1. Overview

In our next release (code-named Galileo), we will substantially increase the number of Defenders that can simultaneously connect to Console. Starting in Galileo, each instance of Console will be able to support 10K Defenders. With this new capability, we will deprecate scale projects in Galileo.

Scale projects give security teams full control over policies for all application teams. If you’re currently using scale projects, we will offer the following migration paths when upgrading to Galileo.

2. Migration paths

If you’re using scale projects, there are two ways you can migrate to a supported configuration.

1. Convert existing scale projects to tenant projects --

When upgrading to Galileo, all the existing scale projects will automatically be converted into tenant projects. Scale project policy rules will be converted to tenant project policy rules. From that point, any changes to the tenant project policies will only apply to the project itself, without any sync from the Central Console.

If you choose this migration option, reevaluate the roles assigned to your users. After upgrading, users with the Admin, Operator, or Vulnerability Manager roles on the converted projects (now tenant projects) will have the ability to edit policy rules, so you might need to lower their privileges.

2. Unify the scale projects into the Central Console --

Before upgrading to Galileo, redeploy all scale project Defenders to connect directly to Central Console. Use collections and RBAC to control which resources can be viewed and managed by different users (see example below).

If you have more than 10K Defenders, consider deploying more than one tenant project. To share policies between tenants, develop an automated process on top of the API to push policies from one Console to the other.

3. Using collections

Examples of how to use collections in your migration.

Create a collection for a specific cluster:

create collections

Assign the collection to a user:

assign collections to user

Collections can also be used when defining policies:

use collections in rules