Migration to ESET PROTECT CLOUD 3.0 from ESET PROTECT 9.0 On Prem

[Trooper 65]

I have a few questions based upon the subject line.

I am in the process of migrating our on prem endpoints to the cloud.  I was following this guide. https://help.eset.com/protect_cloud/en-US/cloud_migration.html however, I have a few questions.

It states here that you need to reactivate endpoints once they have been moved over to the cloud.  I have not seen any of the endpoints showing up in red asking to be activated.  Is this still relevant, or do I not need to do this?

What I have noticed, and not on each endpoint, is that a handful of endpoints on my on prem server, showing up in red stating that the peer cert is invalid.  Is there a correlation between the two?

I also moved over my policies and had them running lean and mean.  Now that things are being moved over, I had to add them back to my groups which I have synced from our AD using the ActiveDirectoryScanner tool.  The problem is now, there are newly added policies which looks like they are being applied to the Windows (desktops) and Windows (servers) groups. and therefore now being applied to my synced AD OU's.  Do I need to keep these polices as they are something additional for the CLOUD instance, or do you think it is safe to remove and/or combine them into my existing polices and remove the other ones?

Trying to do the right thing here as the CLOUD for ESET is brand new to me.

If additional information is required, please let me know.

Thanks!

[MichalJ 434]

Hello @Trooper

• In case you have "upgraded" your previous license to be a "cloud eligible", you do not have to reactivate your endpoints. They should keep working, with the license just changing on them transparently. 

For other questions, I believe that @MartinK and @Marcos will be able to help you. 

 

[MartinK 378]

On 12/15/2021 at 5:32 PM, Trooper said:

It states here that you need to reactivate endpoints once they have been moved over to the cloud.  I have not seen any of the endpoints showing up in red asking to be activated.  Is this still relevant, or do I not need to do this?

Seems it is not clearly communicated, but it is most probably there just to be sure that you are using license used for activation of cloud instance, and not some other license as that would probably violate terms of use. But in case your original license was converted to cloud, there is no need to do so.

 

On 12/15/2021 at 5:32 PM, Trooper said:

What I have noticed, and not on each endpoint, is that a handful of endpoints on my on prem server, showing up in red stating that the peer cert is invalid.  Is there a correlation between the two?

In this case I have suspicion that something might have gone wrong - migration policy you downloaded from cloud instance actually reconfigures AGENTs to use new certificate (tied to your) and start connecting to new server. But it is possible that when this reconfiguration happened, AGENT was able to very was evaluate new certificate and send this information to original servers -> I would say this won't cause any issues, but please double check that those devices are actually actively connecting to cloud instance, i.e. verify there were migrated properly. Also once those AGENTs connected for the first time to cloud instance, they should receive CA certificate used for verification of certificate - this certificate was missing previously and that is why certificate was appearing as untrusted.

 

On 12/15/2021 at 5:32 PM, Trooper said:

I also moved over my policies and had them running lean and mean.  Now that things are being moved over, I had to add them back to my groups which I have synced from our AD using the ActiveDirectoryScanner tool.  The problem is now, there are newly added policies which looks like they are being applied to the Windows (desktops) and Windows (servers) groups. and therefore now being applied to my synced AD OU's.  Do I need to keep these polices as they are something additional for the CLOUD instance, or do you think it is safe to remove and/or combine them into my existing polices and remove the other ones?

Unfortunately from this description I am not sure what you mean. But regardless of that,  cloud policies that are present from initial state = defeulat pre-generated policies are mostly not assigned to any groups, and also they are almost identical to those created in on-premise servers. You should be able to modify most of them (except those marked as locked), but my recommendation is to not modify those policies, and rather unassigned them and use your own if changes are required. This would let us to patch those policies later, if there will be such need - for example recommended configuration might change with new version of products.

[Trooper 65]

Thanks to all for your replies.  I did end up removing some polices however @MartinKsimply to consolidate the amount of polices issued to endpoints, and there was overlap.  Cheers!