I can't find any resources on how to deploy the SVE client into a VDI environment?
Is the complete lack of documentation simply because you install it on the master image and thats it?
Cheers
Pete
Hello Pete Long
It is simply following the standard deployment methods to install the Guest VM Agent on a template virtual machine prior to the image being created.
Important. If you are not using the Guest VM Migration functionality introduced in Sophos for Virtual Environments 1.2.0 then please make sure that Guest VMs built from the template VM reside on the same host as the Security Virtual Machine. Although Guest VMs on a different host to their Security Virtual Machine are still fully protected you may notice increased latency when opening files as the scan data will need to traverse the network.
This above was copied from Guest Agent Deployment Methods and we also have a Landing Page which has other help topics.
cheers
Mark
Hi Mark,
Thanks for the reply, I did read that, but just to clarify, it doesn't mention VDI or Horizon. In 'VMware Speak' a template is something very different. e.g. it can be converted to a machine or have a machine cloned from it.
a VDI Image - can be run as a manual pool or dynamic linked clone pool. (I'm sure you already know this) So if its in the base image the same disk is going to be used for many clients? With most other AV providers this is a problem, and we have to change registry keys, or install the agent with a setup-flag, or delete the machine name out of an ini file or something?
Hope that makes sense
pete
We have no issues (nor has any of our customers raised any) with the same disk image being used by many clients and there is no requirement to modify the installed product or install the agent in a specific way to work in a VDI environment.
Sorry to hijack as I was also looking for a similar issue...
We have a very simple VDI setup using VMware Horizon linked clones (single master golden image) and only 1 VDI pool (all users use same Golden image).
I do have 2x ESXi hosts and each already have a SSVM.
But there is no way to enforce which of the deployed VDI-clones go to which ESXi host.
.....
In the past before we moved to Sophos, we had 2 previous solutions...
Older solution uses vShield and therefore agent-less and much easier to manage.
The later requires Agent to be installed into Golden image and will "auto-register" with the AV-vAppliance when linked clones are deployed (using Quickprep to join Domain).
But Sophos seems lacking in features, support and documentation. I have used tests which seems to fail (I was able to download EICAR from web and created EICAR batch files in the VDIs).
Hi adrian yhy
>But there is no way to enforce which of the deployed VDI-clones go to which ESXi host.
With SVE 1.2 the Guest VMs will connect to one of the SVMs it has access too. When you install the guest agent you will be able to determine the SVM(s) the Guest VM will be able to try to connect to. For example you can specify that out of your pool of (say) 10 SVMs, half of the GVMS will connect to 5 and the rest of the GVMS will only try to connect to the other 5. With the migration feature of 1.2, the Guest VMs will connect to the most appropriate SVM based on factors such as latency.
As mentioned in another thread we have plenty of documentation explaining setup and deployment of SVM.
Here are the various documentation, located here https://www.sophos.com/en-us/support/documentation/sophos-for-virtual-environments.aspx?platform=Version-1-2-for-Sophos-Central#Version-1-2-for-Sophos-Central
Depending on if you are using Sophos Central or Sophos Enterprise Control there is a guide
We also have this KBA detailing the methods for deploying the thin agent:
https://community.sophos.com/kb/en-us/125589
If you are deploying using Group Policy deployment. For details, see this Microsoft article: http://support.microsoft.com/kb/816102
Thanks
Mark
I just tried installing the Thin Agent to the "golden image"....
I have tried installing the thin agent leaving the IP address of SVMs blank....the installation finished with error.
It seems we must enter IP address of the SVM-a.
That means that all the Virtual desktops from this Pool (linked clones) will be using that SVM-a regardless of which ESXi host the Virtual desktops are deployed (note that I have 2 ESXi nodes with SVM-a & SVM-b). Also when users log off at the end of the day, that Virtual desktop will be deleted and refreshed randomly to any one of the 2 ESXi hosts.
How then do I use the migration tool to enforce which Virtual desktops or GVMs to which SVM ?
Hello adrian yhy
I think it will be easier if you Contact Support. They will be able to contact you and run you through processes and also check you have the correct parameters set.
Mark
