that you are running Deep Security Manager 20.0.513 (20 LTS Update 2021-10-14) or later.
-
Update to and apply the latest Deep Security Rule Updates (DSRU). In Deep Security Manager, go to Administration > Updates > Security > Rules.If your migration results in error 303, you likely did not update the DSRU
-
If you have not done so already, complete the earlier steps in Upgrade Deep Security to Trend Vision One Endpoint Security - Server & Workload Protection including configuring Trend Vision One Endpoint Security - Server & Workload Protection, creating a Trend Cloud One account, creating an API key, and preparing a link to Trend Vision One Endpoint Security - Server & Workload Protection.
Limitations
-
Policies containing SAP Scanner module configurations can be migrated or imported, but those settings are not visible unless your Trend Vision One Endpoint Security - Server & Workload Protection account is also licensed for the SAP Scanner.
-
Policies containing VMware agentless configurations are not supported in Trend Vision One Endpoint Security - Server & Workload Protection.
-
Application Control settings are not migrated.
-
Network-dependent objects and settings (proxy settings, syslog configurations, and so on) may not be migrated.
-
Only common objects referenced by the policy are migrated. If a common object being migrated has the same name as an existing common object in Trend Vision One Endpoint Security - Server & Workload Protection, the existing object is overwritten by the migrated object.
For information on migrating common objects, see Migrate common objects to Trend Vision One Endpoint Security - Server & Workload
Protection..
Migrate policies using the migration tool
-
In the Deep Security Manager console, select Support > Upgrade to Trend Vision One Endpoint Security.
-
When the Upgrade to Trend Vision One Endpoint Security dialog opens with the Configurations tab selected, click Migrate Policy to expand that section.If a Link to Trend Vision One Endpoint Security Account dialog appears first, see Prepare a link to Trend Vision One Endpoint Security - Server & Workload Protection for information on how to configure the link.
-
Click Migrate. The migration tool targets all policies on Deep Security Manager.The migration tool displays a status.Check the status in Trend Vision One Endpoint Security - Server & Workload Protection by going to Policies. Any migrated policies appear in the list, showing a timestamp and the Deep Security Manager hostname.The following are the possible statuses:
-
Migration requested: A policy migration task to Trend Vision One Endpoint Security - Server & Workload Protection has been requested but the policy migration has not started yet.
-
Migrating: Policies are being migrated to Trend Vision One Endpoint Security - Server & Workload Protection. If the status is stuck in Migrating, it means the Deep Security Manager cannot get the response from Trend Vision One Endpoint Security - Server & Workload Protection. Check the network configuration.
-
Migrated: Policies have been migrated successfully to Trend Vision One Endpoint Security - Server & Workload Protection.
-
Failed: Policies have failed to migrate to Trend Vision One Endpoint Security - Server & Workload Protection for some reason. Check the error code:
-
Error code 303: The policies being migrated reference one or more rules that are not available on Trend Vision One Endpoint Security - Server & Workload Protection. Ensure that Deep Security Manager and Trend Vision One Endpoint Security - Server & Workload Protection are using the same Rule Update version.
-
Other error codes less than 900: There is a failure from Trend Vision One Endpoint Security - Server & Workload Protection. Contact Trend Micro support.
-
Error codes greater than or equal to 900: Deep Security Manager has a problem communicating with Trend Vision One Endpoint Security - Server & Workload Protection. Ensure that the Trend Vision One Endpoint Security - Server & Workload Protection Link is correctly configured, or check
server0.log
for details.
-
-
Other methods for migrating policies
In addition to using the migration tool, you can use the following method for migrating
policies to Trend Vision One Endpoint Security - Server & Workload Protection:
-
Migrate policies directly using the Deep Security policy migration API and Trend Vision One Endpoint Security - Server & Workload Protection Link available in Deep Security Manager 20.0.463 (20 LTS Update 2021-07-22) and later. For instructions, see Migrate using the Deep Security and Trend Vision One Endpoint Security - Server & Workload Protection APIs.