7 Replies Latest reply on Mar 26, 2014 12:19 AM by stickman

    move and vse automate in epo


      Hi guys,


      I need your thoughts. I have MOVE and VSE in my environment. Sure its possible to assign task to group to remove VSE if MOVE is installed on a server. I know that MOVE works with a VMware thin agent, if the thin agent is installed then MOVE is enabled, correct me if I am wrong. Any ideas?

        • 1. Re: move and vse automate in epo

          Using the new DCCV (Data Center Connector for vSphere) that got released with MOVE 3.0 (not compatible with ePO 5.1.0 as of 28/01/2014) should allow you to tag devices based on MOVE protection status.  You can then create:


          a) VSE deployment tasks that exclude any MOVE-tagged VMs

          b) A deployment task that removes VSE from any MOVE-tagged VM





          Message was edited by: ProfessorMadman on 28/01/14 14:01:24 GMT
          1 of 1 people found this helpful
          • 2. Re: move and vse automate in epo

            Thank you ProfessorMadman. I logged in with my grant number but can't see the download for DCCV? Can you please confirm?

            • 3. Re: move and vse automate in epo

              No worries I got it. Can you please describe how you created the client task? When I try and create I get red message telling me " The selection is not valid for the selected platform". See screenshot below.



              • 4. Re: move and vse automate in epo



                There is not requirement to deploy MOVE AV Agentless to your guest virtual machines.  This package is to upgrade SVA servers from 2.6.0 to 3.0 and should only be executed on your offload scan servers that were stood up on each ESX host as part of the OVF template deployment process (only applicable if you are running MOVE Agentless 2.6.0 and are looking at upgrading).


                You also cannot mix and match platforms within deployment tasks like this.  With the DCCV extension checked in, you should now have been able to register your vCenter server using a read-only account to pull in VM-related info about your virtual estate.  Any guest VMs that were not present in your tree prior to doing this, will show up under the vSphere System Tree sub-container.  You should now be able to create a tag in ePO (and use it as a dashboard monitor) to indicate protection status for your VMs - including whether they are protected by MOVE Agentless, VSE, Host IPS firewall or SolidCore, if used (Application Whitelisting).  This tag can then be used in a deployment task to exclude from VSE deployment on Windows platform and also optionally a secondary task can be created to remove VSE from machines with this tag applied.


                Ensure that you have enabled the vShield filter driver (VMCI) in your VM Tools on your guest systems to add support for vShield API protection.  You should be able to confirm protection on the vShield tab in the vSphere console by looking at events indicating "Thin agent enabled" for each vShield Endpoint-protected guest. 


                Hope this helps!

                • 5. Re: move and vse automate in epo

                  Thank you for this ProfessorMadman.


                  Ok so this is what I have done.. created deployment task to remove VSE from systems that has the dc_vm_auto tag assigned. Is this correct? I am testing it now anyway, will provide feedback.


                  Message was edited by: minion on 2/13/14 1:25:00 AM CST


                  Ok but wait.. it might see the Vm machines with the tag but that does not mean thin agent has been enabled on these servers?


                  Message was edited by: minion on 2/13/14 1:26:07 AM CST


                  Message was edited by: minion on 2/13/14 1:41:42 AM CST
                  • 6. Re: move and vse automate in epo

                    Hi Minion, apologies for hijacking this thread, just one quick question, whereabouts did you find the download for DCCV? Our eval didn't seem to include it.


                    Many thanks



                    • 7. Re: move and vse automate in epo

                      Hi AndyCr,


                      You can get all the downloads when you login to downloads section with your grant number.