1 Reply Latest reply on Jul 18, 2012 8:05 AM by dmease729

    Implications of using VMotion when MOVE Scheduler agent is active

    dmease729

      Hi,

       

      We are going to be using McAfee MOVE scheduler only on our guest machines, however I have recently found out that we are also going to be using VMotion.  There is a chance that new hypervisors will be added as part of the existing clusters, so I was wondering what would happen if a guest machine 'bounced' across to a hypervisor that was not registered in ePO?

       

      I note that page 12 of the MOVE scheduler 2.0.0 product guide advises:
      "Before you begin You must have already added MOVE Scheduler to the Master Repository and registered your virtual servers to the ePolicy Orchestrator System Tree."

      The above sentence is in reference to deploying the scheduler agent to the target host.  If it is a requirement to have the virtual servers registered first, then what would happen in the below case:

       

      VMotion Cluster X:
      Hypervisor A - registered with ePO
      Hypervisor B - registered with ePO
      Hypervisor C - not registered with ePO

       

      Guest machine 'myVM' is running happily on Hypervisor A, however VMotion for whatever reason decides to move it across to Hypervisor C.  Questions:

       

      - Will the scheduler agent just sit there, and do nothing?
      - Is there a chance that due to intervals between the regular queries* that the statistics from Hypervisor A will dictate whether an on-demand scan is run on 'myVM'?
      - Are there any other major concerns that I am missing?

       

      Note that I have also stumbled across KB53848, and have now included that in the testing process for the internal RFCs.  I am not taking this issue into account for the purposes of this question.

      http://www.mcafee.com/us/resources/data-sheets/ds-move-anti-virus.pdf seems to advise that "Our vMotion-aware implementation means your virtual machines can move from one host to another and be seamlessly protected by the SVA on the target host", however this does not appear to refer directly to cases when the scheduler agent is used (it is listed under 'agentless deployments').

       

      *As per page 11 of the product guide: "The McAfee MOVE Scheduler will regularly query the registered hypervisors and reapply the VM tag to any new virtual machines that become managed by ePolicy Orchestrator."

       

      Any help greatly appreciated!

       

      cheers,