Migration paths
If you’re using scale projects, there are two ways you can migrate to a supported configuration.
1. Convert existing scale projects to tenant projects --
When upgrading to 20.12, all existing scale projects will automatically be converted into tenant projects.
Scale project policy rules will be converted to tenant project policy rules.
From that point, any changes to the tenant project policies will only apply to the project itself, without any sync with Central Console.
If you choose this migration option, reevaluate the roles assigned to your users.
After upgrading, users with the Admin, Operator, or Vulnerability Manager roles on the converted projects (now tenant projects) will have the ability to edit policy rules, so you might need to lower their privileges.
2. Unify the scale projects into Central Console --
Before upgrading to 20.12, redeploy all scale project Defenders and connect them directly to Central Console.
Use collections and RBAC to control which resources can be viewed and managed by different users (see example below).
If you have more than 10K Defenders, consider deploying more than one tenant project.
To share policies between tenants, develop an automated process on top of the API to push policies from one Console to the other.