5 Replies Latest reply on Jan 11, 2016 9:54 AM by Richard Carpenter

    MOVE AV MP and Agentless together

    meforum

      Hi,

       

      is it possible to have MP and Agentless togehter in the same environment? E.g. some VMs will be protected by Move Agentless, and some by MP Agent (maybe even on the same ESX Host). Would that be possible?

       

      Br

        • 1. Re: MOVE AV MP and Agentless together
          Richard Carpenter

          Hi meforum

           

          I guess this would depend on your Hypervisors. If you have the ESX/VMWare components installed on your hosts the the Agentless workflow would be used to protect the guests, but if you do not install the VMWare components in some of your Hosts you could use Mutli-Platform Agent.

           

          Another example could be if you use Agentless on your VMWare hypervisors and also use the Multi-Platform Agent on other technologies such as HyperV or Non-Persistent Citrix VDI.

           

          If you could allude to you environment we could help to suggest an appropriate deployment.

           

          Regards

          Rich

          Certified McAfee Product Specialist - ePO

          McAfee Volunteer Moderator

          • 2. Re: MOVE AV MP and Agentless together
            meforum

            Hi, for my underdstanding when using agentless you have to enable vshield/install on the ESX host (hypervisor) AND on each VM (vmware tools)? Is this correct?

            If yes, then it would be possible to not enable vshield on some hosts I think and use MP instead?

             

            We could prefere MP, but some machines always boot from a clean image - so I guess the best (only?) way to protect them would be agentless?

            • 3. Re: MOVE AV MP and Agentless together
              Richard Carpenter

              If you prefer to use MP, then if the machines are booting from a "clean image" (this is referred to as a non-persistant image) you can install the MP client and enable VDI mode in the image and remove the GUID before you clone it. This way all the Machines are configured from day zero without the need to keep reinstalling all the components each time they boot. You need to make sure you clear the AGent GUID and set the agent mode to VDI (done during the CLI install) to prevent dupliacte machines in your system tree all connecting with the same GUID.

               

              I can provide more details why if this is something which interests you and would be of benefit in your environment.

               

              We use this method in our non-persistant XenDesktop VDI environment and it works very well for us.

               

              Regards

              Rich

              Certified McAfee Product Specialist - ePO

              McAFee Volunteer Moderator

              • 4. Re: MOVE AV MP and Agentless together
                meforum

                yes, thank you. I think we'll do it a similar way (each machine is 'personalised' at boot time by running some scripts/settings etc - and we'll write the regkey with unique GUID at this point) .

                We tend to go for MP - though agentless looks easier for those machines - but I think MP gives more options. Or are there any reasons why we should use agentless instead`?

                 

                Just a nother, different quesion (as my original thread was closed): Does the Data Center Connector (VMWare) work with MP too, or only with agentless (was not clear for me) and also with a local vCenter (no cloud-thing whatever - the product guide always mentions sth with 'cloud account').

                • 5. Re: MOVE AV MP and Agentless together
                  Richard Carpenter

                  hi meforum

                   

                  As you have identified in this instance the MP route would be a better option for you, but you do not need to re-write the AgentGuid, this will be done when the agent starts up at boot time, and I have found that it is best for the agent to do this, since the access protection policies should prevent you from changing the GUID.

                   

                  If you follow the instructions on page 23 here for XenDesktop this will get you to the position you need.

                   

                  I would also install the agent using vdimode=enabled. This helps to de-provision the machine from ePO when the agent closes down at shutdown referenced here

                   

                  Regarding your Data Centre Connector questions, please open a new thread and I can answer there.

                   

                  Many Thanks

                  Regards

                  Rich

                  Certified McAfee Product Specialist - ePO

                  McAfee Volunteer Moderator