Moves your existing on-prem Deep Security deployment to CloudOne Workload Security.
Automatically.
TABLE OF CONTENTS
Use the package manager pip to install dsmigrator.
-
Run
pip install dsmigrator
on a machine with access to your DSM. -
Run
dsmg -k
and fill out the credential prompts.
Here's the current feature map of what the tool can migrate:
- Policies
- Policy settings
- Anti-Malware Scan Configurations
- IPS, LI, and IM custom rules
- Firewall rules
- Schedules
- Contexts
- IP lists
- MAC lists
- Port lists
- [BETA] Tasks (still quite buggy)
- [BETA] Computer Groups
- Application Control (everything)
- Self-signed certificate support for authenticated requests
- Cannot migrate customized IM/LI/IP rules. Another tool will be incoming to help aid a manual process in identifying each rule that has been customized, but they will never migrate automatically due to an API limitation
- Won't migrate cloud accounts. Must be reconfigured/reauthenticated in Cloud One
- Doesn't migrate DSM settings, make sure to check these manually.
- Application Control support is not on the roadmap currently. Please open an issue if this is
Usage: dsmg [OPTIONS]
Moves your on-prem DS deployment to the cloud!
Options:
-ou, --original-url TEXT A resolvable FQDN for the old DSM, with port
number (e.g. https://192.168.1.1:4119/)
-oa, --original-api-key TEXT API key for the old DSM with Full Access
permissions
-nu, --new-url TEXT Destination url [default:
https://cloudone.trendmicro.com/]
-coa, --cloud-one-api-key TEXT API key for Cloud One Workload Security with
Full Access permissions
-d, --delete-policies / --keep-policies
Wipes existing policies in Cloud One (not
required, but will give best results)
-t, --tasks (BETA) Enable the task migrator (may be
buggy)
-k, --insecure Suppress the InsecureRequestWarning for
self-signed certificates
-f, --filter TEXT A list of policy names in form '[name, name,
...]' which are the only ones which will be
transferred.
--help Show this message and exit.
You can optionally use the following environment variables to pass in your credentials:
ORIGINAL_API_KEY
ORIGINAL_URL
CLOUD_ONE_API_KEY
- Python3 (only tested on Python 3.7 or greater so far, so your mileage may vary)
- One api key for your old Deep Security Manager with "Full Access" permissions
- One api key for your Cloud One account with "Full Access" permissions
- A resolvable FQDN to your old Deep Security Manager
NOTE: DS Migrator currently only supports migrations from Deep Security 20 and 12.
- Run ./dev-setup.sh, which will download nix and nix flakes.
- Run
nix develop
which will download and build dependencies, and drop you in a shell.
For support, please open an issue on Github.
GNU General Public License