Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 5 replies
  • Subscribers 3 subscribers
  • Views 11566 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos for Virtual Environments 1.2 is available!

MarkToshack

Hello 

We have shipped today Sophos for Virtual Environments 1.2

SVE 1.2 will include new failover capability for your Guest VMs (GVMs), as a quick summary there are 3 main use cases: 

  • Maintain protection for a GVM if it loses connection to its current SVM. So that it can choose another available SVM to provide it with protection. This is to help in the case that either the GVM is migrated or the SVM is powered off etc.
  • The GVM will choose the "best" available SVM from a selection of available SVMs. If a SVM is overloaded the GVMs will find the most appropriate SVM to connect to. 
  • "Anti-clumping" - If an SVM is rebooted, for example due to an upgrade, when that SVM comes back on line the GVMs will redistribute themselves to make use of the available resources. This is to prevent all the GVMs connecting to the rebooted SVM which could cause bottlenecks. 

The trust between SVMs and GVMs are with certificates. With Sophos Endpoint Console you will need to provide a signed certificate chain (help will be provided) 

For Sophos Central management the certificates will be provided directly from Central. 

In this release there is also additional security for the SMB share as part of the installing process. 

Central customers can find the new downloader in "Protect Devices" page. 
SEC customers can log into My Sophos. 

Thanks 

Mark 



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to MarkToshack

    Hi Mark...

    I am using Sophos central (I had clients and recently added servers and now adding VMware and later VDIs into the mix).

    Scenario 1

    If I have 3 ESXi hosts and VMs of various workloads spread across the 3 ESXi hosts (10 low usage VMs, 2 DCs, 3 SQL VMs, 3 ERP VMs) and with vMotion, there is almost no way to determine which VMs are on which host. Is there any Sophos SVM workload gauge ?

    Scenario 2

    If I have a vCenter with 3 sites (HQ, Site-A & Site-B, WAN linked via VPN or MPLS) each with 3 ESXi hosts. As an expansion of "Scenario 1" with the assumption that only 1 SVM was required, would it be recommend to deploy only 1 SVM or 1 SVM per 

  • 0 in reply to adrian yhy

    Scenario 1

    If I have 3 ESXi hosts and VMs of various workloads spread across the 3 ESXi hosts (10 low usage VMs, 2 DCs, 3 SQL VMs, 3 ERP VMs) and with vMotion, there is almost no way to determine which VMs are on which host. Is there any Sophos SVM workload gauge ?

    In central you can view the SVMs and within the details page for each server you can see which Guest VMs are connected to that SVM. 

    Each guest VM will evaluate the list of available Security VMs to determine the following:

    • If it can connect to the Security VM IP address
    • If the Security VM is healthy and can provide scanning services
    • If the Security VM can provide reasonable performance. Security VMs that are likely to degrade scanning performance due to having increased latency are deprioritised

    If it cannot connect to a SVM, or its not heathly, then the GVMs will migrate to another SVM.

    More information can be found within this KBA: https://community.sophos.com/kb/en-us/127955 

     

    Scenario 2

    If I have a vCenter with 3 sites (HQ, Site-A & Site-B, WAN linked via VPN or MPLS) each with 3 ESXi hosts. As an expansion of "Scenario 1" with the assumption that only 1 SVM was required, would it be recommend to deploy only 1 SVM or 1 SVM per 

    The end of the question was cut off, i think you mean "would it be recommend to deploy only 1 SVM or 1 SVM per host" 

    You can have one SVM protecting all of your GVMs, regardless of host, as long as they are on the network and the firewall allows it. 
    However you will not get the failover capability, and depending on your network there might be slow performance. 
    I would recommend at least 2 SVMs per site. So for the 3 sites, the GVMS in those sites will have access to 2 SVMs to failover to.

    As mentioned previously as you do not require a license for the SVMs you can have as many as you like. You could have one SVM per host, so in each site the GVMs have access to 3 SVMs or you can have 2 per hosts to spread the GVMs out. Up to you

  • 0 in reply to MarkToshack

    Hi Mark,

    Thanks...at least a better picture...

    I will try to see how to set the failover of GVMs to different SVMs.

    In scenario2....I have set 2 SVMs per site (which was cut off), that means a total of 6 SVM (2 per site). As this is all using flat network (VMs can see VMs in all sites) I just hope the GVMs will not cross the WAN to failover to SVMs on the other sites.

Unfiltered HTML