Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 2 subscribers
  • Views 8626 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SVE - primary and secondary SVM

Jörg Schmitter

Hello

In the next time, the internal AV protection from currently vShield to SVE / SVM will be changed and I have a question. With the announcement of the new version 1.6 it should be possible to set a primary and secondary SVM.

My question; There is the possibility that the TCP / IP address on the guest VM agent can be dynamically changed by means of "GPO" and it is thereby possible to switch from one SVM to another without the Guest VM agent being uninstalled and then again need to be reinstalled? Or do I have to now with the new SVE version with all servers a de-reinstallation of the Guest VM agent, so I can benefit from the advantages of the SVM failover or is there another way, how to configure the virtual server as soon as possible can be adapted? The way also has a significant impact on the migration process.

Furthermore, I'm not (more) sure I must now uninstall the NSX Network Introspection driver from the VMware tools for servers or if this has no effect on future operations if they remain installed.

Thanks for the feedback.



This thread was automatically locked due to age.
Parents
  • 0

    Hello  

    Apologies for the delay, I was working with the Engineering team to ensure we gave you the correct information surrounding your second question. 

    The next version of Sophos for Virtual Environments will have the opportunity to set failover, so if a Guest VM cannot connect to the SVM then it will look for another one to provide protection. We are aiming for Q1 next year. 

    As for your other question: You should experience no problems if you leave the VMware Guest Introspection driver installed alongside SVE. If you are not using any of the functionality provided by the VMware Guest Introspection driver, then removing it reduces the chances of any issues occurring but you do not need to remove it.

    There is a theoretical chance that the presence of the VMware Guest Introspection driver (even if the VMware driver is effectively turned off for all file scanning functionality) alongside our own driver could cause problems on a machine. However, these kinds of interoperability issues are incredibly rare.

    Thanks 

    Mark 

Reply
  • 0

    Hello  

    Apologies for the delay, I was working with the Engineering team to ensure we gave you the correct information surrounding your second question. 

    The next version of Sophos for Virtual Environments will have the opportunity to set failover, so if a Guest VM cannot connect to the SVM then it will look for another one to provide protection. We are aiming for Q1 next year. 

    As for your other question: You should experience no problems if you leave the VMware Guest Introspection driver installed alongside SVE. If you are not using any of the functionality provided by the VMware Guest Introspection driver, then removing it reduces the chances of any issues occurring but you do not need to remove it.

    There is a theoretical chance that the presence of the VMware Guest Introspection driver (even if the VMware driver is effectively turned off for all file scanning functionality) alongside our own driver could cause problems on a machine. However, these kinds of interoperability issues are incredibly rare.

    Thanks 

    Mark 

Children
  • 0 in reply to MarkToshack

    Hello Mark

    Thank you for your reply.

    I would like to report again regarding the configuration of the Guest VM agent by means of GPO, since I did not receive the hoped-for information.

    Are they the possibility that the TCP / IP address on the guest VM agent can be dynamically changed by means of "GPO" and it is thereby possible to switch from one SVM to another without the Guest VM agent being uninstalled and then must be installed again? Or do I have to now with the new SVE version with all servers a de-reinstallation of the Guest VM agent, so I can benefit from the advantages of the SVM failover or is there an other way, to configure the guest VM agent as soon as possible to an other SVM? The way also has a significant impact on the migration process.

    Kind regards
    Jörg

     

     
  • 0 in reply to Jörg Schmitter

    Hello  

    We do not have Group Policy Object support within Sophos for Virtual Environment. I will add it to the feature request list for you. 

    The IP address of the SVM, that is specified when installing the thin agent on the Guest VM, cannot be changed at all, unless reinstalled. 

    Thanks 

     

    Mark 

  • 0 in reply to MarkToshack

    It is very disappointing that this specific feature for handling fail over is taking so long to come out and it really never should have been released in the first place until that was part of it.  We loaded it in our test environment and it really feels half baked.  We are not moving to this newer platform at least until that feature comes out.  

Unfiltered HTML