Hi,
Can anyone explain how to integrate Symantec Endpoint protection On VMWare vShield
Thanks
Nicolas
hi.
I tried out TM Deep Security which uses VMsafe technology (requires vShield Endpoint Virtual Applaince to be deployed on ESXi host) and works fine.. - in DeepSecurity manager I saw that it had found a vShield Endpoint component to integrate with..
does Sym Endpoint have such implementation way?
Which version of SEPM you are using !!!
I do not know the version of SEP yet as it is a Tender exercise, and this information has not been disclose to us. Normally, it should be SEP12, as the client did not recently requested quotation for latest SEP
We ran both Kaspersky (GARBAGE) and Trend for AV in our VMware environment and they were both similar in vShield deployment so I would imagine SEP is also similar here is how it works.
1. You deploy the vShield manager appliance to your VMware cluster.
2. You may or may not need to load a driver on your ESXi host provided by the vendor (Trend, ect..)
3. Now you have the endpoint tab in vCenter allowing you to install the Endpoint peice for vCenter on each ESXi host.
4. On your VM's you re-run the VMware tools installer, and select the optional component to install the VMCI driver. This will register your VM with vShield Endpoint and allow you to perform agent-less AV protection (not really agent-less as its using the vmware tools agent but that's splitting hairs)
This allows offloading of AV scanning/processing to occur to a dedicated appliance reducing the load on your VM's and helps prevent I/O storms.
Hi,
I am Chetan Savade from Symantec Technical Support Team.
A vShield-enabled Shared Insight Cache runs in a Symantec Endpoint Protection Security Virtual Appliance. Windows-based Guest Virtual Machines (GVMs) use VMware vShield Endpoint to access the Shared Insight Cache.
Note: | Symantec supports the use of a vShield-enabled Shared Insight Cache only in VMware ESX/ESXi infrastructures. |
Reference article:
About VMware support:
http://www.symantec.com/docs/HOWTO26658
Best practices for virtualization with Symantec Endpoint Protection 12.1, 12.1 RU1, and 12.1 RU1 MP1
http://www.symantec.com/docs/TECH173650
Best Regards,
Chetan
Hi Chetan,
Thanks
The client has just a Symantec Endpoint manager 12.0 or 12.1 and many windows client.
What do I need to do the integration with vShield?
Regards
Nicolas
Hi,
SEP 12.0 (Small Business Edition) does not support following features.SEP 12.1 (Enterprise Edition) does support these features.
SEP 12.1 introduced several complementary technologies, you can install these features & improve the performance.
Virtualization optimizations in SEP 12.1 include:
For further details regarding the Shared Insight Cache feature please see the following articles: HOWTO55311 and TECH174123
Additionally the following article contains general best practices for SEP in virtual environments: TECH95300
Best Regards,
Chetan
Hi,
Have you deployed SEP on VMware Vshield?
Adding few more points & articles:
The Symantec Endpoint Protection Security Virtual Appliance is a Linux-based virtual appliance that you install on a VMware ESX/ESXi server. The Security Virtual Appliance integrates with VMware's vShield Endpoint. The Shared Insight Cache runs in the appliance and lets Windows-based Guest Virtual Machines (GVMs) with the Symantec Endpoint Protection client installed share scan results. Identical files are trusted and therefore skipped across all of the GVMs on the ESX/ESXi host. Shared Insight Cache improves full scan performance by reducing disk I/O and CPU usage.
You can deploy the vShield-enabled Shared Insight Cache into a VMware infrastructure on each host. The vShield-enabled Shared Insight Cache makes file scanning more efficient. You can monitor the Security Virtual Appliance and client status in Symantec Endpoint Protection Manager.
A vShield-enabled Shared Insight Cache runs in a Symantec Endpoint Protection Security Virtual Appliance. Windows-based Guest Virtual Machines (GVMs) use VMware vShield Endpoint to access the Shared Insight Cache.
Note: Symantec supports the use of a vShield-enabled Shared Insight Cache only in VMware ESX/ESXi infrastructures.Reference article:
Please refer to the following articles on how to install, configure the Security Virtual Appliance:
About the Symantec Endpoint Protection Security Virtual Appliance
http://www.symantec.com/docs/HOWTO81080
What do I need to do to install a Security Virtual Appliance?
http://www.symantec.com/docs/HOWTO81110
VMware software requirements to install a Symantec Security Virtual Appliance
http://www.symantec.com/docs/HOWTO81081
Configuring the Symantec Endpoint Protection Security Virtual Appliance installation settings file
http://www.symantec.com/docs/HOWTO81082
Installing a Symantec Endpoint Protection Security Virtual Appliance
http://www.symantec.com/docs/HOWTO81083
Uninstalling a Symantec Endpoint Protection Security Virtual Appliance