nmedard
Enthusiast
Enthusiast

Integration with Symantec Endpoint On VMWare vShield

Hi,

Can anyone explain how to integrate Symantec Endpoint protection  On VMWare vShield

Thanks

Nicolas

0 Kudos
8 Replies
Bugatt1
Enthusiast
Enthusiast

hi.

I tried out TM Deep Security which uses VMsafe technology (requires vShield Endpoint Virtual Applaince to be deployed on ESXi host) and works fine.. - in DeepSecurity manager I saw that it had found a vShield Endpoint component to integrate with..

does Sym Endpoint have such implementation way?

0 Kudos
anupampushkar
Contributor
Contributor

Which version of SEPM you are using !!!

0 Kudos
nmedard
Enthusiast
Enthusiast

I do not know the version of SEP yet as it is a Tender exercise, and this information has not been disclose to us.  Normally, it should be SEP12, as the client did not recently requested quotation for latest SEP

0 Kudos
Cyberfed27
Hot Shot
Hot Shot

We ran both Kaspersky (GARBAGE) and Trend for AV in our VMware environment and they were both similar in vShield deployment so I would imagine SEP is also similar here is how it works.

1. You deploy the vShield manager appliance to your VMware cluster.

2. You may or may not need to load a driver on your ESXi host provided by the vendor (Trend, ect..)

3. Now you have the endpoint tab in vCenter allowing you to install the Endpoint peice for vCenter on each ESXi host.

4. On your VM's you re-run the VMware tools installer, and select the optional component to install the VMCI driver. This will register your VM with vShield Endpoint and allow you to perform agent-less AV protection (not really agent-less as its using the vmware tools agent but that's splitting hairs)

This allows offloading of AV scanning/processing to occur to a dedicated appliance reducing the load on your VM's and helps prevent I/O storms.

0 Kudos
Chetan67
Contributor
Contributor

Hi,

I am Chetan Savade from Symantec Technical Support Team.

A vShield-enabled Shared Insight Cache runs in a Symantec Endpoint Protection Security Virtual Appliance. Windows-based Guest Virtual Machines (GVMs) use VMware vShield Endpoint to access the Shared Insight Cache.

Note:

Symantec supports the use of a vShield-enabled Shared Insight Cache only in VMware ESX/ESXi infrastructures.

Reference article:

About VMware support:

http://www.symantec.com/docs/HOWTO26658

Best practices for virtualization with Symantec Endpoint Protection 12.1, 12.1 RU1, and 12.1 RU1 MP1

http://www.symantec.com/docs/TECH173650

Best Regards,

Chetan

0 Kudos
nmedard
Enthusiast
Enthusiast

Hi Chetan,

Thanks

The client has just a Symantec Endpoint manager 12.0 or 12.1 and many windows client.

What do I need to do the integration with vShield?

Regards

Nicolas

0 Kudos
Chetan67
Contributor
Contributor

Hi,

SEP 12.0 (Small Business Edition) does not support following features.SEP 12.1 (Enterprise Edition) does support these features.

SEP 12.1 introduced several complementary technologies, you can install these features & improve the performance.

Virtualization optimizations in SEP 12.1 include:

  • Shared Insight Cache; a remote cache that allows clients to share scan results and skip scanning files previously scanned inside other virtual machines.
  • Virtual Image Exception; a feature which allows to exclude from scanning all files on a known-clean baseline image.
  • Offline Image Scanner; a standalone tool to scan offline VMWare image files (*.vmdk).
  • Resource Leveling; a feature to randomize the exact time of scheduled scans and definition updates, resulting in a more even load on the host OS.
  • Virtual Client Tagging; allows searching and reporting based on the client virtualization platform, which can be used to assign more performance-sensitive policies to virtual endpoints.

For further details regarding the Shared Insight Cache feature please see the following articles: HOWTO55311 and TECH174123

Additionally the following article contains general best practices for SEP in virtual environments: TECH95300

Best Regards,

Chetan

0 Kudos
Chetan67
Contributor
Contributor

Hi,

Have you deployed SEP on VMware Vshield?

Adding few more points & articles:

The Symantec Endpoint Protection Security Virtual Appliance is a Linux-based virtual appliance that you install on a VMware ESX/ESXi server. The Security Virtual Appliance integrates with VMware's vShield Endpoint. The Shared Insight Cache runs in the appliance and lets Windows-based Guest Virtual Machines (GVMs) with the Symantec Endpoint Protection client installed share scan results. Identical files are trusted and therefore skipped across all of the GVMs on the ESX/ESXi host. Shared Insight Cache improves full scan performance by reducing disk I/O and CPU usage.

You can deploy the vShield-enabled Shared Insight Cache into a VMware infrastructure on each host. The vShield-enabled Shared Insight Cache makes file scanning more efficient. You can monitor the Security Virtual Appliance and client status in Symantec Endpoint Protection Manager.

A vShield-enabled Shared Insight Cache runs in a Symantec Endpoint Protection Security Virtual Appliance. Windows-based Guest Virtual Machines (GVMs) use VMware vShield Endpoint to access the Shared Insight Cache.

Note: Symantec supports the use of a vShield-enabled Shared Insight Cache only in VMware ESX/ESXi infrastructures.Reference article:

Please refer to the following articles on how to install, configure the Security Virtual Appliance:

About the Symantec Endpoint Protection Security Virtual Appliance

http://www.symantec.com/docs/HOWTO81080

What do I need to do to install a Security Virtual Appliance?

http://www.symantec.com/docs/HOWTO81110

VMware software requirements to install a Symantec Security Virtual Appliance

http://www.symantec.com/docs/HOWTO81081

Configuring the Symantec Endpoint Protection Security Virtual Appliance installation settings file

http://www.symantec.com/docs/HOWTO81082

Installing a Symantec Endpoint Protection Security Virtual Appliance

http://www.symantec.com/docs/HOWTO81083

Uninstalling a Symantec Endpoint Protection Security Virtual Appliance

http://www.symantec.com/docs/HOWTO81087

0 Kudos