VMware vShield Endpoints’ purpose is to provide anti-virus services for your virtual machines, but at the host level, relieving the individual VMs from having to do this themselves.
Follow me

For most of us that regularly use VMware’s vSphere products to create and manage our virtual infrastructure the capabilities that vSphere provides out of the box are pretty phenomenal, especially for those licensed at the higher tiers. Lately, VMware has had to do more and more in response to market pressure they are getting literally from both sides, Microsoft on the virtual infrastructure side and, as they recently acknowledged themselves, Amazon on their burgeoning cloud deployment side. Because of this they have been sweetening the deal for their customers with a couple of handy plug-ins since the release of version 5.1. In this article we’ll look at a good one from a security standpoint, vShield Endpoint.

The deployment of the free product is limited to those who are licensed at the vSphere Enhanced Plus or higher level and are running either vSphere versions 4.1 U3, 5.0 or 5.1. In my environment we’re using 5.1 so any specific tasks will be directed toward that version.

Install vShield Endpoint ^

Prior to even starting with vShield you’ll need to deploy the Security Virtual Machines (SVM) appliance(s) of your choice. Check with your A/V vendor to see their offering. VMware recommends deploying a SVM on each ESX host in your infrastructure. For further deployment instructions please refer to your anti-virus vendor. I will add that when you deploy your SVM appliances in a cluster with Distributed Resources Scheduler (DRS) enabled you will need to make sure you set DRS for these appliances to Disabled so they won’t move at all.

Next you have to download and deploy the vShield Manager virtual appliance. For this you have to download vCloud Networking and Security 5.1.x from the VMware vSphere 5.1 download page. After you start the vShield Manager Virtual Machine and it finished booting you will be prompted to log in so that you can setup the required networking information. Frankly it proved to be the trickiest part to find the documentation with this info as it isn’t provided along with the OVA.

The default credentials are admin:default. You then need to enter the enable command and use the default password again. Finally, enter the setup command and follow through the wizard shown below.

Install VMware vShield Endpoint

Install VMware vShield Endpoint

After completing the wizard it will tell you to log out and back in again. Reality is that the magic takes a while so log out and give it a few minutes. Once you can log back in and ping things, the rest of the setup and administration is web driven.

The first screen that you come to will allow you to edit entries for the Lookup Service (SSO), your vCenter server, NTP Server and optionally a Syslog server. All of these constitute providing servers names/IPs and credentials and is very straight forward. Oddly only NTP required a reboot. Once you add your vCenter server successfully you’ll notice the vShield Plug-in is now available or installed in your VI client.

vShield Plug-in in VMware vCenter

vShield Plug-in in VMware vCenter

The actual protection to your VMs is done via VMware tools, so a deployment of the latest version is required. When VMware tools are deployed a new component, the vShield Thin Agent, will be included. At this point your Virtual Machine will be protected even if it migrates to an unprotected host.

Conclusion ^

The “gotcha” VMware vShield Endpoint doesn’t provide any anti-virus capability itself, but just the path into ESXi for a specialized third party product that they refer to as Security Virtual Machines, or SVM. We are a Trend Micro shop, and while Trend is one of the vendors with a virtual appliance in this space, Deep Security, as far as I can tell it is not included in any of the bundles.

Further, in the case of Trend’s solution for a vSphere Infrastructure with 3 hosts you are looking at adding a grand total of no less than five additional VMs to your infrastructure; vShield Manager, Deep Security Manager for Windows, and three Deep Security Virtual Appliances. For this reason unless you have some serious VMs per host density I have a hard time recommending it for VMware customers in the SMB space.

Resources ^

VMware KB 2036875: Downloading and enabling vShield Endpoint on supported vSphere platforms

vShield Manager 5.1 Quick Start Guide

Trend Micro Deep Security



Leave a reply

Your email address will not be published.


© 4sysops 2006 - 2022


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account