Migration with a hierarchy of Administration Servers

Expand all | Collapse all

This section describes the migration of managed devices and related objects from Kaspersky Security Center Web Console running on-premises to Kaspersky Security Center Cloud Console. The process involves a hierarchy: Kaspersky Security Center Web Console running on-premises acts as the secondary Administration Server and Kaspersky Security Center Cloud Console acts as the primary Administration Server.

Every administration group that you transfer to Kaspersky Security Center Cloud Console must contain the managed devices of a single operating system. If your network includes the devices of different operating systems, allocate them in different administration groups, and then migrate each group separately.

After you finish the migration, all Network Agents in the group within the migration scope are upgraded and managed through Kaspersky Security Center Cloud Console.

Before you start, do the following:

Kaspersky Security Center Cloud Console allows for a maximum of 25,000 managed devices per one Administration Server.

To perform a migration to Kaspersky Security Center Cloud Console:

  1. Estimate the scope of the migration process, that is, review the administration group to export and assess the number of managed devices in it. Make sure that all the activities listed as migration prerequisites have been completed successfully.
  2. In Kaspersky Security Center Cloud Console, proceed to the secondary Administration Server for the managed devices that you want to migrate.
  3. In the main menu, go to OperationsMigration. The welcome page of the Migration wizard opens.
  4. On the welcome page, click Next. The Select administration group to export (all subgroups will also be exported) page opens, displaying the entire hierarchy of administration groups of the secondary Administration Server.
  5. On the Select administration group to export (all subgroups will also be exported) page, click the chevron icon (RightArrow_Expand) next to the Managed devices group name, and then expand the hierarchy of administration groups. Select the administration group that you want to export.

    The Migration wizard checks the total number of managed devices included in the selected administration group. If this number exceeds 10,000, an error message appears. The Next button remains unavailable (dimmed) until the number of managed devices in the selected administration group falls within the limit.

  6. Select the managed applications whose policies and tasks must be transferred to Kaspersky Security Center Cloud Console together with group objects. To select the managed applications whose objects are to be exported, select the check boxes next to their names in the list.

    Although Kaspersky Security Center Administration Server is present on the list, selecting the corresponding check box does not result in the export of its policies.

    To make sure that your managed applications are supported by Kaspersky Security Center Cloud Console, click the corresponding link. It will redirect you to the Online Help topic containing the list of applications managed by Kaspersky Security Center Cloud Console.

    If you select applications that are not supported by Kaspersky Security Center Cloud Console, the policies and tasks of these applications will be migrated anyway, but you will not be able to manage them in Kaspersky Security Center Cloud Console, due to the unavailability of the dedicated plug-ins.

  7. View the list of group objects exported by default. You can also specify non-group objects to be exported together with the selected administration group, if necessary, such as global tasks, custom device selections, reports, custom roles, internal users and security groups, and custom application categories with content added manually. This page includes the following sections:
    • Global tasks
    • Device selections
    • Reports
    • Group objects

    If you transfer devices of various operating systems to Kaspersky Security Center Cloud Console, non-group objects only need to be migrated once.

  8. After you defined the migration scope, click Next to start the export process. The Creating the export file page opens, where you can view the export progress for each type of object that you included in the migration scope. Wait until each refresh icon (refresh_list_hosted), located next to each item in the list of objects, is replaced with a green check mark (green_check_hosted). The export finishes and the export file is automatically saved to a temporary folder. The next page opens, displaying the entire hierarchy of administration groups in Kaspersky Security Center Cloud Console, which acts as the primary Administration Server.
  9. Select the check box next to the administration group to which the group objects must be imported, and then click Next. The file is unpacked, and the non-group objects and the group objects are restored to the target administration group.

    If the name of the object that you restore is identical to the name of an existing object, the restored object has an incremental suffix added.

    When the import completes, the exported structure of administration groups, including the details of devices, appears under the target administration group that you selected. The non-group objects are also imported.

    You cannot minimize the Migration wizard and perform any concurrent operations during the import. Wait until each refresh icon (refresh_list_hosted), located next to each item in the list of objects, is replaced with a green check mark (green_check_hosted) and the import finishes. After this, the devices start switching to Kaspersky Security Center Cloud Console.

  10. After the import completes, the Migration wizard displays a list of Network Agent installation packages available in Kaspersky Security Center Cloud Console for an appropriate operating system. Select the installation package containing the relevant version and localization of Network Agent.

    Select the Kaspersky Network Agent for Windows installation package only if you have previously completed the quick start wizard in your Kaspersky Security Center Cloud Console workspace and if you perform the migration of Windows devices.

  11. Click Next.

    The Migration wizard creates a new stand-alone installation package (or uses an existing one) and a custom installation package based on it, as well as the corresponding remote installation task. The task scope includes the administration group that you selected on the Select administration group to export (all subgroups will also be exported) page. The task startup schedule is set to Manually by default. The Migration wizard displays the creation progress.

  12. Wait until each refresh icon (refresh_list_hosted) is replaced with a green check mark (green_check_hosted), and then click Next.
  13. If necessary, select the Run newly created remote installation task check box (cleared by default) for the devices in the selected administration group in Kaspersky Security Center Web Console running on-premises and all of its subgroups. After the Network Agent installation completes, you can manage the selected devices through Kaspersky Security Center Cloud Console. The full path is displayed to the administration group in which the task is to be run.

    The remote installation task must only be started after the import to Kaspersky Security Center Cloud Console finishes. Otherwise, the devices may be duplicated.

  14. Click Finish to close the Migration wizard and start the remote installation task for the following purposes:
    • Upgrading the Network Agent instances
    • Managing the Network Agent instances through Kaspersky Security Center Cloud Console

    If you have left the Run remote installation task check box cleared, you can start the task later manually, if necessary.

You can check that you can now manage the migrated Network Agent instances through Kaspersky Security Center Cloud Console. To do this, go to DevicesManaged devices. Make sure that migrated managed devices have the confirmation icon () in the Visible, Network Agent is installed, and Network Agent is running columns. Also, make sure that these devices do not have the Not connected for a long time status description.

See also:

Scenario: Migration without a hierarchy of Administration Servers

Page top