VMware Cloud Community
cyberjojo
Contributor
Contributor
‎07-07-2011 11:54 AM
Jump to solution

Uninstall vShield on ESX - vmotion error

We have been testing Trend Deep Security on our vm's for a few mounts, and we want to uninstall it in our enviroment. 

What we see, is that we can not vmotion the vm's of a server with vShield endpoint installed to an ESX that does not have vShield installed.

In one of our cluster (5 hosts), we where able to uninstall vShield on two hosts, but now we can't uninstall the last three. We get an error on vmotion after 82%.

We had the problem when we wanted to move the vm's from one cluster to another. We solved it by installing vShield on the new cluster, and that way we could vmotion the vm's over.

But now that we want to uninstall it complete, we are not able to uninstall the last three hosts.

Any ideas?

U never get a second chance to make a first impression
0 Kudos
1 Solution

Accepted Solutions
JonathanG
Enthusiast
Enthusiast
‎07-07-2011 02:17 PM
Jump to solution

De-activate the VM from the Trend Micro Deep Security console before attempting vmotion

Otherwise, this is a limitation of vShield, you can only vMotion to another vShield enabled host, see FAQ here:

http://www.vmware.com/support/vshield/doc/faq_vshield_41.html

If a guest virtual machine is vMotioned to another ESX host, are all edge, application and endpoint security lost?

No, security policies can following virtual machines as long as vMotion is configured to require that these policies migrate. vMotion moves of a protected virtual machine are blocked if the target ESX is not enabled for the security solution. Make sure that the resource pool for vMotion of protected virtual machines contains only security enabled ESX hosts.

View solution in original post

0 Kudos
3 Replies
JonathanG
Enthusiast
Enthusiast
‎07-07-2011 12:24 PM
Jump to solution

hi

open the .vmx file of the VM and remove these lines:

scsi0:0.filters = "VFILE"
VFILE.globaloptions = "svmip=169.254.50.39 svmport=8888"

Then the VM can vmotion.

cyberjojo
Contributor
Contributor
‎07-07-2011 12:58 PM
Jump to solution

Thank you for quick reply,

That would work if i was able to remove the vm from vCenter. I can not do that while the vm is running can I?

Problem is.. most of the vm's can not have downtime.. :s

U never get a second chance to make a first impression
0 Kudos
JonathanG
Enthusiast
Enthusiast
‎07-07-2011 02:17 PM
Jump to solution

De-activate the VM from the Trend Micro Deep Security console before attempting vmotion

Otherwise, this is a limitation of vShield, you can only vMotion to another vShield enabled host, see FAQ here:

http://www.vmware.com/support/vshield/doc/faq_vshield_41.html

If a guest virtual machine is vMotioned to another ESX host, are all edge, application and endpoint security lost?

No, security policies can following virtual machines as long as vMotion is configured to require that these policies migrate. vMotion moves of a protected virtual machine are blocked if the target ESX is not enabled for the security solution. Make sure that the resource pool for vMotion of protected virtual machines contains only security enabled ESX hosts.

0 Kudos