Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Migrating On-premise OfficeScan XG SP1 or higher to Apex One as a Service

    • Updated:
    • 4 Jun 2019
    • Product/Version:
    • Apex One as a Service All.All
    • OfficeScan XG.All
    • Platform:
    • Windows 2012
    • Windows 2016
Summary

This article illustrates the On-Premise OfficeScan (XG SP1 or higher) to Apex One as a Service migration procedures.

Details
Public
 
If Control Manager policies are currently being used to manage multiple OfficeScan servers, you can also export policies from the Control Manager console and import directly to Apex One as a Service.

On your On-Premise OfficeScan server:

  1. Make sure that the OfficeScan XG server is running on Service Pack 1 (SP1) Build 4345 or higher.
  2. Navigate to the Apex One as a Service console > Administration > Managed Servers > Server Registration > Apex One > Click the URL to SSO to Apex One > Administration > Settings > Server Migration.
  3. Download the Apex One Settings Export Tool.

    Server Migration

  4. Extract the resulting .zip file on the server to an easy-to-find path (e.g. C:\temp\PolicyExportTool).
  5. Open a command line prompt and point to the PolicyExportTool directory.
  6. Run the tool as Admin on the OfficeScan server computer.

    Server Migration tool

    The tool generates three (3) files:

    • Server_Settings_Migration.zip. This contains the Global Settings. Importing more than one of these will overwrite the previous settings. It is recommended to only import this from a single server.
    • ApexOne_Agent_Policies.zip. This contains the policies generated from the settings configured on the OfficeScan Server. This can be imported from multiple On-Premise OfficeScan servers, and each will create the new corresponding policies.
    • ApexOne_Agent_DLP_Policies.zip. This contains the policies generated from the DLP settings configured on the OfficeScan Server. This can imported from multiple On-Premise OfficeScan servers, and each will create the new corresponding policies.

    Run the tool

On Apex One as a Service:

  1. Log in to Apex One as a Service.
  2. Import agent settings policy:
    1. Go to Policies > Policy Management.
    2. To import agent policies, choose Apex One Agent as the product and click the Import button, then choose the ApexOne_Agent_Policies.zip (or whatever you've renamed it to) and click Open.

      New corresponding policies will be generated and displayed. These will default to targets of None, so they will not apply to any agents until an administrator has reviewed the policy and configured the desired targets. The policy names will follow the format of CLN_ServerName_DomainName (where ServerName and DomainName are replaced by their values from the source OfficeScan Server).

    3. Repeat this process for policies from any additional On-Premise servers you wish to import.

      Repeat the process for other on-premise servers

  3. Import Agent DLP Policy (if desired):
    1. Go to Policies > Policy Management.
    2. To import agent policies, choose OfficeScan Data Loss Prevention as the product and click the Import button, then choose the ApexOne_Agent_DLP_Policies.zip (or whatever you've renamed it to) and click Open.

      New corresponding policies will be generated and displayed. These will default to targets of None, so they will not apply to any agents until an administrator has reviewed the policy and configured the desired targets. The policy names will follow the format of DLP_ServerName_DomainName (where ServerName and DomainName are replaced by their values from the source OfficeScan Server).

    3. Repeat this process for policies from any additional On-Premise servers you wish to import.

      Repeat the process for policies

  4. Import OfficeScan server settings:
     
    This process only allows for importing the settings of a single OfficeScan Server. Importing multiple will overwrite the previous settings.
    1. Go to Administration > Managed Servers.

      Managed Servers

    2. Click the link to open the Apex One console.
    3. Go to Administration > Settings > Server Migration in the console.

      Server Migration settings

    4. Click the Import Settings button to import Server_Settings_Migration.zip.

      Import settings

      Confirm to import

 
Before moving On-Premise OfficeScan agents to Apex One as a Service, you have to make sure agents are communicating with server in HTTPS. If it was previously configured to HTTP (e.g. adopt ASE=0 or so in this KB article), revert it to HTTPS. Otherwise, migration may fail.

To move agents from On-Premise OfficeScan server to Apex One as a Service:

  1. Log into Apex One as a Service.
  2. Click Administration.
  3. Click Managed Servers.
  4. Click Server Registration.
  5. Verify that the Server Type is Apex One. You will see the server name listed there.

    Check the Server Type

  6. Go to Agents > Agent Management on the On-Premise OfficeScan Server.
  7. Select agents from the list.
  8. Click Manage Agent Tree > Move Agent.

    Manage Agent Tree and move agent

  9. Select Move selected agent(s) to another OfficeScan server.
  10. Enter the Server URL that was copied from Apex One as a Service. Use SSL Port 443 and HTTP port 80.

    Enter the server URL

  11. Click the Move button.
 
  • To ensure that the agents can be successfully moved to Apex One as a Service, make sure that the agents can connect to the Internet.
  • Agent proxy can also be configured to "Use Windows Proxy settings" in Administration > Settings > Proxy then apply the new proxy settings to agents, if the endpoint computers can access the Internet.
  • Make sure firewalls are configured to allow for communication with the Apex One as a Service servers: Whitelisting Apex One as a Service DNS Name and IPs.
Premium
Internal
Rating:
Category:
Migrate
Solution Id:
1118375
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.