Changes During the Standard VEN Migration
During the VEN migration process, you can continue to make necessary policy object changes and sync them for consistency.
Synchronization Limitations
Policy object changes should be made on the on-prem PCE to account for potential version differences between on-prem and SaaS releases.
Changes to managed workloads on either PCE are mirrored on the other.
New unmanaged workloads on the on-prem PCE are being replicated to the Illumio SaaS.
New unmanaged workloads in Illumio SaaS are not replicated to the on-prem PCE.
Manual invocation of
pcemigratesync is required to synchronize policy object changes. It does not trigger automatically.Specific settings, such as pairing profiles, local users, and RBAC settings, are not replicated after the initial replication.
Skipping workload syncing is possible if workloads are not linked to rulesets, which can expedite the completion of
pcemigrate sync. Skipping is recommended only if no workload changes are made (interface, label, and so forth).
For more information about available options, see pcemigrate sync --help.
Here's an example command for pcemigrate sync with the confirmation prompt disabled, replicating changes to policy objects.
pcemigrate sync --from-pce 4x2testvc10000 --to-pce mnctestvc26000 --no-prompt