Scenario: Migration without a hierarchy of Administration Servers
Oct 23, 2023
This section describes the migration of the managed devices and related objects (such as policies, tasks, reports) from Kaspersky Security Center Web Console running on-premises to Kaspersky Security Center Cloud Console. You can include a single administration group in the migration scope to restore the same administration group in Kaspersky Security Center Cloud Console.
This group must contain the managed devices of a single operating system. If your network includes the devices of different operating systems or Linux distributives, allocate them in different administration groups, and then migrate each group separately.
After you finish the migration, all Network Agents within the migration scope are upgraded and managed by Kaspersky Security Center Cloud Console.
The steps listed in this section cover the migration process performed when no hierarchy of Administration Servers exists, that is, no connection has been established between Kaspersky Security Center Cloud Console and Kaspersky Security Center Web Console running on-premises.
Before you start, do the following:
- Upgrade Administration Server running on-premises to the following version:
- For Windows devices—version 12 or later
- For Linux devices—version 12 Patch A or later
- Install Kaspersky Security Center Web Console version 12.1 or later.
- Upgrade Network Agent on the managed devices to version 12 or later.
- On Windows devices, use Network Agent without an uninstallation password.
If the password has already been set, do one of the following in Kaspersky Security Center Web Console:
- Disable the Use uninstallation password option in the Network Agent policy settings.
- Uninstall Network Agent remotely by using the Uninstall application remotely task. In the Application to uninstall field of the task, select Kaspersky Security Center Network Agent. Do not forget to enter the uninstallation password.
- Upgrade the managed applications to the versions supported by Kaspersky Security Center Cloud Console.
- Make sure that you have policies for the latest versions of the managed applications. If you use outdated policies, create new ones for the application versions supported by Kaspersky Security Center Cloud Console.
- To use actual policies, upgrade the web plug-ins for the applications that you intend to manage through Kaspersky Security Center Cloud Console.
- Uninstall Kaspersky applications from managed devices if these applications are not supported by Kaspersky Security Center Cloud Console, and then replace the uninstalled applications with supported ones.
- Decrypt all the data (disk-level or file-level) that was encrypted by Kaspersky Endpoint Security for Windows on managed devices running the Windows operating system, and disable the encryption feature on the managed devices through the application policy or locally. For more information, see Help for Kaspersky Endpoint Security for Windows.
If the Windows device still stores any files or folders encrypted through Kaspersky Endpoint Security for Windows, the Network Agent upgrade will be canceled during the migration process. A notification will prompt you to decrypt all data on the device and disable the encryption feature.
Kaspersky Security Center Cloud Console allows for a maximum of 25,000 managed devices per one Administration Server.
Migration to Kaspersky Security Center Cloud Console comprises the following stages:
- Planning the migration scope and checking the prerequisites
Estimate the scope of the migration process, that is, review the administration group to export and assess the number of managed devices in it. Also, make sure that all the activities listed as migration prerequisites have been completed successfully.
- Exporting managed devices, objects, and settings from Kaspersky Security Center Web Console
Use the Migration wizard of Kaspersky Security Center Web Console running on-premises to export your managed devices together with their objects.
The maximum export file size is 4 GB.
- Importing the export file to Kaspersky Security Center Cloud Console
Transfer the information about your managed devices and objects to Kaspersky Security Center Cloud Console. For this purpose, use the Migration wizard of Kaspersky Security Center Cloud Console to import the export file and create a Network Agent stand-alone installation package.
- Re-installing Network Agent on managed devices
Go back to the Migration wizard in Kaspersky Security Center Web Console running on-premises to create a remote installation task. You will be able to use this task (immediately or later) to re-install Network Agent on your managed devices and complete the migration process.
Upon finishing with the migration, you can make sure that it was successful:
- Network Agent is re-installed on all managed devices.
- All devices are managed through Kaspersky Security Center Cloud Console.
- All object settings that were effective before migration are preserved.