Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

SEP 12 support for ESX and/or ESXi

  • 1.  SEP 12 support for ESX and/or ESXi

    Posted May 02, 2011 10:19 AM

    Is there any support for vmware esx and or esxi in SEP 12? Preferrably with Vshield integration?



  • 2.  RE: SEP 12 support for ESX and/or ESXi

    Broadcom Employee
    Posted May 02, 2011 10:32 AM

    Hi,

    Are you talking about SBE 12.0 or Beta 12 ?



  • 3.  RE: SEP 12 support for ESX and/or ESXi

    Posted May 02, 2011 10:32 AM

     

     

    VMware support

    Symantec software is supported on VMware.

     

    Table: VMware support


    Symantec software

    VMware support

    Symantec Protection Center and database

    Symantec Protection Center is supported on the following VMware versions:

    • VMware WS 5.0 (workstation) or later

    • VMware GSX 3.2 (enterprise) or later

    • VMware ESX 2.5 (workstation) or later

    Symantec Protection Center is supported on the following guest VMware operating systems:

    • Windows 2000 Professional/Server/Advanced Server SP 3 or later

    • Windows Server 2003 Editions

    • Windows Server 2003 x64 Editions

    • Windows XP Home Edition/Professional

    • Windows XP Professional x64 Edition

    Client

    The client is supported on the following VMware versions:

    • VMware WS 5.0 (workstation) or later

    • VMware GSX 3.2 (enterprise) or later

    • VMware ESX 2.5 (workstation) or later

    The client is supported on the following guest VMware operating systems:

    • Windows 2000 Professional/Server/Advanced Server

    • Windows Server 2003 Editions

    • Windows Server 2003 x64 Editions

    • XP Professional/Home Edition Windows

    • XP Professional x64 Edition

     

     



  • 4.  RE: SEP 12 support for ESX and/or ESXi

    Posted May 02, 2011 11:26 AM

    abnscbnklfoo, This isn't the question.  Did you even read it?

     

    In terms of vShield, I think this is more of "Wishful thinking," than anything.  This technology was announced some 3yrs ago.  To this day, the vendors that actually do anything, are very little to useless in terms of their implementation.  

    All they can do is scan a VM when it's powered off, and only Windows hosts.  What good is that?

    Until we get to true agent less installation, we'll have to use an agent in the guest where appropriate.  

     

    I believe the answer you are looking for is no.

     



  • 5.  RE: SEP 12 support for ESX and/or ESXi

    Posted May 02, 2011 11:45 AM

    Chetan,

     

    Im talking about Symantec endpoint protection 12.1.

    Yes the beta version.



  • 6.  RE: SEP 12 support for ESX and/or ESXi

    Posted May 02, 2011 11:51 AM

    teiva-boy,

    Thank you for your answer.

    I find it unbelievable that Symantec has no vshiled integration.

    the technology is not that hard. But if it only scans shut down machines it is useless indeed.

    And what i actually wanted is indeed agentless AV.

    Simply a management console that monitors all traffic on all Vm's on that host and learns to acknowledge behaviour.

    if something does strange things lock it down or something like that.

    Now we are upgrading Virtual machines and that is taking much resources.

    AV is the top most used application.

    It would be so nice and tremendously cool to have something so that we do not need to install av on each client, but could simply manage the host.

    You got my thumsup.



  • 7.  RE: SEP 12 support for ESX and/or ESXi

    Posted May 02, 2011 12:01 PM

    I believe it is compatible.

    Following are some release notes:-

     

    Symantec Endpoint Protection 12 offers comprehensive defense against all types of attacks and is optimized for performance on virtual systems. Symantec Endpoint Protection 12 can whitelist baseline images, maintain a local Insight cache, randomize scans and updates, and automatically identify and manage virtual clients. This is above and beyond the performance improvements gained with Insight. Together these innovations dramatically reduce the load on virtual hosts, alleviating ‘AV Storms’/concurrent scans from bogging down system resources and allowing for faster, more responsive systems, which can in turn support greater density of virtual instances. Symantec is working closely with VMware to take full advantage of virtualization awareness and introspection capabilities based on VMware vShield™ technology and Symantec Endpoint Protection 12 is the first step along the optimization path for virtual environments.

    Reference: http://www.symantec.com/about/news/release/article.jsp?prid=20110215_01



  • 8.  RE: SEP 12 support for ESX and/or ESXi

    Posted May 02, 2011 01:06 PM
    Thanxs, that is part of my question. Whats left now is were can i find the vshield agent? Thanxs again.


  • 9.  RE: SEP 12 support for ESX and/or ESXi

    Posted May 02, 2011 01:36 PM

    We should have it soon as per the information mentioned in the link of release.

    Kindly refer to the same.

     

    http://www.symantec.com/about/news/release/article.jsp?prid=20110215_01



  • 10.  RE: SEP 12 support for ESX and/or ESXi

    Posted May 02, 2011 02:09 PM

    Hello erikw,

    With the 12.1 release we do not have a Vshield agent but we have several virtual environement enhancements which  should significantly help with overall performance across various hypervisors.  To read about these please check the post https://www-secure.symantec.com/connect/blogs/configuring-sep-121-virtual-environments.

    We greatly appreciate the time you are spending with the beta and the feedback you provide.  If you have further feedback we have created a forum specifically for posting it.  You can find it at http://www.symantec.com/connect/SEP_12_Beta_Group.

     

    Thank you.

    Eric S.



  • 11.  RE: SEP 12 support for ESX and/or ESXi

    Posted May 02, 2011 03:10 PM

    Thanks for the update Eric..!



  • 12.  RE: SEP 12 support for ESX and/or ESXi

    Posted May 02, 2011 07:55 PM

    Are you asking is we support VMware?  Yes - and Citrix and Microsoft virtual environments.  

    However, we don't use vShield - and we won't until it grows up a bit.  vShield Endpoint today is a set of APIs and a device driver to offload file events to a security VM - which sounds great.  Do all you virus scanning in just on vm, no need for an agent in each instance . . . . increase density, less to manage . . . .

    Trouble is that vShield is just about "file events" i.e. scanning files for viruses - no host or network ips, no real time behavioral (i.e. Sonar in SEP 12.1) no client fw, no application control, device control, access control.  So with vShield your giving up a lot of security.  About 50% of our detections come from technologies other than tradional virus scanning - that is a lot of security to give up.

    We are working wiht VMware on a next gen that will allow the advantages of vShield without compromising security - but it won't be in this release.

    The main bottleneck to greater density is disk i/o.  We did a lot to drive disk i/o in this release - reducing it up to 90% through sharing scan results, creating white lists out of gold images and through Insight.  For tips on using SEP in virtual environments - take a look at my blog .  . . https://www-secure.symantec.com/connect/blogs/configuring-sep-121-virtual-environments

    The only vendor that supports vShield today for an agentless approach is Trend Micro - and their detection rates are so low with it that they won't let 3rd party labs test it (true story).



  • 13.  RE: SEP 12 support for ESX and/or ESXi

    Posted Aug 16, 2011 11:27 AM

    Quote 1: (Press Release)

    "Symantec is working closely with VMware to take full advantage of virtualization awareness and introspection capabilities based on VMware vShield™ technology....."

    Quote2:

    "Are you asking is we support VMware? Yes - and Citrix and Microsoft virtual environments. However, we don't use vShield - and we won't until it grows up a bit."

    Hmmmm...

    Feels like your marketing department is trying to blow smoke up our ....!

    I understand that vShield may lack certain features rendering it useless for integration with SEP at this moment. If so, Symantec is not to blame I guess.

    What really frustrates me is your marketing department's attempt (quote1) to fool us into thinking, that there are features in SEP 12 specific to VMware/vShield. But after reading your reply (quote2) I realized that in reality SEP 12 offers zero integration with VMware.

    I just finished reading ‘SEP 12.1 Best Practices in a Virtual Environment’
    https://www-secure.symantec.com/connect/sites/default/files/SEP%2012.1%20Virtualization%20Best%20Practices.pdf .
    Not even once does it refer to vShield, vSphere nor VMware.

    I.M.H.O. generic optimization in SEP 12 improving performance on a(ny) virtual infrastructure does not constitute referring to ‘VMware vShield™ technology’ in the SEP12 press release.

    Suggestive marketing fluff does not impress techies! As a result, any other claim Symantec makes will be met with a lot more skepticism.

    kind regards,

    J. Kuin
    Senior System Administrator
    T-Mobile Netherlands BV