1. Overview

Starting in 20.12, Console has substantially increased the number of simultaneous Defenders it can support. Each instance of Console can support 10K Defenders. With this new capability, scale projects have been deprecated.

Scale projects gave security teams full control over policies for all application teams. If you’re currently using scale projects, we offer the following migration paths when upgrading to 20.12

2. Migration paths

If you’re using scale projects, there are two ways you can migrate to a supported configuration.

1. Convert existing scale projects to tenant projects --

When upgrading to 20.12, all existing scale projects will automatically be converted into tenant projects. Scale project policy rules will be converted to tenant project policy rules. From that point, any changes to the tenant project policies will only apply to the project itself, without any sync with Central Console.

If you choose this migration option, reevaluate the roles assigned to your users. After upgrading, users with the Admin, Operator, or Vulnerability Manager roles on the converted projects (now tenant projects) will have the ability to edit policy rules, so you might need to lower their privileges.

2. Unify the scale projects into Central Console --

Before upgrading to 20.12, redeploy all scale project Defenders and connect them directly to Central Console. Use collections and RBAC to control which resources can be viewed and managed by different users (see example below).

If you have more than 10K Defenders, consider deploying more than one tenant project. To share policies between tenants, develop an automated process on top of the API to push policies from one Console to the other.

3. Using collections

Examples of how to use collections in your migration.

Create a collection for a specific cluster:

create collections

Assign the collection to a user:

assign collections to user

Collections can also be used when defining policies:

use collections in rules