MOVE AV, in short, offloads the scanning of files to a dedicated VM reducing scanning and updating storms caused by multiple guests on the same Hosts updating at the same time.
Agentless requires the vShield drivers to be installed on the hypervisor, whereas multiplayform requires an agent to be installed within the guest OS.
MOVE requires offload scan servers to be running VSE which will require DAT updating. An SVA (security virtual appliance) running on MOLS (a McAfee optimised version of Linux) is used to auto assign guest to a particular offload scan server.
ePO is used to set policies for which processes can be white listed from offload scanning via the multiplayform agent, policies for the SVA to assign which offload scan server to use and management and deployment of the offload scan server.
I think that's about it for s high level overview. Did you have any particular questions?
Certified McAfee Product Specialist - ePO
1 of 1 people found this helpful
That was very helpful many thanks
So few more questions if I may
1) We dont want it agentless - we want it so that we can offload the scanning. In this instance I suspect an agent gets installed in the VM and that then talks to the SVA for scanning functionality?
2) I was a little unclear with what you said [my brain!]. Is the SVA and the Scan Server the same thing?
3) Tryin got understand the overall architecture so
a) EPO server which we get from installed the EPS Suite
b) SVA to manage the vm and offload scanning
c) Scan servers to perform the scan which also has VSE
I was looking at the downloads for testing this in a Test environment - which download do it need?
Would it be a) EPS download b) Move for Multi Platform download
Would there be anything else I would need to download to meet my outcome?
1) - Yes. The SVA is used to assign which Offload Scan server actually scans the file.
2) - The SVA is a Virtual Appliance provided by McAfee which you deploy into your VC. It is used to auto assign which Offload Scan SErver to use, for Example we use IP ranges to define which Offload Scan Servers (Primary a Secondary) should be used by any given guest. The Offload Scan Server is a Windows server you are responsible for Provisioning AND licensing, which you then install the Offload Scan Server Components and VirusScan Enterprise. The Offload Scan Server 'receives' the 'Scan this file request' then uses the VSE install with the installed DAT to scan the file and return the response 'Convicted or not' back to the guest which requested the scan.
a. I cannot confirm if you are granted ePO for any given SKU. This would need to be confirmed by your Retail Partner.
b. SVA to manage the assignment of offload scan server to a given guest. This is a mass guest management feature. Offload Scan Server, the Windows server that actually scans the file using VSE.
Try downloading the trial for McAfee MOVE Antivirus
Check out page 10 here for the Architecture Overview.
Certified McAfee Product Specialist - ePO
One final thing - the Mcafee MOVE AV link you sent - how many components of the key parts does it contain? The OSS component and the SVA? I assume it doesnt have the EPO?
SO it seems there are 3 main components for the solution EPO, SVA and OSS - right?
EPO for management
SVA for OSS assignment
OSS for scanning
MultiPlatform Agent for guests
I don't know if EPO is included or not, you would need to confirm with your reseller which SKU would be suitable
that is brilliant - many thanks and youve told me more in 1hour then ive understood in 10 hours!
Glad I could help, if your satisfied that your question has been answered could you please mark this thread as answered/correct.
Me again - the MOVE link above has 4 components.....I assume I only select the Move for Virtual Servers and that has all the components in it?
I'm not a Technical Sales specialist. As discussed previously you will need to contact your reseller to confirm which components are available in which SKU.
If your are only trialing why not download them all and see which parts are on each Evaal.
We use MOVE for virtual servers but we also have a large collection of other endpoint technologies and I'm not sure which parts exclusively are in MOVE av for servers vs Move VDI etc.