VMware Cloud Community
virtual_dave1
Contributor
Contributor

VCNS 5.5 - Endpoint 5.1?

Was running vSphere 5.1 with VCNS 5.1 running Endpoint.  No problems.

Upgraded vCenter etc. to 5.5 a while back, the first step of which (according to KB2057795) was to upgrade vShield manager.  Hosts (and thus Endpoint integration) still on 5.1.  No problems.

I've just moved my hosts to 5.5 this weekend (fresh installs, not upgrades), and have gone to install the Endpoint integration from vShield Manager, before then upgrading Tools etc.  However, vShield Manager (5.5.0a build 1473628) appears to only want to install vShield Endpoint 5.1.0-01255202.  It does, however, offer vShield App 5.5.0-1447281.

Is vShield Endpoint 5.1.0-01255202 the latest version, and the correct version for a vShield Manager 5.5.0a to be offering to 5.5 hosts?  Or have I done something wrong?

Thanks.

dave

Tags (4)
Reply
0 Kudos
11 Replies
amatt240
Enthusiast
Enthusiast

You are fine; I was updating my vShield App appliances to 5.5 and noticed the same thing.

Reply
0 Kudos
Cyberfed27
Hot Shot
Hot Shot

I am in the same boat.

I am prepping our VMware environment for a Trend Micro AV solution. Trend says that vShield Endpoint needs to be at 5.1.2 or 5.5 to work.

Well I'm stuck I can't upgrade to 5.1.2 or 5.5.

I have upgraded my vShield Manager appliance to 5.5.0a (latest as of this post date). I'm running vCenter 5.5 and ESXi 5.1 on the hosts.

The only options I have is to go from 5.1.0-833297 to 5.1.0-1255202 on vShield Endpoint.

I have since done so and now I don't have an 'upgrade' button anymore showing up in vCenter implying I am at the latest vShield Endpoint.


I have been working with VMware support on how to get Endpoint to 5.1.2 or 5.5 but they have thus far not provided a path. They are saying that there are some issues with vCenter 5.5 where incorrect versions are being reported in the GUI. Great..so I have no idea where I stand.

I think I've reached a wall and have no choice but to try to install Trend and 'hope' it works with the version of Endpoint I am at.

If anyone has a fix or any info please share!

Reply
0 Kudos
THarrison1
Contributor
Contributor

Same here - just upgraded to vShield Manager 5.5.0a and the vShield Endpoint module being offered is 5.1.0-1255202 on both ESXi 5.1 and ESXi 5.5 hosts in my environment.  Is anyone else out there seeing a v5.5 vShield Endpoint module?

I've also noticed that even after the upgrade, the vSphere client is showing on the summary tab for my vShield Manager VM that it is still running version 5.1.2-943471 and not 5.5.0a-1473628 like the vShield Manager web interface is showing.

Reply
0 Kudos
billdossett
Hot Shot
Hot Shot


me too..  This is in my Lab for a PoC of vshield, if it blows up my lab - which I have had to completely rebuild again this weekend, I'm going to give it a miss until next year.

Bill Dossett
Reply
0 Kudos
Cyberfed27
Hot Shot
Hot Shot

Well here's a quick update on our story.

We did the minor upgrade that was showing as available for vShield Endpoint to 5.1.0-1255202.

We installed Trend Micro Deep Security and did a full deployment using the virtual appliances and all the bells and whistles.

Everything works fine. Agentless anti-malware works. No issues to report at all. We have implemented this on our production system.

See my post above for the versions we are running.

P.S. for anyone considering Trend Micro Deep Security we highly recommend it. Its a very good product and we cannot stress enough to stay away from Kaspersky. Kaspersky was a nightmare from the day we bought it until we retired it one year later (with Trend).

THarrison1 - we see the same thing in the summary tab for the vShield manager appliance as 5.1.2-943471, however if you log into the webpage for vShield manager it shows the correct 5.5.0a version. Again VMware support confirmed they have seen this before and have no solution. They are saying its a "bug" and shouldn't impact actual operations. I can say for Trend Micro Deep Security 9 that this is a true statement. It works.

Reply
0 Kudos
grbvmw
VMware Employee
VMware Employee

There is no Endpoint 5.5

There is only Endpoint 5.1

vCloud Networking and Security 5.5 will push out an Endpoint 5.1 package to 5.1, and 5.5 hosts.

@Cyberfed27  The Summary page will only ever show the version of the OVF file originally deployed, the update method used to patch vShield Manager does not have the ability to modify the VM information in vCenter.   Also go off of the "show version" or About dialog.

Reply
0 Kudos
billdossett
Hot Shot
Hot Shot

ok, thanks, that settles that, but I still need the VIB for my image and none of these seem to work...

5.1.2:

https://vShield_Manager_IP/bin/offline-bundles/VMware-vShield-fastpath-esx5x-5.1.2-896234.zip
https://vShield_Manager_IP/bin/offline-bundles/vShield-Endpoint-Mux.zip

5.1.1:

https://vShield_Manager_IP/bin/offline-bundles/VMware-vShield-fastpath-esx5x-5.1.1-832470.zip
https://vShield_Manager_IP/bin/offline-bundles/vShield-Endpoint-Mux.zip

5.1.0:

https://vShield_Manager_IP/bin/offline-bundles/VMware-vShield-fastpath-esx5x-5.1.0-766127.zip
https://vShield_Manager_IP/bin/offline-bundles/vShield-Endpoint-Mux.zip

5.0.x:

https://vShield_Manager_IP/bin/offline-bundles/VMware-vShield-fastpath-esx5x-5.0.1-556798.zip
https://vShield_Manager_IP/bin/offline-bundles/vShield-Endpoint-Mux.zip

Bill Dossett
Reply
0 Kudos
billdossett
Hot Shot
Hot Shot

to clarify, as actually thought I was replying to another post above, I am trying to get Endpoint working with autodeploy in my lab and I need the VIBs mentioned above which are on the VS Manager appliance at those URLs, but they don't work, tomcat error, resource not found, so not sure if that KB is out of date or what... Using vSphere Auto Deploy to configure a Stateless ESXi image for VMware vCloud Networking and Security 5.1 (2036701)  probably as I am using 5.5, but I haven't found a URL for 5.5 yet and as the VS Manager uses a Cisco style UI, I can't exactly browse around the appliance 😞

Bill Dossett
Reply
0 Kudos
blabarbera
Enthusiast
Enthusiast

It would be nice if VMware would release some kind of KB article acknowledging this bug...

Ran into the same issue and this thread is the only piece of info I could find, and thus is the only thing that prevented me from calling support.

Reply
0 Kudos
grbvmw
VMware Employee
VMware Employee

@billdossett

vCNS 5.1.x is not compatible with ESXi 5.5, the bundles from this vCNS 5.1.x will not install on an ESXi 5.5 image.


For Endpoint: This is the one you want, but again you'll need the one from vCNS 5.5 (Even though it's still vShield Endpoint 5.1, the bundle has the information allowing it to be installed on 5.5).

https://vShield_Manager_IP/bin/offline-bundles/vShield-Endpoint-Mux.zip


The VMware-vShield-fastpath is for vShield App Firewall, and you would need to check with support, or the admin guides to get the proper location / name of the App FW offline bundle in vCNS 5.5 Again the one you've posted above is from vCNS 5.1.x or lower and will not work with an ESXi 5.5 image.


@blabarbera I'll see what I can do for a KB.

Reply
0 Kudos
grbvmw
VMware Employee
VMware Employee

The following should work for App FW offline bundle for 5.5.0 GA, I'll see if I can get the 5.5.0a, and 5.5.2 links as well or if they are the same.  (If you have 5.5.1 you're affected by heartbleed get off that~).

https://vShield_Manager_IP/bin/offline-bundles/VMware-vShield-fastpath-esx5x-5.5.0-1280404.zip

Reply
0 Kudos