McAfee MOVE works with the VMware VShield Manager, and you need to install Vshield to be able to utilize the McAfee MOVE agentless product. You install the VMware vShield Managerby deploying an ovf template that you will install within your VMware infrastructure. You will then have to initialize the new Vshiled Manager with vCenter. You will then need to deploy vShield endpoint components to each hypervisor or ESX server. And finally, you will have to enable vShield drivers on each VM. This document covers the Installation and configuration within VMware.
1. Download vShield from vmware 2. Install the vShield manager with ovf template 3. Configure vShield 4. Initialize the vShield with vCenter 5. Enable the vShield endpoint on each ESX server 6. Enable the vShield drive own endpoints themselves
You can also watch the steps described in this document by viewing the video below.
I - Download vShield from VMware
1. If you have not already downloaded the vShield manager ovf template, you will need to login to vmware under 'my vmware' (https://my.vmware.com).
2. Scroll down and click on view and download products, in the search window type in: vShield and choose the vShield 5.5 manager, you will want to select vmware eCloud Networking and Security 5.5.0 and then you will see the vShield manager and proceed to download. Once complete you will have a file local to your computer that you can deploy to your vmware environment and you can have a vShield manager you can initialize with your vCenter.
II. Install the vShield manager with ovf template
1. Log into the vmware VSphere client to deploy the vShield manager ovf template (it is an .ova file) that you just downloaded. Here, we assume that you have a user account to your vCenter server.
2. After logging in to the vCenter, click on the file then deploy ovf template.
3. Click browse to select the ovf template you just downloaded from Vmware.
4. Click Open and click next.
5. Click next through until you accept the certificate. Accept the license agreement.
6.Give it a unique name this is the name that it will appear as part of the vSphere client, where you want to deploy it in regards to storage, how you want to provision it, the network you want to place it on.
7. Power on the appliance after deployment.
III. Configure vShield
1. Now that is has been deployed find the appliance that has been powered on and then open the console to the appliance, you may see that the appliance is still booting up.
2. In the console window log in once you see the manager log in. User name will be: Admin and the user, the default password will be 'default'. When you come to the manager prompt you need to type in the word 'enable' and press enter, and you will have to enter your password again which is 'default'.
3. When you get the manager hashtag you will now need to type in setup and you will be able to enter IP address and other information for this particular vShield manager.
4. When you get through the setup configuration click yes to save this new configuration. At this point, type in reboot and reboot the appliance.
5. Once the appliance is rebooted we are now going to switch over to a web interface to connect to the vShield manager. Enter the IP address you have just configured the appliance with and hit enter and trust the certificate.
IV - Initialize the vShield with vCenter
1. The VMware vShield login screen is presented, enter the username 'admin', the password 'default' and you will gain access to your vShield manager, at this point you can change the password.
2. Log in to the vShield Manager.
3.Setup the vShield manager. For that, do the following.
Click Settings & Reports from the vShield Manager inventory panel.
Click the Configuration tab.
In vCenter Server Information, type the IP address or hostname of your vCenter Server.
Type your vSphere Client login user name.
Type the password associated with the user name.
4. Once accomplished there will be a designation that the vShield manager has connected to your vCenter, and when you go into your data centers at this point you will be able to look at your ESX servers and will be able to determine the state of your ESX servers in regards to the vShield deployment.
V - Enable the vShield endpoint on each ESX server
1. Next, set up the architecture for the McAfee MOVE to be able to integrate with the vShield manager and install the vShield endpoint on each ESX server where you want to provide this service. Click install and make sure vShield is checked, install vShield endpoint which should take a few minutes
2. Once installed it will display a screen where you have your vShield endpoint and you have an uninstall selectable item at the end of the line, it means that your vShield manager is now able to communicate with the ESX server.
3. To complete the cycle of the architecture on the vmware side you need to enable the thin agents on any clients that you want to be able to provide to provide agentless protection for with the vShield manager and a vShield scanning appliance that we will deploy when we discuss the McAfee MOVE deployment.
VI - Enable the vShield drive own endpoints themselves
1. Next you need to enable the thin agent local to computers that you want to provide the agentless protection for.
2. Selecting the agent going to guest, and select install upgrade vmware tools, make sure to choose interactive tools upgrade, and then go to the computere where you have sent that command.
3. If the vmware tools installation doesn't automatically run you can open the D: drive, click next, you want to modify the vmware tools that have been deployed.
4. Scroll down to the bottom of the vmware toolset, at the very bottom, under VMCI driver there is a vShield driver, select it. You need the entire features to be installed locally. Click next and this will install the vShield driver for this computer, and enable it to be able to function with the agentless protection of the vShield component.
5. Two primary components you are looking for after deployment are that the ESX server has been enabled and the thin agents are enabled on the ESX servers.
We have seen how to download, install and configure vShield as well as initialize it and enable ESX servers and endpoint.
For more information about the McAfee SIEM, visit: