1 of 1 people found this helpful
Using the new DCCV (Data Center Connector for vSphere) that got released with MOVE 3.0 (not compatible with ePO 5.1.0 as of 28/01/2014) should allow you to tag devices based on MOVE protection status. You can then create:
a) VSE deployment tasks that exclude any MOVE-tagged VMs
b) A deployment task that removes VSE from any MOVE-tagged VM
Thank you ProfessorMadman. I logged in with my grant number but can't see the download for DCCV? Can you please confirm?
There is not requirement to deploy MOVE AV Agentless 220.127.116.11 to your guest virtual machines. This package is to upgrade SVA servers from 2.6.0 to 3.0 and should only be executed on your offload scan servers that were stood up on each ESX host as part of the OVF template deployment process (only applicable if you are running MOVE Agentless 2.6.0 and are looking at upgrading).
You also cannot mix and match platforms within deployment tasks like this. With the DCCV extension checked in, you should now have been able to register your vCenter server using a read-only account to pull in VM-related info about your virtual estate. Any guest VMs that were not present in your tree prior to doing this, will show up under the vSphere System Tree sub-container. You should now be able to create a tag in ePO (and use it as a dashboard monitor) to indicate protection status for your VMs - including whether they are protected by MOVE Agentless, VSE, Host IPS firewall or SolidCore, if used (Application Whitelisting). This tag can then be used in a deployment task to exclude from VSE deployment on Windows platform and also optionally a secondary task can be created to remove VSE from machines with this tag applied.
Ensure that you have enabled the vShield filter driver (VMCI) in your VM Tools on your guest systems to add support for vShield API protection. You should be able to confirm protection on the vShield tab in the vSphere console by looking at events indicating "Thin agent enabled" for each vShield Endpoint-protected guest.
Hope this helps!
Thank you for this ProfessorMadman.
Ok so this is what I have done.. created deployment task to remove VSE from systems that has the dc_vm_auto tag assigned. Is this correct? I am testing it now anyway, will provide feedback.
Message was edited by: minion on 2/13/14 1:25:00 AM CST
Ok but wait.. it might see the Vm machines with the tag but that does not mean thin agent has been enabled on these servers?
Message was edited by: minion on 2/13/14 1:26:07 AM CST
Hi Minion, apologies for hijacking this thread, just one quick question, whereabouts did you find the download for DCCV? Our eval didn't seem to include it.
You can get all the downloads when you login to downloads section with your grant number.