Thread Info
  • State Verified Answer
  • +3 person also asked this people also asked this
  • Locked Locked
  • Replies 3 replies
  • Subscribers 5 subscribers
  • Views 14003 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos for Virtual Environments Security Virtual Machines

Frank Marotta

I recently installed Sophos for Virtual Environments in my VMware ESX Cluster. I deployed a Security VM on each of my 4 ESXi nodes. I'm confused about how the architecture of this product is supposed to work and would like some clarity.


When installing the agent on my VM's you have to point it to a Security VM. What I am finding is that when I shutdown that security VM the Sophos agent no longer functions.


How does the agent leverage the other Security VM's?


Are these Security VM's supposed to be dedicated to the specific ESX host they were installed on? If I put an ESX host in maintenance mode it just vmotions's the Security VM to another host. My impression was that the Security VM was supposed to handle the AV scanning of any of the VM's on the ESX host in which it is running. This does not seem to be the case.


I can shut down all my Security VM's except the one I pointed to during the agent install and the AV still works.


Am I missing something?

 

 

Thanks



This thread was automatically locked due to age.
  • 0

    I have similar questions that I am trying to get some answers on as well. There is very little real information on how this product actually works outside of a few high level docs. This is supposed to operate a 'hypervisor' level with off-board scanning but there is now a Windows scan service on every VM that you install the agent on. I am not sure how a solution is 'off-board' with an agent and 4 new Windows services operated by a dedicated Sophos account (which is failing for me) on each operating system. 

     

    Another major issue with this new solution is what you stated above. We are now required to designate a SVM to each agent, which makes no sense in a virtual environment due to the fact that if we have a failure event, VMs will be migrated to other physical hosts. So now I am required to either move the VMs back to the original physical host or re-point all of our agents to new security VMs to avoid latency or even the product failing? 

     

    I had a long list of issues that has not gotten a response in a previous forum. 

  • +1

    Hi,

     

    There isn't any load balancing built in to the SVE product - the Guest VMs will send the files for scanning to their assigned SVM.

     

    The SVM that a Guest VM is pointed to can be anywhere on the network, but the bandwidth must be able to support high speeds between the two nodes so that the file can be sent, scanned and the response sent back in a timely fashion, otherwise you may encounter performance issues. With the SVE product, there isn't any need for the SVM to be on the same physical host as the GVMs, although SVMs on the same physical host will respond quicker to GVMs.

     

    Hope this helps.

     

  • 0 in reply to Nero

    What is "high speeds"?

    1G/10G/40G/etc...?

Unfiltered HTML