Using AV products in a View environment with Linked Clones has always been debatable, agents on each machine caused issues checking in and pattern file update storms. A viable solution is to use vSphere Endpoint. From vSphere 5.0 onwards Endpoint has been included in every license edition. This can be used of the server environment as well its not limited to View.
Endpoint is enabled on each ESXi host through vShield Manager. First install vShield Manager, configure it with your vCentre and setup certificates. Once configured use vShield to enable the Endpoints on each ESXi host. Once the Endpoint is configured you can use a AV product to protect the VMs. The VM Tools for each VM needs to be modified to run the Guest Introspection Driver. Below is the steps
First download vShield form the portal, these days it falls under vcloud Networking and Security (vCNS) umbrella. Import the OVF file into vCentre
Give the appliance a name and add it to the correct vCentre and correct folder
Choose a datastore with enough free space on and select networking. The network vShield is on must be able to access vCentre. It will by default be set up using DHCP, I will show you how to change the IP address once its deployed
Once that has imported power on the appliance. The default user name / password is. Note – later versions of vShield ask for a password on OVF deployment.
First step is to change the host name. Once logged in go into ‘config’ mode by typing “en – conf t” Then type “hostname yourhostname”
Exit out and go back into ‘enable’ mode by typing “en”. Set the IP address by typing “setup” and follow the prompts
Exit out and make sure you save the config – “copy running-config startup-config”. Open the C# client and add the vShield plugin. Go to Home and you will see a vShield icon under Solutions and Applications. Open vShield from here or browse to the assigned IP address. Login with
To add the certificate follow my other
From here add the Lookup Service address and the vCentre details. The account used must have vCentre permissions. also add the usual DNS and NTP settings. Once vCentre has added successfully a list of hosts and VMs will appear on the left hand side. Now add the users required to administer vShield, for domain account add the domain prefix
Now the Endpoint must be enabled on the ESXi hosts. One the left hand side click on the host and on the summary page the ‘vShield Endpoint’ will have a ‘Install’ button next to it. Click install and follow the prompts. The host can be online whilst you do this. What for the tasks to complete and move onto the next host.
This is it from a vShield Endpoint point of view. Each VM needs to have the Guest Introspection Driver enabled for Endpoint to protect it. You must modify existing VM Tools installations, for any templates its a good time to change it on those for any new VMs. This can be done using Update Manager
Thats it now a AV product can be installed that integrates with vShield Endpoint