Migration Overview

10 min

introduction the migration overview provides guidance for transitioning existing nile access service deployments to the new nile trust service powered by the trust engine this process ensures that customer networks retain existing functionality while gaining the benefits of zero trust enforcement, identity based policies, and microsegmentation migration goals the migration process is designed to achieve three primary objectives preserve existing network connectivity and policies during the transition automatically enable the trust engine for improved traffic control and visibility minimize operational disruption while introducing zero trust capabilities what to expect during migration once the nile service block software is upgraded to the version supporting the trust engine, the nile trust service is automatically activated the migration workflow ensures that traffic handling remains consistent with prior configurations until administrators define new policies key outcomes automatic enablement the core trust tier is activated for all customers after the upgrade no manual activation is required preservation of existing policies current segment based rules are automatically converted into equivalent policy based constructs no immediate service impact traffic flows continue as configured pre upgrade until new policies are applied enhanced visibility administrators gain access to policy logs and classification details via nile control center migration process the trust engine upgrade introduces identity driven microsegmentation while maintaining compatibility with legacy configurations migration occurs in phases to ensure a smooth transition phase 1 – preparation before initiating migration, administrators should validate that all sites are running compatible nile service block software document current network segments, vlans, and firewall rules confirm upstream integrations such as sse or firewall connectivity review expected traffic patterns and any performance sensitive applications phase 2 – automatic conversion during upgrade, the system automatically converts existing configurations into the new trust service framework segment based rules translated into policy groups (user, device, application) and policies firewall forwarding rules retained as upstream forwarding policies guest segments automatically converted into guest policy groups and associated policies for internet access dns, dhcp, and onboarding rules preserved through default infrastructure and dns service profiles phase 3 – post migration review after the upgrade, administrators should review automatically generated policy groups in nile control center verify that classification criteria (such as identity or network segment) are accurate inspect the global policy set to ensure policies reflect expected behavior remove or disable redundant rules that are no longer relevant test key workflows including authentication, internet access, and intra site communication migration example scenarios customers without trust engine 1 0 for customers using earlier versions that forwarded all traffic to an upstream firewall, the migration automatically creates segment based policy groups and policies to forward traffic upstream administrators can later refine these policies for microsegmentation customers with trust engine 1 0 for customers already using basic trust engine functionality, migration upgrades their enforcement model to identity based microsegmentation existing internal and external policies are retained but expanded with the new constructs network segments are mapped to user and device groups internal and external communication rules are auto generated in the global policy set default deny behavior remains consistent with previous trust engine versions guest and quarantine groups guest segments are automatically converted to dedicated guest policy groups with default internet access policies quarantine policies are carried over, maintaining isolation for non compliant or unvalidated devices administrator validation checklist after migration, administrators should perform the following checks confirm all policy groups (user, device, application) appear as expected review and test default and custom policies for intended behavior verify that unclassified and quarantine devices behave according to security posture confirm that upstream forwarding rules operate as designed review policy logs in nile control center for accuracy and completeness best practices for migration perform migration during a scheduled maintenance window to minimize user impact validate configurations in a pilot site before applying changes network wide maintain the default deny posture until new policies are reviewed and approved communicate upcoming policy changes to it and security teams for awareness summary migrating to the nile trust service is an automated and seamless process that enhances enterprise network security without disrupting existing operations by leveraging identity based policy groups, microsegmentation, and continuous validation, the trust engine enables organizations to evolve from legacy network segmentation to a modern, zero trust architecture end of section the documentation set for the nile trust service is now complete, encompassing all aspects from conceptual understanding to operational deployment and migration