5 Replies Latest reply on Jun 11, 2015 4:42 PM by joseph1980

    MOVE-AV 3.6 Agentless vs Multi-Platform Features?

    JayMan

      Hi All,

      Can anyone point me in the direction of a feature comparison between Agentless & Multi-Platform for version 3.6?

       

      We're currently running 3.5 Multi-Platform as it gave more options around exclusions (e.g. process exclusions vs just file exclusions); but I'm wondering if that is still the case.

       

      Agentless gives the benefit of always using the local offload server to the VM's, rather than a semi-randomly assigned OSS based on IP Address rules. This is going to be important for me soon as we will be spanning a single subnet across multiple data centers, so keeping AV scanning to the local host server would be greatly beneficial.

        • 1. Re: MOVE-AV 3.6 Agentless vs Multi-Platform Features?
          Troja

          Hi JayMan,

          from my point of view it depends on your internal strategy.

           

          Exclusion: Yes, you are right, process exclusions are not available in the Agentless deployment. The vShield API gives no information about processes.

           

          If you have a subnet across multiple data centers Agentless could be tricky.
          Agentless: One OSS for every ESX host. If a virtual machine is moved this makes not problem.

          Multiplatform: Scanning over WAN links is not fine. We implemented the following solution for a customer.
          1) Installing the datacenter extension and registering the VmCenter(s). Now we have the information which VM is running an which ESX host.

          2) Based on this information the VMs are tagged.

          3) Based on this TAGs we build a SVA Manager policy to assign the right OSS for the Multi Platform Agent.

           

          Hope this helps,

          Cheers

          • 2. Re: MOVE-AV 3.6 Agentless vs Multi-Platform Features?
            JayMan

            Thanks for the confirmation on Agentless... Rules that option out...

             

            Using Datacenter Extention to tag which host the VM is on is a good point; but doesn't the multiplatform client only request a new OSS if the current one it's assigned isn't available? So if a VM moved from datacenter A to datacenter B, it wouldnt get re-assigned.

             

            We're moving to an Active/Active datacenter config, so it's likely DRS rules will move VMs between sites occasionally. The WAN link is 10Gbit/s with 1-2ms latency; so it probably won't really be that much of an issue if a couple machines scanned across the WAN... But obviously best to be avoided still.

            • 3. Re: MOVE-AV 3.6 Agentless vs Multi-Platform Features?
              Troja

              Hi,

              i´m not absolutely shure. I think it depends on the OSS lease time configureable in the SVA Manager Policy.

              If the lease time is over the OSS assignement should be changed based on the TAG assignment rules.

              Cheers

              • 4. Re: MOVE-AV 3.6 Agentless vs Multi-Platform Features?
                o.morel

                Hi,

                 

                You can find here MOVE AV Deployment Options:

                 

                AV FeaturesMulti-platform deploymentAgentless deployment
                On-Access ScanningYESYES
                On-Demand ScanningWeekly and Instant schedulingWeekly scheduling
                Quarantine restoreRestore from ePORestore from utility
                Automatic SVA deployment through NSXYES
                Flexible tuning policiesYESYES since version 3.6
                ExclusionsPath-based & Process namePath-based only
                GTI File ReputationYESYES

                 

                Regards,

                • 5. Re: MOVE-AV 3.6 Agentless vs Multi-Platform Features?
                  joseph1980

                  I was just going through same questions few weeks ago and just found an article with clear differences between Agentless and Multi-Platform McAfee MOVE solution here.

                   

                  O.morel, thanks, your comments included there.

                   

                  Thanks