This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos for Virtual Environments 1.2 is available!

Hello 

We have shipped today Sophos for Virtual Environments 1.2

SVE 1.2 will include new failover capability for your Guest VMs (GVMs), as a quick summary there are 3 main use cases: 

  • Maintain protection for a GVM if it loses connection to its current SVM. So that it can choose another available SVM to provide it with protection. This is to help in the case that either the GVM is migrated or the SVM is powered off etc.
  • The GVM will choose the "best" available SVM from a selection of available SVMs. If a SVM is overloaded the GVMs will find the most appropriate SVM to connect to. 
  • "Anti-clumping" - If an SVM is rebooted, for example due to an upgrade, when that SVM comes back on line the GVMs will redistribute themselves to make use of the available resources. This is to prevent all the GVMs connecting to the rebooted SVM which could cause bottlenecks. 

The trust between SVMs and GVMs are with certificates. With Sophos Endpoint Console you will need to provide a signed certificate chain (help will be provided) 

For Sophos Central management the certificates will be provided directly from Central. 

In this release there is also additional security for the SMB share as part of the installing process. 

Central customers can find the new downloader in "Protect Devices" page. 
SEC customers can log into My Sophos. 

Thanks 

Mark 



This thread was automatically locked due to age.
Parents
  • Hi...I need some advise as there seem to be very little documentation on how to properly install and manage Sophos for VMware.

    Issue 1 : 

    I have VMware Std using single vCenter 6.5 with 2 sites (HQ : 2x ESXi & Data Center : 8 ESXi hosts). So do I install 1 SVM for the whole setup OR 1x SVM per site OR 1x SVM per ESXi host ?

    Issue 2 :

    I have 2 VMware ESXi running on vCenter 5.5 using VMware Essentials Plus. There are 3 RHEL 4 VMs on the hosts. Does installing SVM helps ? I cannot install any Sophos agents. Should I revert back to using vShield (agent-less) ?

  • Hello  

    Here are the various documentation, located here https://www.sophos.com/en-us/support/documentation/sophos-for-virtual-environments.aspx?platform=Version-1-2-for-Sophos-Central#Version-1-2-for-Sophos-Central 

    Depending on if you are using Sophos Central or Sophos Enterprise Control there is a guide

    Version 1.2 for Enterprise Console

     
     
    As for your scenarios:
    1. As I do not know how many GVMs you have and what load they are under I cannot really advise, typically we would suggest having multiple SVMs. As SVMs do not require a license you can split up the ESXi hosts in any way you wish.

           eg If you have 2 per ESXi host, you will have 20 SVMs across your infrastructure from which your GVMs can find the best SVM to connect to. 
                If you have one per host then 10 SVMs will be used to protect your GVMs. 

           2. Sophos for Virtual Environments requires the thin agent to perform the fine inspection. Sophos does not support RHEL 4 in either this product of the full SAV for Linux product. 

    Thanks 
     
    Mark 
     
  • Hi Mark...

    I am using Sophos central (I had clients and recently added servers and now adding VMware and later VDIs into the mix).

    Scenario 1

    If I have 3 ESXi hosts and VMs of various workloads spread across the 3 ESXi hosts (10 low usage VMs, 2 DCs, 3 SQL VMs, 3 ERP VMs) and with vMotion, there is almost no way to determine which VMs are on which host. Is there any Sophos SVM workload gauge ?

    Scenario 2

    If I have a vCenter with 3 sites (HQ, Site-A & Site-B, WAN linked via VPN or MPLS) each with 3 ESXi hosts. As an expansion of "Scenario 1" with the assumption that only 1 SVM was required, would it be recommend to deploy only 1 SVM or 1 SVM per 

  • Scenario 1

    If I have 3 ESXi hosts and VMs of various workloads spread across the 3 ESXi hosts (10 low usage VMs, 2 DCs, 3 SQL VMs, 3 ERP VMs) and with vMotion, there is almost no way to determine which VMs are on which host. Is there any Sophos SVM workload gauge ?

    In central you can view the SVMs and within the details page for each server you can see which Guest VMs are connected to that SVM. 

    Each guest VM will evaluate the list of available Security VMs to determine the following:

    • If it can connect to the Security VM IP address
    • If the Security VM is healthy and can provide scanning services
    • If the Security VM can provide reasonable performance. Security VMs that are likely to degrade scanning performance due to having increased latency are deprioritised

    If it cannot connect to a SVM, or its not heathly, then the GVMs will migrate to another SVM.

    More information can be found within this KBA: https://community.sophos.com/kb/en-us/127955 

     

    Scenario 2

    If I have a vCenter with 3 sites (HQ, Site-A & Site-B, WAN linked via VPN or MPLS) each with 3 ESXi hosts. As an expansion of "Scenario 1" with the assumption that only 1 SVM was required, would it be recommend to deploy only 1 SVM or 1 SVM per 

    The end of the question was cut off, i think you mean "would it be recommend to deploy only 1 SVM or 1 SVM per host" 

    You can have one SVM protecting all of your GVMs, regardless of host, as long as they are on the network and the firewall allows it. 
    However you will not get the failover capability, and depending on your network there might be slow performance. 
    I would recommend at least 2 SVMs per site. So for the 3 sites, the GVMS in those sites will have access to 2 SVMs to failover to.

    As mentioned previously as you do not require a license for the SVMs you can have as many as you like. You could have one SVM per host, so in each site the GVMs have access to 3 SVMs or you can have 2 per hosts to spread the GVMs out. Up to you

Reply
  • Scenario 1

    If I have 3 ESXi hosts and VMs of various workloads spread across the 3 ESXi hosts (10 low usage VMs, 2 DCs, 3 SQL VMs, 3 ERP VMs) and with vMotion, there is almost no way to determine which VMs are on which host. Is there any Sophos SVM workload gauge ?

    In central you can view the SVMs and within the details page for each server you can see which Guest VMs are connected to that SVM. 

    Each guest VM will evaluate the list of available Security VMs to determine the following:

    • If it can connect to the Security VM IP address
    • If the Security VM is healthy and can provide scanning services
    • If the Security VM can provide reasonable performance. Security VMs that are likely to degrade scanning performance due to having increased latency are deprioritised

    If it cannot connect to a SVM, or its not heathly, then the GVMs will migrate to another SVM.

    More information can be found within this KBA: https://community.sophos.com/kb/en-us/127955 

     

    Scenario 2

    If I have a vCenter with 3 sites (HQ, Site-A & Site-B, WAN linked via VPN or MPLS) each with 3 ESXi hosts. As an expansion of "Scenario 1" with the assumption that only 1 SVM was required, would it be recommend to deploy only 1 SVM or 1 SVM per 

    The end of the question was cut off, i think you mean "would it be recommend to deploy only 1 SVM or 1 SVM per host" 

    You can have one SVM protecting all of your GVMs, regardless of host, as long as they are on the network and the firewall allows it. 
    However you will not get the failover capability, and depending on your network there might be slow performance. 
    I would recommend at least 2 SVMs per site. So for the 3 sites, the GVMS in those sites will have access to 2 SVMs to failover to.

    As mentioned previously as you do not require a license for the SVMs you can have as many as you like. You could have one SVM per host, so in each site the GVMs have access to 3 SVMs or you can have 2 per hosts to spread the GVMs out. Up to you

Children
  • Hi Mark,

    Thanks...at least a better picture...

    I will try to see how to set the failover of GVMs to different SVMs.

    In scenario2....I have set 2 SVMs per site (which was cut off), that means a total of 6 SVM (2 per site). As this is all using flat network (VMs can see VMs in all sites) I just hope the GVMs will not cross the WAN to failover to SVMs on the other sites.