Solved: vshield endpoint

Bluemoon404 · ‎11-08-2010

Hi,

I have just purchased my first 100 VMview licenses and part of the package I received 100 vshield endpoint licenses which I know nothing about. I currently control our physical pc's AV solution through Mcafee's epo policy administration setup.

Not knowing anything about this new product I decided to contact VM licensing and ask them about the product. VMware licensing informed me that all I need for my VM AV solution is to build a VM and put of my Mcafee agents on to this PC and from this base VM all my other 100 VM's will also be protected.

Now I can't see Mcafee being too happy with this but would appreciate if someone could confirm if this is correct. I'm not interested in edge sucurity or protecting anything else other than my new 100 VMview desktops.

Is this correct that I only need is a simple VM with one mcafee agent installed.

Thanks

mclark · ‎11-09-2010

Existing VM products do not work with vShield Endpoint. New solutions have to be released by AV vendors that work with Endpoint, or their existing products have to be updated to work with Endpoint. For instance, right now we use Symantec Endpoint Protection. Symantec either needs to release an update to SEP, or release a new product, which is compatible with vShield Endpoint. Any new AV products will have an appliance that runs on the vSphere host. A vShield Endpoint agent will be installed on each View desktop VM. That agent will work with the AV vendor's appliance to scan the desktop and protect it. I don't know if McAfee has released such a product yet or not. Trend Micro has Deep Security, which works with Endpoint. Symantec does not have a product yet for Endpoint, although I am anxiously awaiting it. That is what I understand of the product.

View solution in original post

Dave_Mishchenko · ‎11-08-2010

An antivirus solution using vShield will protect your VMs from an applicance running on the hosts which scans the VMs through the API rather than relying on an agent in each guest OS to do the same function. This thread will have some more information about it. http://communities.vmware.com/thread/285226

You won't just be installing 1 "desktop" license and be able to protecting any number of desktops.

Dave

VMware Communities User Moderator

Now available - vSphere Quick Start Guide

Do you have a system or PCI card working with VMDirectPath? Submit your specs to the Unofficial VMDirectPath HCL.

Bluemoon404 · ‎11-08-2010

Hi Dave,

Thanks for trying to help but the link http://communities.vmware.com/thread/285226

only seems to talk about how the various partners are working towards a consolodated solution without answering the question. I have read about the advantages of agentless scenarios but I can't find the answers on what I need to do to put this into place.

I have a subscription with Mcafee for my dat updates and I have been 'given' 100 vshield endpoint licenses with my purchase of VMview from VMware. VMware licensing inform me this is all I need to put an AV VM solution into place.

Has anyone successfully implemented this or found a pdf admin guide that tells us how to set this up. All the pdf's I've found seem to talk about how the API's talk at the hypervisor level and this is really great blah blah blah but they all fall short of what is really needed to implement this solution.

mittim12 · ‎11-08-2010

Try the quick start guide for the vShield products for some installation directions I think it starts on page 27. IMO it's not as well documented as it should be

www.vmware.com/pdf/vshield_41_quickstart.pdf

If you found this or any other post helpful please consider the use of the Helpful/Correct buttons to award points

Twitter: http://twitter.com/mittim12

mclark · ‎11-09-2010

Existing VM products do not work with vShield Endpoint. New solutions have to be released by AV vendors that work with Endpoint, or their existing products have to be updated to work with Endpoint. For instance, right now we use Symantec Endpoint Protection. Symantec either needs to release an update to SEP, or release a new product, which is compatible with vShield Endpoint. Any new AV products will have an appliance that runs on the vSphere host. A vShield Endpoint agent will be installed on each View desktop VM. That agent will work with the AV vendor's appliance to scan the desktop and protect it. I don't know if McAfee has released such a product yet or not. Trend Micro has Deep Security, which works with Endpoint. Symantec does not have a product yet for Endpoint, although I am anxiously awaiting it. That is what I understand of the product.