Before EUEM there was Truesight. There is a way to migrate over to EUEM with your original configuration from the legacy system. This process can also be done to copy configuration from one device to another. It is also possible to migrate the summary data over from one system to another but you will need to work with EUEM support to achieve this.
Step 1: Download configuration files
To download the configuration from a legacy system:
Navigate to the Administration page of the UI by clicking on the Administration button
Using the Manage configuration button on the right hand side, select and download each of the following: Download settings of all users; Download device configuration; Download security configuration.
Step 2: Upload configuration files
On the newly deployed EUEM (or TS-4200 if migrating to a new hard drive device), use the same Administration page to upload the configuration files previous downloaded in step 1.
These same files are uploaded to the Analyzer and each collector. The system will take what is needed from the files.
Step 3: Add collector feed to Analyzer
The configuration files downloaded do not contain all necessary information needed to bring the Virtual EUEM to a running state. You will have to configure the analyzer to communicate with the collector.
- From the UI of the Analyzer, navigate to Administration--->Data flow settings-->Analyzer & Collectors management and select Collectors feeds settings. Click on ‘Add a collector feed’ and enter the information needed:
Once the configuration is saved, click on the ON button. You should the connection button turn green meaning there is a proper connection between the analyzer and collector.
Step 4: upload SSL keys to collector
For security reasons, it is not possible to download the SSL keys off a system. It is necessary to upload these keys to the new Virtual collector. The uploaded configuration file will include the IP mappings from the original system.
- To load the SSL keys on the collector, navigate to Administration-->Security settings-->Key management.
Using the Action button, select Add key:
Enter the key information and click save:
The three types of keys you can upload are PEM, DER and PFX. The system can store up to 500 keys.
After the key is uploaded, the last step is to provide an IP Mapping. The easiest mapping is all IP addresses to all keys. They system will try all keys to decrypt the incoming traffic. Example below:
If no key can decrypt the traffic, the information will be displayed in IPs with no keys.