Data Center Connector for vsphere 3.0.0

(1)

Product Guide

Data Center Connector for vSphere

3.0.0

(2)

COPYRIGHT

McAfee, the McAfee logo, McAfee Active Protection, McAfee CleanBoot, McAfee DeepSAFE, ePolicy Orchestrator, McAfee ePO, McAfee EMM, Foundscore, Foundstone, Policy Lab, McAfee QuickClean, Safe Eyes, McAfee SECURE, SecureOS, McAfee Shredder, SiteAdvisor, McAfee Stinger, McAfee Total Protection, TrustedSource, VirusScan, WaveSecure are trademarks or registered trademarks of McAfee, Inc. or its subsidiaries in the United States and other countries. Other names and brands may be claimed as the property of others.

Product and feature names and descriptions are subject to change without notice. Please visit mcafee.com for the most current products and features. LICENSE INFORMATION

License Agreement

(3)

Preface

Contents

About this guide

Find product documentation

About this guide

This information describes the guide's target audience, the typographical conventions and icons used in this guide, and how the guide is organized.

Audience

McAfee documentation is carefully researched and written for the target audience. The information in this guide is intended primarily for:

• Administrators — People who implement and enforce the company's security program.

Conventions

This guide uses these typographical conventions and icons.

Book title, term,

emphasis Title of a book, chapter, or topic; a new term; emphasis.

Bold Text that is strongly emphasized. User input, code,

message

Commands and other text that the user types; a code sample; a displayed message.

Interface text Words from the product interface like options, menus, buttons, and dialog boxes.

Hypertext blue A link to a topic or to an external website.

Note: Additional information, like an alternate method of accessing an

option.

Tip: Suggestions and recommendations.

Important/Caution: Valuable advice to protect your computer system,

software installation, network, business, or data.

Warning: Critical advice to prevent bodily harm when using a hardware

(6)

Find product documentation

McAfee provides the information you need during each phase of product implementation, from

installation to daily use and troubleshooting. After a product is released, information about the product is entered into the McAfee online KnowledgeBase.

Task

1 Go to the McAfee Technical Support ServicePortal at http://mysupport.mcafee.com.

2 Under Self Service, access the type of information you need:

To access... Do this...

User documentation ₁ _{Click Product Documentation.}

2 Select a product, then select a version.

3 Select a product document.

KnowledgeBase • Click Search the KnowledgeBase for answers to your product questions. • Click Browse the KnowledgeBase for articles listed by product and version.

Preface

(7)

1

Introduction

Data Center Connector for vSphere includes the components that help you discover and import your virtual infrastructure using McAfee®_{ePolicy Orchestrator (McAfee ePO}™_{). You can also view the}

virtualization properties and protection status of your virtual machines. Contents

VM security management made easy Components and what they do

VM security management made easy

Data Center Connector for vSphere discovers and imports both running and stopped machine instances from VMware vCenter to the McAfee ePO server.

This product integrates the management feature of McAfee ePO with the VMware vCenter server, and displays the imported virtual machines and their protection status on McAfee ePO.

Components and what they do

Each component performs specific functions to discover and manage your VMs.

ePolicy Orchestrator — Allows you to register a VMware vCenter account with McAfee ePO, so that it

establishes a connection with VMware vCenter, which manages the ESXi servers.

Data Center Connector for vSphere — Integrates the management and automation feature of

McAfee ePO to discover and manage your guest VMs.

Hypervisor (ESXi) — Allows multiple operating systems to run concurrently on a hosted system. The

hypervisor is a virtual operating platform that manages the execution of the guest operating systems. ESXi are embedded hypervisors for servers that run directly on server hardware, without requiring an additional underlying operating system.

VMware vCenter — Console that manages the ESXi servers, which host the guest VMs that require

protection.

Virtual Machines (VMs) — Completely isolated guest operating system installation within a normal

host operating system, which supports both virtual desktops and virtual servers.

(8)

1

Introduction

(9)

2

Installation

To set up your environment for Data Center Connector for vSphere, you must first configure your VMware vCenter console.

You then install the Data Center Connector for vSphere extension and register the VMware vCenter account in McAfee ePO.

Contents

Requirements

Download the software package Install the extension

Register a VMware vCenter account

Requirements

Make sure your environment includes these components, and that they meet the requirements.

Software requirements

• ePolicy Orchestrator 4.6 Patch 2 and later • VMware ESXi 4.1 Patch 3 (Optional) • VMware ESXi 5.0, 5.1 (Optional)

Patch ESXi500_{‑201109402‑BG: Updates tools‑light} Patch ESXi500_{‑201109401‑BG: Updates esx‑base} • VMware vCenter 5.0, 5.1

• VMware vSphere Client 5.0, 5.1 (Optional)

For details on system requirements and instructions for setting up the ePolicy Orchestrator environment, see the installation guide for your version of ePolicy Orchestrator.

Guest VM operating system requirements

• VMware Tools 5.0 (Patch 1 ESX500_{‑201109402‑BG)}

• For information on the Guest VM operating systems that are supported for VMware vCenter, see VMware's documentation:

http://kb.vmware.com/selfservice/microsites/search.do? language=en_US&cmd=displayKC&externalId=1036847

(10)

Download the software package

You must download the Data Center Connector for vSphere package before it can be installed on ePolicy Orchestrator.

Task

• From the McAfee download site (http://www.mcafee.com/us/downloads/), download the package vSphere_Ext_3.0.0.<bldnumber>.zip.

If you installed the ePolicy Orchestrator server 4.6.x using McAfee®_{Endpoint Advanced Suite}

Installer (McAfee EASI), the Data Center Connector for vSphere extension is already installed and ready for use in McAfee ePO.

Install the extension

You must install the Data Center Connector for vSphere extension on the McAfee ePO server, which then can discover and import your ESXi servers that host the guest VMs.

Before you begin

Make sure that the extension file is in an accessible location on the network.

Task

For option definitions, click ? in the interface.

1 Log on to the ePolicy Orchestrator server as an administrator.

2 Click Menu | Software | Extensions | Install Extension.

3 Browse to and select the extension file vSphere_Ext_3.0.0.<bldnumber>.zip, then click OK. The

Install Extension page displays the extension name and version details. 4 Click OK.

Register a VMware vCenter account

It is necessary to register a VMware vCenter account with McAfee ePO, so that McAfee ePO establishes a connection with VMware vCenter, which manages the ESXi servers, discovers the guest VMs, and displays them in McAfee ePO.

Before you begin

Make sure that you have configured your VMware vCenter server that manages the ESXi servers, which host the guest VMs.

The Registered Cloud Accounts option is available only after installing the Data Center Connector for vSphere extension.

2

Installation

(11)

Task

2 Click Menu | Configuration | Registered Cloud Accounts, then click Add Cloud Account to open the Add Cloud

Account page.

3 From the Choose Connector drop_{‑down list on the Description page, select vSphere, then click OK.}

4 On the vCenter Account Details page, type these details:

• Account name — A name for the VMware vCenter account in McAfee ePO. Account names can include characters a–z, A–Z, 0–9, and [_._{‑], without space.}

• Server Address — IP address or the host name of the available VMware vCenter. (Required) • vCenter Username — User name of the available VMware vCenter account. (Required)

• This user's minimum role can be read only. • This user can be a domain account.

• This user can also be a Single_{‑Sign‑On (SSO) user. The default user name of the SSO user is} admin@system‑domain.

• vCenter Password — Password of the available VMware vCenter account. (Required)

• Connection protocol — The protocol required to establish the connection with the VMware vCenter. • Sync Interval (In Minutes) — Specify the time interval for running subsequent vCenter discovery. • Port No — The port required to establish the connection with the available VMware vCenter. • Tag — This is given by the admin to identify the VMs. Tag name can include characters a–z, A–Z,

0–9, and [_._{‑], with space.}

Installation

(12)

5 Click Test Connection to validate VMware vCenter account details and verify that the connection to the VMware vCenter works, then click Next to open the Validate Certificate page.

6 Click Accept to validate the certificate, then click Finish.

7 When prompted to confirm, click OK to register the vCenter account.

This registers the VMware vCenter and imports all discovered virtual machines, which are

unmanaged, into the McAfee ePO System Tree. The instances are imported with the similar structure and hierarchy present in VMware vCenter.

The virtual machines that are already added and managed by McAfee ePO are retained with the existing policy settings, but the virtualization properties for these machines are added.

8 To view the imported virtual machines, click Menu | Systems | System Tree in McAfee ePO.

After the discovery, you can find your vCenter account under the group vSphere. The clusters and hosts from vCenter are logically grouped under each Data Center group in McAfee ePO.

Registered vCenter details

After configuring and registering the VMware vCenter account with McAfee ePO, the account details of the registered vCenter are displayed in McAfee ePO.

Property Description

Name Name of the vCenter that you registered in McAfee ePO.

Type Type of Data Center Connector.

Last Successful Sync Displays the date and time when the last synchronization between McAfee ePO and

VCenter occurred.

Last Sync Status Displays the synchronization status, including Synch Scheduled, Success, In Progress, and

Failed.

Sync Failure Reason Displays the reason for the McAfee ePO_{‑vCenter synchronization failure.} Total VMs Displays the number of VMs that are available under the registered vCenter.

2

Installation

(13)

Auto Deploy MA Specifies if the administrator enabled the Auto deploy McAfee Agent task for the registered vCenter account. Not available in this version.

Actions You can edit, delete, and synchronize the vCenter account using McAfee ePO.

When you delete an account, you can select these options:

• Delete System Tree group corresponding to this account — Deletes all virtual machines and group from this account.

• Delete Tags — Deletes the McAfee ePO tags for this account.

If you do not select any of these options, this action deletes only the account details.

You can view more details of the vCenter account by selecting and adding the required column using the Choose Columns option under System Tree | Actions. By default, these columns don't appear under System

Tree.

Agentless AntiMalware

Protection Status Displays the McAfee MOVE AV Agentless protection status of the client VM:_{• On — The VM is protected.}

• Off — The VM is not protected.

• Unknown — The protection status is not known.

You can view these protection properties after installing the McAfee MOVE AV Agentless 3.0.0 extension only.

Management Type Displays whether the client VM is managed by Security Virtual Appliance (SVA).

Is SVA Displays these status details: • True — VM is an SVA. • False — VM is not an SVA. • N/A — For host.

SVA Deployed Displays the SVA deployment status for host and VM: • Yes — SVA is deployed to host.

• No — SVA is not deployed to host. • N/A — For VM.

System Type Displays whether the selected system is a host or SVA, or VM.

VM tool Status Displays the status of the VM tool on a VM. For host, the status appears as N/A.

HOST Displays the host details like IP address of the VM. If the host is selected, the status appears as N/A.

AntiMalware Specifies whether the system is in one of these three states.

• Secure Mode — These virtual machines have McAfee Application Control installed and enabled.

• Flexible — These virtual machines have any McAfee anti_{‑virus product installed} and enabled.

• Unprotected — These virtual machines do not have any McAfee anti_{‑virus product} enabled.

Installation

(14)

Node Type Displays whether the selected item is a hypervisor or VM.

Firmware Trust Status For details, see the product documentation for Boot Attestation Service. VMM Trust Status For details, see the product documentation for Boot Attestation Service. You can retrieve and view the registered Data Center details by running the Datacenters query under

Menu | Reporting | Queries and Reports | Shared Groups | Datacenter.

You can view the virtualization properties of the selected virtual machine by navigating to Menu |

Systems | System Tree and double_{‑clicking the target virtual machine.}

2

Installation

(15)

You can view the virtualization properties of the selected hypervisor by navigating to Menu | Systems |

System Tree and double_{‑clicking the target hypervisor.}

Installation

(16)

2

Installation

(17)

3

Queries and reports

With the Data Center Connector for vSphere software, you can quickly have a summary view of all the registered Data Centers.

Some information contained in the dashboard is actionable, such as the Anti malware status pie chart, while others are informational only, such as the OS distribution pie chart.

The predefined queries and dashboards provide out_{‑of‑the‑box functionality, since they are added to} your ePolicy Orchestrator server when the software is installed. These queries can be configured to display results in charts or tables, which can also be used as dashboard monitors. Query results can be exported to several formats, any of which can be downloaded or sent as an attachment to an email message.

You can also create custom queries based on the properties collected by the Data Center software. For details on how to use custom queries, see the ePolicy Orchestrator product documentation for your version of the software.

Contents

Predefined Data Center queries Dashboards and monitors

Predefined Data Center queries

You can use predefined queries as is, edit them, or create queries from events and properties stored in the ePolicy Orchestrator database.

It is not possible to edit the predefined queries in McAfee ePO 5.0.0.

To create custom queries, your assigned permission set must include the ability to create and edit private queries.

(18)

Data Center provides these predefined queries:

Query Description

Antimalware Status Specifies whether the system is in one of these three states.

• Secure Mode — These virtual machines have McAfee Application Control installed and enabled.

• Flexible — These virtual machines have any McAfee anti_{‑virus product installed} and enabled.

• Unprotected — These virtual machines do not have any McAfee anti_{‑virus product} enabled.

Application Reputation Categorizes the applications based on Global Threat Intelligence (GTI) file

reputation: • Good • Bad • Unknown

For details on file reputation, see the product documentation for McAfee Application Control.

Security Incidents (last 14 days)

Displays the events reported for these components in the virtual machines in the last 14 days.

• McAfee Application Control • AntiVirus

• Firewall

• Memory Protection

Datacenters Displays all registered Data Centers.

File Integrity Monitoring Status

Displays the number of machines with File Integrity Monitoring (FIM) installed and enabled.

For details on FIM, see the product documentation for McAfee Change Control.

Firewall Status Specifies whether the system is in one of these two states:

• Secured — These virtual machines have Host Intrusion Prevention (McAfee Agent_{‑based) installed.}

• Unprotected — These virtual machines do not have Host Intrusion Prevention (McAfee Agent_{‑based) installed.}

OS Distribution The OS Type value appears as the one similar to the template value that was selected while creating the VMs. However, this might not be the actual operating system installed on the VM.

Boot Attestation Status Displays the Boot Attestation status of virtual machines. For details, see the

product documentation for Boot Attestation Service.

View default queries

Run the predefined queries to generate reports based on Data Center components.

3

Queries and reports

(19)

Task

2 Click Menu | Reporting | Queries & Reports.

3 From the Groups pane, select Data Center to display the queries for the selected group.

McAfee ePO 4.6 — Reports are grouped under Shared Groups. McAfee ePO 5.0 — Reports are grouped under McAfee Groups. 4 From the Queries list, select a query, then click Run.

5 In the query result page, click any item in the results to drill down further.

6 Click Close when finished.

Dashboards and monitors

Dashboards, which are comprised of monitors, help you track key metrics from all Data Center products.

McAfee ePO 4.6 — Dashboards are grouped under Private Dashboards. McAfee ePO 5.0 — Reports are grouped under McAfee Dashboards.

Data Center dashboard

The Data Center dashboard is added to your McAfee ePO server when you install the Data Center software.

The dashboard displays a collection of monitors based on the results of the default Data Center software queries.

(20)

These are the default monitors that appear under the Data Center dashboard.

• Antimalware Status — Displays whether the virtual machine is in one of these three states:

• Secure Mode — These virtual machines have McAfee Application Control installed and enabled. • Flexible — These virtual machines have any McAfee anti_{‑virus product installed and enabled.} • Unprotected — These virtual machines do not have any McAfee anti_{‑virus product enabled.}

• Application Reputation — Categorizes the applications based on GTI file reputation. • Good

• Bad • Unknown

This dashboard retrieves data from the McAfee Application Control extension.

3

(21)

• Security Incidents (last 14 days) — Displays events reported for these components in the virtual machines in the last 14 days.

• McAfee Application Control • AntiVirus

• Firewall

• Memory Protection

• Datacenters — Displays all registered Data Centers.

(22)

• File Integrity Monitoring Status — Displays the number of machines with File Integrity Monitoring (FIM) installed and enabled.

• Enabled — File Integrity Monitoring is enabled in these virtual machines. • Disabled — File Integrity Monitoring is disabled in these virtual machines.

• Not Installed — File Integrity Monitoring is not installed on these virtual machines.

For more details on FIM, see the product documentation for McAfee Change Control.

• Firewall Status — Displays whether the system is in one of these two states.

• Secured — These virtual machines have Host Intrusion Prevention (McAfee Agent_‑based) installed.

• Unprotected — These virtual machines do not have Host Intrusion Prevention (McAfee Agent_{‑based) installed.}

3

(23)

• OS Distribution — Displays the OS Type value as the one similar to the template value that was selected while creating the VMs. However, this might not be the actual operating system installed on the VM.

• Boot Attestation Status — Displays the Boot Attestation status of vCenter hypervisors. For details, see the product documentation for Boot Attestation Service.

(24)

3

(25)

Index

A

about this guide 5

accounts, registering 10

antimalware status dashboard 19

application reputation dashboard, GTI 19

C

connector, choosing 10

conventions and icons used in this guide 5

D

dashboards

antimalware status 19

application reputation 19

boot attestation status 19

Data Center 19

File Integrity Monitoring Status 19

Firewall Status 19

OS Distribution 19

security incidents 19

Data Center Connector for vSphere components 7

installing 9

default queries, displaying 18

documentation

audience for this guide 5

product-specific, finding 6

typographical conventions and icons 5

E

ePolicy Orchestrator components 7 download package 10 install extension 10 requirements 9 ESXi hypervisors 7 requirements 9 extension downloading 10 installing 10

F

file reputation 19

FIM (File Integrity Monitoring Status) 19

firewall status 19

G

GTI (Global Threat Intelligence), file reputation 19

H

hypervisors 10

I

installation download software 10 requirements 9

M

McAfee ServicePortal, accessing 6

O

operating system requirements 9

P

protection status, displaying 18, 19

Q

queries Data Centers 17 default, viewing 18 OS distribution 17 pie charts 18

S

Security incidents dashboard 19

ServicePortal, finding product documentation 6

status firewall 19

(26)

T

V

vCenter account

editing and deleting 12

vCenter details 12

virtual machines boot status 10

virtual machines (continued) discovering 10

importing and displaying 7

virtual properties, displaying 10

VMware vCenter

details, displaying 12

product component 7

VMware vCenter account 10

registering 10

(27)