from my point of view it depends on your internal strategy.
Exclusion: Yes, you are right, process exclusions are not available in the Agentless deployment. The vShield API gives no information about processes.
If you have a subnet across multiple data centers Agentless could be tricky.
Agentless: One OSS for every ESX host. If a virtual machine is moved this makes not problem.
Multiplatform: Scanning over WAN links is not fine. We implemented the following solution for a customer.
1) Installing the datacenter extension and registering the VmCenter(s). Now we have the information which VM is running an which ESX host.
2) Based on this information the VMs are tagged.
3) Based on this TAGs we build a SVA Manager policy to assign the right OSS for the Multi Platform Agent.
Hope this helps,
Thanks for the confirmation on Agentless... Rules that option out...
Using Datacenter Extention to tag which host the VM is on is a good point; but doesn't the multiplatform client only request a new OSS if the current one it's assigned isn't available? So if a VM moved from datacenter A to datacenter B, it wouldnt get re-assigned.
We're moving to an Active/Active datacenter config, so it's likely DRS rules will move VMs between sites occasionally. The WAN link is 10Gbit/s with 1-2ms latency; so it probably won't really be that much of an issue if a couple machines scanned across the WAN... But obviously best to be avoided still.
i´m not absolutely shure. I think it depends on the OSS lease time configureable in the SVA Manager Policy.
If the lease time is over the OSS assignement should be changed based on the TAG assignment rules.
You can find here MOVE AV Deployment Options:
AV Features Multi-platform deployment Agentless deployment On-Access Scanning YES YES On-Demand Scanning Weekly and Instant scheduling Weekly scheduling Quarantine restore Restore from ePO Restore from utility Automatic SVA deployment through NSX YES Flexible tuning policies YES YES since version 3.6 Exclusions Path-based & Process name Path-based only GTI File Reputation YES YES
I was just going through same questions few weeks ago and just found an article with clear differences between Agentless and Multi-Platform McAfee MOVE solution here.
O.morel, thanks, your comments included there.