Tips and Tricks on Building Agentless Antivirus Scanners for Virtual Desktops

Similar documents
Tips and Tricks on Building Agentless An4virus Scanners for VMware View Virtual Desktops

MOVE AntiVirus page-level reference

McAfee MOVE AntiVirus Installation Guide. (McAfee epolicy Orchestrator)

THREAT PROTECTION FOR VIRTUAL SYSTEMS #ILTACON #ILTA156

Ensure Virtualization Security and Improve Business Productivity with Kaspersky

Contents. Limitations. Prerequisites. Configuration

Installing and Administering VMware vsphere Update Manager. Update 2 VMware vsphere 5.5 vsphere Update Manager 5.5

vsphere Update Manager Installation and Administration Guide 17 APR 2018 VMware vsphere 6.7 vsphere Update Manager 6.7

Symantec Endpoint Protection

Symantec and VMWare why 1+1 makes 3

Manually Installing Windows Updates Server 2008 R2 On Vmware 8 >>>CLICK HERE<<<

VMware Infrastructure Planner

Kaspersky Security for Virtualization Frequently Asked Questions

Deploying VMware Identity Manager in the DMZ. JULY 2018 VMware Identity Manager 3.2

McAfee Management for Optimized Virtual Environments AntiVirus 4.5.0

VMware vsphere Customized Corporate Agenda

Cannot Uninstall Mcafee Agent Because Other

VMware Skyline Collector Installation and Configuration Guide. VMware Skyline 1.4

McAfee MVISION Endpoint 1808 Installation Guide

Foundation for Cloud Computing with VMware vsphere 4

McAfee MVISION Endpoint 1811 Installation Guide

Installing and Configuring vcloud Connector


Deploying VMware Identity Manager in the DMZ. SEPT 2018 VMware Identity Manager 3.3

5 Performance-Boosting vsphere Features You re Missing out on

VMware Skyline Collector Installation and Configuration Guide. VMware Skyline Collector 2.0

Exam Name: VMware Certified Professional on vsphere 5 (Private Beta)

AppDefense Cb Defense Configuration Guide. AppDefense Appendix Cb Defense Integration Configuration Guide

ESET Virtualization Security for VMware vshield

For the complete book please visit:

VMware ESX ESXi and vsphere. Installation Guide



VMware vfabric Data Director Installation Guide

Addendum. McAfee Virtual Advanced Threat Defense

vshield Administration Guide

Remove Trend Micro Client Server Security Agent Without Password

Installing and Configuring vcenter Support Assistant

IS B10 - Securing Your Virtual Data Centers: The Future of Endpoint and Server Security

Sophos Anti-Virus for VMware vshield: On-Premise Edition startup guide. Product version: 2.1

Sophos for Virtual Environments. startup guide -- Sophos Central edition

Forcepoint Sidewinder

Agenda. Virtualization with the Power of Memory. 08:30 08:40 Begrüssung Einleitung W. Keller

Ret h i n k i n g Security f o r V i r t u a l Envi r o n m e n t s

Core Component Installation

VMware vfabric Data Director Installation Guide

Securing the Data Center against


Addendum. McAfee Virtual Advanced Threat Defense


Installing or Upgrading ANM Virtual Appliance

Cannot Remove The Mcafee Agent Other Products Are Using It

Configuring High Availability for VMware vcenter in RMS All-In-One Setup

Getting Started with ESXi Embedded

CYBER SECURITY MALAYSIA AWARDS, CONFERENCE & EXHIBITION (CSM-ACE) Securing Virtual Environments

Installing and Configuring vcloud Connector

Virtualization with VMware ESX and VirtualCenter SMB to Enterprise

This document provides instructions for the following products.

VMware Identity Manager Cloud Deployment. Modified on 01 OCT 2017 VMware Identity Manager

VMware Identity Manager Cloud Deployment. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager

VI3 to vsphere 4.0 Upgrade and New Technology Ultimate Bootcamp

Dell EMC Ready Architectures for VDI

Cisco Prime Service Catalog Virtual Appliance Quick Start Guide 2

McAfee Network Security Platform 9.1

Stealthwatch Flow Sensor Virtual Edition Installation and Configuration Guide (for Stealthwatch System v6.9.0)

McAfee Network Security Platform 8.3

Installing Cisco Virtual Switch Update Manager

McAfee Network Security Platform 8.3

SIMATIC. Process Control System PCS 7 V7.0 SP1 Security Information Note: Setting up antivirus software. Preface. Using virus scanners 2

VMware Identity Manager Connector Installation and Configuration (Legacy Mode)

FluidFS Antivirus Integration

McAfee Firewall Enterprise and 8.3.x

CA Cloud Service Delivery Platform

Preparing Virtual Machines for Cisco APIC-EM

Preparing Virtual Machines for Cisco APIC-EM


AS Stallion. Security for Virtual Server Environments. Urmas Püss

SecureAPlus User Guide. Version 3.4

Introduction. 1. Deactivating Anti-Executable Enterprise. 2. Updating the virus definitions 3. Reactivating Anti-Executable Enterprise.

McAfee Endpoint Security for Servers Product Guide. (McAfee epolicy Orchestrator)

vrealize Suite Lifecycle Manager 1.0 Installation and Management vrealize Suite 2017

Symantec Endpoint Protection Integration Component User's Guide. Version 7.0

Manually Install Windows Updates Server 2008 R2 On Vmware 8

VMware vsphere Replication Installation and Configuration. vsphere Replication 6.5

vshield Quick Start Guide

Version 2.3 User Guide

ESET SHARED LOCAL CACHE

Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security Chris Van Den Abbeele, Global Solution Architect, Trend

Dell EMC vsan Ready Nodes for VDI


Getting Started with ESX Server 3i Installable Update 2 and later for ESX Server 3i version 3.5 Installable and VirtualCenter 2.5

Symantec Reference Architecture for Business Critical Virtualization

Upgrade Guide. vcloud Availability for vcloud Director 2.0

Table of Contents HOL-PRT-1464

vsphere Basic System Administration

Developing and Deploying vsphere Solutions, vservices, and ESX Agents. 17 APR 2018 vsphere Web Services SDK 6.7 vcenter Server 6.7 VMware ESXi 6.

Expand Virtualization. Maintain Security.

SaaSaMe Transport Workload Snapshot Export for. Alibaba Cloud

TECHNICAL WHITE PAPER AUGUST 2017 REVIEWER S GUIDE FOR VIEW IN VMWARE HORIZON 7: INSTALLATION AND CONFIGURATION. VMware Horizon 7 version 7.

UDP Director Virtual Edition Installation and Configuration Guide (for Stealthwatch System v6.9.0)

Transcription:

July 2013 Tips and Tricks on Building Agentless Antivirus Scanners for Virtual Desktops Yury Magalif, MASE, VCP Principal Architect Cloud Computing

Agenda I. Design Decisions Current AV or Agentless II. How to Configure the Parent VM III. vshield Manager IV. Trend Micro Deep Security Manager V. Trend Micro - Deploy Filter Driver and Appliance VI. Trend Micro Protect VMs VII. Connect View Desktop VIII. Trend Deep Security Tips IX. McAfee MOVE Agentless Tips

I. Design Decisions Current AV or Agentless»Goal: Minimize I/O

Design current AV or Agentless?» ProjectVRC.com Whitepaper» MCAFEE VIRUSSCAN ENTERPRISE 8.8.0» Scan within the VM.» I/O overhead at 50%» MCAFEE MOVE MULTIPLATFORM 2.0» Offloading AV scanning to a separate VM.» I/O overhead at 16%

Design current AV or Agentless? Continued.» MCAFEE MOVE AGENTLESS 2.5» Scanning offloaded to VM, very light VMware agent inside» IO overhead at most 10%. -- all write, no read at all.»conclusion: Using Agentless makes sense.

II. Trend How to Configure the Parent VM»Goal: Make it easier

VMCI what VM uses to talk outside the bubble

Check the Enable VMCI between VMs box in your Parent VM, even though it is not mentioned in the manual.

Download Notifier installation file from the Trend Website and run install. Choose all defaults.

Once installed, the Notifier displays a bubble upon first login. Some admins don t like any popups in their Parent VM. You can opt not to install Notifier then.

Notifier has a right click menu, and by default will notify the user in case of malware or bad websites.

III. vshield Manager»Goal: Follow the Antivirus Manufacturer manual

Select host, then look for vshield tab to the right. Click the Install button next to vshield Endpoint.

Select vshield Endpoint checkbox and click Install. Do not select any other checkboxes.

On the vshield tab for the host, check that the button specifies Uninstall.

On the Networking configuration tab for the host, look for a new Standard Switch. Do NOT delete it.

IV. Trend Micro Deep Security Manager»Goal: Install management

Create a VM for Trend Micro Deep Security Manager with 8GB of RAM, 1 socket and 4 cores.

In SQL Server Management Studio, create a new database, and make sure to specify Recovery model as Simple no need for up to date logs here.

Download Manager installation file from Trend website, double click to install

Specify SQL database name. Use SA account or the one given by your SQL Admins.

For Antivirus, you only need to enter Anti-Malware and Web Reputation Activation Codes. No need to buy others.

Install a Co-located Relay by default

Go to URL of the https://trendmanagerfqdn:4119 to manage

Go to Computers, New, then Add VMware vcenter

Specify where your vshield Manager is located important!

V. Trend Micro - Deploy Filter Driver and Appliance»Goal: Install mechanics

Add Trend modules you downloaded previously. Go to Updates, Software Updates and click Import Software

Select the Filter driver and Appliance for ESX

Click View Imported Software button to check what you imported. The 2 agents and the relay would have been already installed by the Trend Manager installer.

Select the Cluster in the tree, then select each ESX host, choose Actions, then Prepare ESX to deploy the Filter Driver. You must do this on each host separately.

VMotion the VMs manually off the target ESX host, choose Yes and Finish to let Trend deploy the Filter driver automatically. Don t worry if the screen does not update for a long time wait. Monitor in vcenter.

Monitor Filter driver deployment in vcenter. Trend Manager will be sending commands for Maintenance mode and rebooting the ESX server automatically.

When Trend Manager is done, it will display ESX server Successfully prepared message. Select Deploy a Deep Security Appliance now and click next.

Provide appliance name, datastore, network. Make sure to create a separate Trend folder in vcenter inventory and place all Trend VMs there.

Provide FQDN and Static IP address.

Wait for Appliance Deployed message, then Activate.

Check on ESX host tab to Active status and in vcenter list

Ensure appliance is Disabled from DRS automatic VMotion

VI. Trend Micro Protect VMs»Goal: Protection

Activate all VMs on the host for protection. You can also activate them later through the Trend Manager interface.

If activation fails, you can reactivate the VM manually

If activation is successful, you can will see Managed (Online) status next to the VM

After activation is successful, go to ESX vshield tab & look for the name of the VM with the status of Thin agent enabled

Next, right click on VM in Trend Manager and Assign Policy. Choose Base>Windows>Windows Anti-Malware Protection

VII. Connect View Desktop»Goal: Test catching viruses

Connect to your Virtual Desktop, in this case VMware View 5.2

If you click to see the details of the caught virus, you will see that it was Quarantined

VIII. Trend Deep Security Tips» Before installing vshield service on each ESX host, make sure the vcenter VM is NOT on that host. Install, then move vcenter back. Same w/filter driver.» Do NOT assign a Security Profile to the Deep Security Manager VM itself (even though there IS one). Otherwise, you will get Anti-Malware Driver Offline» You CAN apply the DP Virtual Appliance Profile to each VA» Shut down Manager first, then SVAs. Start SVAs first, then manager.» vshield modifies the VMX file be aware if you move VM to non-vshield environment.

IX. McAfee MOVE Agentless Tips» First, install McAfee Public CA v1 certificate in the Intermediate Certification Authorities certificate store (with MMC) on the system running the vshield Client. Then deploy the OVF.» SVA deployment is manual with an OVF to each host, or scripted.» Manually disable VMotion on SVAs.» Install the McAfee MOVE AV Agentless extension in epolicy Orchestrator console.» From the epolicy Orchestrator console, deploy a policy with a category of SVA.

Thank you!»i would like to thank my colleagues Will Chin and Jose Restrepo for invaluable assistance.

Contact Info & Questions Please give feedback it helps me come back. Get the slides in on my work blog: www.cdillc.com/newsroom/cloud-giraffe Twitter: @YuryMagalif @CDILLC YouTube: Connect with me on LinkedIn: Yury Magalif www.youtube.com/user/ym640 I would like to thank HP for VC whitepapers/cookbooks from which I borrowed some diagrams in this presentation. For questions after this presentation, email to Personal Blog: cloud-zebra.com E-Mail Questions:

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback