Perform an Rsync Migration

Video: Migrate to Tenable Core Using Remote Sync

Required Tenable Core User Role: Administrator with reuse my password for privileged tasks enabled

The Tenable Appliance to Tenable Core migration process varies depending on your current Tenable Appliance deployment and your desired Tenable Core deployment. To plan your overall migration strategy and confirm the remote synchronization (rsync) method suits your Tenable Appliance instance, see Get Started.

Note: This process is only for migrating Tenable Security Center data on Tenable Appliance to Tenable CoreTenable Security Center.

Before you begin:

  • Confirm that your Tenable Core instance has free disk space on the volume containing /opt that is at least the size of your current Tenable Appliance application disk space usage.

    Tip: To determine the disk space used on your Tenable Appliance, see the status section described in Appliance Interface.

    To determine your available disk space on Tenable Core, see Manage System Storage in the Tenable Core User Guide. To increase your available disk space on Tenable Core, see Add or Expand Disk Space in the Tenable Core User Guide.

  • Confirm that your Tenable Appliance instance and Tenable Core instance can communicate via SSH over port 22.
  • Confirm your Tenable Appliance meets the version requirements, as described in Version Requirements.
  • Deploy and get started as described in Get Started in the Tenable Core User Guide.
  • Prepare your Tenable Appliance tns user's private key for use during the migration, as described in Prepare the Private Key Before an Rsync Migration.

  • If you are migrating in an offline (air-gapped) environment, manually download the RPM for the version of the application being migrated from the Tenable downloads page.

  • If your Tenable Security Center version on Tenable Core is later than your version on Tenable Appliance, downgrade as described in Downgrade Before an Rsync Migration.

  • Enable touch debugging for DB Locks:
    • Tenable Security Center version 5.10.x or later — See Enable Touch Debugging in the Tenable Security Center User Guide.
    • Tenable Security Center version 5.9.x or earlier — Contact Tenable Support.

To migrate to Tenable Core via the rsync method:

  1. In Tenable Core, log in to the shell via SSH, the Terminal page, or the system console.

    Tip: If you run the migration via the Terminal page, you cannot enable progress output later in the migration.

  2. Run the following command to stop Tenable Security Center.

    pkexec systemctl stop SecurityCenter

  3. Run the following command to stop all running Tenable Security Center processes.

    pkexec pkill -9 -u tns

  4. Run the following command to remove any existing Tenable Security Center data.

    pkexec sh -c 'rm -rf /opt/sc/* /opt/sc/.*'

  5. Run the following command:

    pkexec rsync -e "ssh -x -T -i <SSH key path> " -a --hard-links --human-readable --acls --sparse --exclude /support/logs/* tns@<appliance IP address>:/opt/sc/ /opt/sc/

    Tip: If you are running rsync via the via the Terminal page, do not enable progress output. If you are running rsync via SSH or the system console, you can enable progress output by adding one of the following to the command:

    --info=progress2

    or

    --progress

    The synchronization begins.

    Tip: If the synchronization fails or is disrupted, run the command again to resume the synchronization.

    The synchronization finishes.

  6. Connect to the Tenable Appliance interface.

  7. In the menu, click SecurityCenter.

    The SecurityCenter page appears.

  8. Click Stop SecurityCenter.

    Tenable Security Center stops.

  9. In Tenable Appliance, log in to the shell via SSH.

  10. Run the following command to confirm your SSH and shell are only jobs listed.

    ps U tns
  11. In Tenable Core, log back into the shell via SSH, the Terminal page, or the system console.

  12. Run the following synchronization command again to synchronize files changed since you started the migration:

    pkexec rsync -e "ssh -x -T -i <SSH key path> " -a --hard-links --human-readable --acls --sparse --exclude /support/logs/* tns@<appliance IP address>:/opt/sc/ /opt/sc/

    Tip: If you are running rsync via the via the Terminal page, do not enable progress output. If you are running rsync via SSH or the system console, you can enable progress output by adding one of the following to the command:

    --info=progress2

    or

    --progress

    The synchronization begins.

    Tip: If the synchronization fails or is disrupted, run the command again to resume the synchronization.

    The synchronization finishes.

  13. Run one of the following commands to reinstall your current version of Tenable Security Center:

    Online installation:

    pkexec yum reinstall SecurityCenter

    Offline installation:

    pkexec yum reinstall /<RPM path>

  14. Run the following command to restore SELinux context on Tenable Core:

    pkexec restorecon -RF /opt/sc

    Your SELinux context is restored.

  15. Log in to the Tenable Core UI.
  16. Click Tenable Security Center.

  17. In Tenable Security Center Installation Info, click Start.

    The system starts the Tenable Security Center service.

What to do next:

  • Perform the post-migration actions for your deployment type, as described in Post-Migration Actions.
  • Upgrade Tenable Security Center to the latest version, as described in Upgrade in the Tenable Security Center User Guide.