This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos for Virtual Environments Security Virtual Machines

I recently installed Sophos for Virtual Environments in my VMware ESX Cluster. I deployed a Security VM on each of my 4 ESXi nodes. I'm confused about how the architecture of this product is supposed to work and would like some clarity.


When installing the agent on my VM's you have to point it to a Security VM. What I am finding is that when I shutdown that security VM the Sophos agent no longer functions.


How does the agent leverage the other Security VM's?


Are these Security VM's supposed to be dedicated to the specific ESX host they were installed on? If I put an ESX host in maintenance mode it just vmotions's the Security VM to another host. My impression was that the Security VM was supposed to handle the AV scanning of any of the VM's on the ESX host in which it is running. This does not seem to be the case.


I can shut down all my Security VM's except the one I pointed to during the agent install and the AV still works.


Am I missing something?

 

 

Thanks



This thread was automatically locked due to age.
Parents
  • I have similar questions that I am trying to get some answers on as well. There is very little real information on how this product actually works outside of a few high level docs. This is supposed to operate a 'hypervisor' level with off-board scanning but there is now a Windows scan service on every VM that you install the agent on. I am not sure how a solution is 'off-board' with an agent and 4 new Windows services operated by a dedicated Sophos account (which is failing for me) on each operating system. 

     

    Another major issue with this new solution is what you stated above. We are now required to designate a SVM to each agent, which makes no sense in a virtual environment due to the fact that if we have a failure event, VMs will be migrated to other physical hosts. So now I am required to either move the VMs back to the original physical host or re-point all of our agents to new security VMs to avoid latency or even the product failing? 

     

    I had a long list of issues that has not gotten a response in a previous forum. 

Reply
  • I have similar questions that I am trying to get some answers on as well. There is very little real information on how this product actually works outside of a few high level docs. This is supposed to operate a 'hypervisor' level with off-board scanning but there is now a Windows scan service on every VM that you install the agent on. I am not sure how a solution is 'off-board' with an agent and 4 new Windows services operated by a dedicated Sophos account (which is failing for me) on each operating system. 

     

    Another major issue with this new solution is what you stated above. We are now required to designate a SVM to each agent, which makes no sense in a virtual environment due to the fact that if we have a failure event, VMs will be migrated to other physical hosts. So now I am required to either move the VMs back to the original physical host or re-point all of our agents to new security VMs to avoid latency or even the product failing? 

     

    I had a long list of issues that has not gotten a response in a previous forum. 

Children
No Data