When deploying a virtualized desktop environment, virtual machines are deployed from a golden template. This allows the management from a central image that is shared across a group of virtual machines. If a traditional anti-virus solution were to be deployed in a virtual desktop environment (VDI), there is a lot of redundancy when scanning a machine. This has the potential to add a significant amount of unnecessary load to the entire VDI environment. In some cases, anti-virus solutions have the potential to take down entire virtual desktop infrastructures.
What is vShield Endpoint?
To address this issue and optimize the use of available resources, one can deploy VMware vShield Manager to deploy vShield Endpoint to each individual host. VMware vShield Endpoint offloads virus-scanning activities from each virtual machine to a secure virtual appliance that has a virus-scanning engine and the antivirus signatures. This article explains how to configure VMware vShield Manager.
To find more information on vShield Endpoint, see the following datasheet from VMware:
http://www.vmware.com/files/pdf/products/vShield/VMware-vShield5-Endpoint-Datasheet.pdf
This article is the second part of a series explaining how to deploy vShield with Symantec Endpoint Protection for VMware Horizon View:
- How To Deploy OVA / OVF Template Using VMware vSphere Client
- How to Configure VMware vShield Manager and vShield Endpoint
- Deploying vShield with the Symantec Security Virtual Appliance
- Exporting a Policy from Symantec Endpoint Protection Manager
- Configuring a SEPM Policy for vShield and Symantec SVA
- How to install EPSEC Drivers for vShield
Configuring vShield Manager
If you have not deployed the OVA / OVF template for VMware vShield Manager, see the following article:
http://www.interworks.com/blogs/ijahanshahi/2014/08/06/how-deploy-ova-ovf-template-using-vmware-vsphere-desktop-client
Once the OVA / OVF template has been deployed for vShield Manager, open up a console session to the newly deployed virtual machine. In the newer versions of vShield Manager, the credentials for the admin and the admin CLI will be configured upon deployment of the virtual appliance. If an older version of vShield Manager has been deployed, the default credentials will be:
Username: admin
Password: default
Note: If the system start has not completed, the appliance has not fully booted up. Just wait a few moments and try again.
Once logged in, elevate permissions. Type in enable. Use the CLI Privilege Mode password. Type in setup to begin configuring the vShield Manager.
Once the configuration has been saved, VMware vShield Manager will now be accessible from a web browser.
By default, the web admin login will be:
Username: admin
Password: default
Once logged into vShield, configure the vCenter server and the Lookup Service.
If you have multiple vCenter servers, add the vCenter server containing the ESXi hosts where you will be deploying vShield Endpoint Manager.
Once the server has been added, you may be prompted to verify the authenticity of the host. Click yes to add the vCenter server.
Once vCenter has been added, add the lookup service host.
Once these options have been configured, vShield Endpoint can be deployed to the ESXi hosts.
Deploying vShield Endpoint
Once vCenter has been added to vShield Manager, navigate down to each ESXi host. Click the Install link to select the services that are to be installed or upgraded.
Note: You must manually deploy vShield Endpoint on each ESXi host.
In the next window, check what services will be installed/upgraded, such as vShield Endpoint.
Once confirmed, vShield Manager will notify you that it is installing the service modules. If desired, you can monitor the progress of the installation in vCenter.
Once the installation has completed, vShield Endpoint should now display as being installed on the ESXi host.
Once vShield Endpoint has been successfully deployed, a Security Virutal Appliance can be deployed in the environment. To view how this can be done with Symantec’s Security Virtual Appliance, see the next article in the series. Deploying the Symantec Security Virtual Appliance with vShield
Source(s) Used:
VMware vShield Endpoint, http://www.vmware.com/files/pdf/products/vShield/VMware-vShield5-Endpoint-Datasheet.pdf. Accessed July 15, 2014.
vShield Installation and Upgrade Guide, http://www.vmware.com/pdf/vshield_55_install.pdf. Accessed July 16, 2014.
