Data Center Connector for vsphere 3.0.0

Product Guide Data Center Connector for vsphere 3.0.0 For use with epolicy Orchestrator 4.6.0, 5.0.0 Software

COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection, McAfee CleanBoot, McAfee DeepSAFE, epolicy Orchestrator, McAfee epo, McAfee EMM, Foundscore, Foundstone, Policy Lab, McAfee QuickClean, Safe Eyes, McAfee SECURE, SecureOS, McAfee Shredder, SiteAdvisor, McAfee Stinger, McAfee Total Protection, TrustedSource, VirusScan, WaveSecure are trademarks or registered trademarks of McAfee, Inc. or its subsidiaries in the United States and other countries. Other names and brands may be claimed as the property of others. Product and feature names and descriptions are subject to change without notice. Please visit mcafee.com for the most current products and features. LICENSE INFORMATION License Agreement NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND. 2 Data Center Connector for vsphere 3.0.0 Product Guide

Contents Preface 5 About this guide.................................. 5 Audience.................................. 5 Conventions................................. 5 Find product documentation.............................. 6 1 Introduction 7 VM security management made easy.......................... 7 Components and what they do............................. 7 2 Installation 9 Requirements.................................... 9 Download the software package............................ 10 Install the extension................................ 10 Register a VMware vcenter account.......................... 10 Registered vcenter details........................... 12 3 Queries and reports 17 Predefined Data Center queries............................ 17 View default queries............................. 18 Dashboards and monitors.............................. 19 Data Center dashboard............................ 19 Index 25 Data Center Connector for vsphere 3.0.0 Product Guide 3

Contents 4 Data Center Connector for vsphere 3.0.0 Product Guide

Preface Contents About this guide Find product documentation About this guide This information describes the guide's target audience, the typographical conventions and icons used in this guide, and how the guide is organized. Audience McAfee documentation is carefully researched and written for the target audience. The information in this guide is intended primarily for: Administrators People who implement and enforce the company's security program. Conventions This guide uses these typographical conventions and icons. Book title, term, emphasis Bold User input, code, message Interface text Hypertext blue Title of a book, chapter, or topic; a new term; emphasis. Text that is strongly emphasized. Commands and other text that the user types; a code sample; a displayed message. Words from the product interface like options, menus, buttons, and dialog boxes. A link to a topic or to an external website. Note: Additional information, like an alternate method of accessing an option. Tip: Suggestions and recommendations. Important/Caution: Valuable advice to protect your computer system, software installation, network, business, or data. Warning: Critical advice to prevent bodily harm when using a hardware product. Data Center Connector for vsphere 3.0.0 Product Guide 5

Preface Find product documentation Find product documentation McAfee provides the information you need during each phase of product implementation, from installation to daily use and troubleshooting. After a product is released, information about the product is entered into the McAfee online KnowledgeBase. Task 1 Go to the McAfee Technical Support ServicePortal at http://mysupport.mcafee.com. 2 Under Self Service, access the type of information you need: To access... User documentation Do this... 1 Click Product Documentation. 2 Select a product, then select a version. 3 Select a product document. KnowledgeBase Click Search the KnowledgeBase for answers to your product questions. Click Browse the KnowledgeBase for articles listed by product and version. 6 Data Center Connector for vsphere 3.0.0 Product Guide

1 1 Introduction Data Center Connector for vsphere includes the components that help you discover and import your virtual infrastructure using McAfee epolicy Orchestrator (McAfee epo ). You can also view the virtualization properties and protection status of your virtual machines. Contents VM security management made easy Components and what they do VM security management made easy Data Center Connector for vsphere discovers and imports both running and stopped machine instances from VMware vcenter to the McAfee epo server. This product integrates the management feature of McAfee epo with the VMware vcenter server, and displays the imported virtual machines and their protection status on McAfee epo. Components and what they do Each component performs specific functions to discover and manage your VMs. epolicy Orchestrator Allows you to register a VMware vcenter account with McAfee epo, so that it establishes a connection with VMware vcenter, which manages the ESXi servers. Data Center Connector for vsphere Integrates the management and automation feature of McAfee epo to discover and manage your guest VMs. Hypervisor (ESXi) Allows multiple operating systems to run concurrently on a hosted system. The hypervisor is a virtual operating platform that manages the execution of the guest operating systems. ESXi are embedded hypervisors for servers that run directly on server hardware, without requiring an additional underlying operating system. VMware vcenter Console that manages the ESXi servers, which host the guest VMs that require protection. Virtual Machines (VMs) Completely isolated guest operating system installation within a normal host operating system, which supports both virtual desktops and virtual servers. Data Center Connector for vsphere 3.0.0 Product Guide 7

1 Introduction Components and what they do 8 Data Center Connector for vsphere 3.0.0 Product Guide

2 Installation 2 To set up your environment for Data Center Connector for vsphere, you must first configure your VMware vcenter console. You then install the Data Center Connector for vsphere extension and register the VMware vcenter account in McAfee epo. Contents Requirements Download the software package Install the extension Register a VMware vcenter account Requirements Make sure your environment includes these components, and that they meet the requirements. Software requirements epolicy Orchestrator 4.6 Patch 2 and later VMware ESXi 4.1 Patch 3 (Optional) VMware ESXi 5.0, 5.1 (Optional) Patch ESXi500 201109402 BG: Updates tools light Patch ESXi500 201109401 BG: Updates esx base VMware vcenter 5.0, 5.1 VMware vsphere Client 5.0, 5.1 (Optional) For details on system requirements and instructions for setting up the epolicy Orchestrator environment, see the installation guide for your version of epolicy Orchestrator. Guest VM operating system requirements VMware Tools 5.0 (Patch 1 ESX500 201109402 BG) For information on the Guest VM operating systems that are supported for VMware vcenter, see VMware's documentation: http://kb.vmware.com/selfservice/microsites/search.do? language=en_us&cmd=displaykc&externalid=1036847 Data Center Connector for vsphere 3.0.0 Product Guide 9

2 Installation Download the software package Download the software package You must download the Data Center Connector for vsphere package before it can be installed on epolicy Orchestrator. Task From the McAfee download site (http://www.mcafee.com/us/downloads/), download the package vsphere_ext_3.0.0.<bldnumber>.zip. If you installed the epolicy Orchestrator server 4.6.x using McAfee Endpoint Advanced Suite Installer (McAfee EASI), the Data Center Connector for vsphere extension is already installed and ready for use in McAfee epo. Install the extension You must install the Data Center Connector for vsphere extension on the McAfee epo server, which then can discover and import your ESXi servers that host the guest VMs. Before you begin Make sure that the extension file is in an accessible location on the network. Task For option definitions, click? in the interface. 1 Log on to the epolicy Orchestrator server as an administrator. 2 Click Menu Software Extensions Install Extension. 3 Browse to and select the extension file vsphere_ext_3.0.0.<bldnumber>.zip, then click OK. The Install Extension page displays the extension name and version details. 4 Click OK. Register a VMware vcenter account It is necessary to register a VMware vcenter account with McAfee epo, so that McAfee epo establishes a connection with VMware vcenter, which manages the ESXi servers, discovers the guest VMs, and displays them in McAfee epo. Before you begin Make sure that you have configured your VMware vcenter server that manages the ESXi servers, which host the guest VMs. The Registered Cloud Accounts option is available only after installing the Data Center Connector for vsphere extension. 10 Data Center Connector for vsphere 3.0.0 Product Guide

Installation Register a VMware vcenter account 2 Task For option definitions, click? in the interface. 1 Log on to the epolicy Orchestrator server as an administrator. 2 Click Menu Configuration Registered Cloud Accounts, then click Add Cloud Account to open the Add Cloud Account page. 3 From the Choose Connector drop down list on the Description page, select vsphere, then click OK. 4 On the vcenter Account Details page, type these details: Account name A name for the VMware vcenter account in McAfee epo. Account names can include characters a z, A Z, 0 9, and [_. ], without space. Server Address IP address or the host name of the available VMware vcenter. (Required) vcenter Username User name of the available VMware vcenter account. (Required) This user's minimum role can be read only. This user can be a domain account. This user can also be a Single Sign On (SSO) user. The default user name of the SSO user is admin@system domain. vcenter Password Password of the available VMware vcenter account. (Required) Connection protocol The protocol required to establish the connection with the VMware vcenter. Sync Interval (In Minutes) Specify the time interval for running subsequent vcenter discovery. Port No The port required to establish the connection with the available VMware vcenter. Tag This is given by the admin to identify the VMs. Tag name can include characters a z, A Z, 0 9, and [_. ], with space. Data Center Connector for vsphere 3.0.0 Product Guide 11

2 Installation Register a VMware vcenter account 5 Click Test Connection to validate VMware vcenter account details and verify that the connection to the VMware vcenter works, then click Next to open the Validate Certificate page. 6 Click Accept to validate the certificate, then click Finish. 7 When prompted to confirm, click OK to register the vcenter account. This registers the VMware vcenter and imports all discovered virtual machines, which are unmanaged, into the McAfee epo System Tree. The instances are imported with the similar structure and hierarchy present in VMware vcenter. The virtual machines that are already added and managed by McAfee epo are retained with the existing policy settings, but the virtualization properties for these machines are added. 8 To view the imported virtual machines, click Menu Systems System Tree in McAfee epo. After the discovery, you can find your vcenter account under the group vsphere. The clusters and hosts from vcenter are logically grouped under each Data Center group in McAfee epo. Registered vcenter details After configuring and registering the VMware vcenter account with McAfee epo, the account details of the registered vcenter are displayed in McAfee epo. Property Name Type Last Successful Sync Last Sync Status Sync Failure Reason Total VMs Running VMs Managed VMs Description Name of the vcenter that you registered in McAfee epo. Type of Data Center Connector. Displays the date and time when the last synchronization between McAfee epo and VCenter occurred. Displays the synchronization status, including Synch Scheduled, Success, In Progress, and Failed. Displays the reason for the McAfee epo vcenter synchronization failure. Displays the number of VMs that are available under the registered vcenter. Displays the number of VMs that are up and running under the registered vcenter. Displays the number of VMs that are managed by McAfee epo. 12 Data Center Connector for vsphere 3.0.0 Product Guide

Installation Register a VMware vcenter account 2 Property Auto Deploy MA Actions Description Specifies if the administrator enabled the Auto deploy McAfee Agent task for the registered vcenter account. Not available in this version. You can edit, delete, and synchronize the vcenter account using McAfee epo. When you delete an account, you can select these options: Delete System Tree group corresponding to this account Deletes all virtual machines and group from this account. Delete Tags Deletes the McAfee epo tags for this account. If you do not select any of these options, this action deletes only the account details. You can view more details of the vcenter account by selecting and adding the required column using the Choose Columns option under System Tree Actions. By default, these columns don't appear under System Tree. Property Agentless AntiMalware Protection Status Description Displays the McAfee MOVE AV Agentless protection status of the client VM: On The VM is protected. Off The VM is not protected. Unknown The protection status is not known. You can view these protection properties after installing the McAfee MOVE AV Agentless 3.0.0 extension only. Management Type Is SVA SVA Deployed System Type VM tool Status HOST AntiMalware Displays whether the client VM is managed by Security Virtual Appliance (SVA). Displays these status details: True VM is an SVA. False VM is not an SVA. N/A For host. Displays the SVA deployment status for host and VM: Yes SVA is deployed to host. No SVA is not deployed to host. N/A For VM. Displays whether the selected system is a host or SVA, or VM. Displays the status of the VM tool on a VM. For host, the status appears as N/A. Displays the host details like IP address of the VM. If the host is selected, the status appears as N/A. Specifies whether the system is in one of these three states. Secure Mode These virtual machines have McAfee Application Control installed and enabled. Flexible These virtual machines have any McAfee anti virus product installed and enabled. Unprotected These virtual machines do not have any McAfee anti virus product enabled. Data Center Connector for vsphere 3.0.0 Product Guide 13

2 Installation Register a VMware vcenter account Property Node Type Firmware Trust Status VMM Trust Status Description Displays whether the selected item is a hypervisor or VM. For details, see the product documentation for Boot Attestation Service. For details, see the product documentation for Boot Attestation Service. You can retrieve and view the registered Data Center details by running the Datacenters query under Menu Reporting Queries and Reports Shared Groups Datacenter. You can view the virtualization properties of the selected virtual machine by navigating to Menu Systems System Tree and double clicking the target virtual machine. 14 Data Center Connector for vsphere 3.0.0 Product Guide

Installation Register a VMware vcenter account 2 You can view the virtualization properties of the selected hypervisor by navigating to Menu Systems System Tree and double clicking the target hypervisor. Data Center Connector for vsphere 3.0.0 Product Guide 15

2 Installation Register a VMware vcenter account 16 Data Center Connector for vsphere 3.0.0 Product Guide

3 3 Queries and reports With the Data Center Connector for vsphere software, you can quickly have a summary view of all the registered Data Centers. Some information contained in the dashboard is actionable, such as the Anti malware status pie chart, while others are informational only, such as the OS distribution pie chart. The predefined queries and dashboards provide out of the box functionality, since they are added to your epolicy Orchestrator server when the software is installed. These queries can be configured to display results in charts or tables, which can also be used as dashboard monitors. Query results can be exported to several formats, any of which can be downloaded or sent as an attachment to an email message. You can also create custom queries based on the properties collected by the Data Center software. For details on how to use custom queries, see the epolicy Orchestrator product documentation for your version of the software. Contents Predefined Data Center queries Dashboards and monitors Predefined Data Center queries You can use predefined queries as is, edit them, or create queries from events and properties stored in the epolicy Orchestrator database. It is not possible to edit the predefined queries in McAfee epo 5.0.0. To create custom queries, your assigned permission set must include the ability to create and edit private queries. Data Center Connector for vsphere 3.0.0 Product Guide 17

3 Queries and reports Predefined Data Center queries Data Center provides these predefined queries: Query Antimalware Status Application Reputation Security Incidents (last 14 days) Datacenters File Integrity Monitoring Status Firewall Status OS Distribution Boot Attestation Status Description Specifies whether the system is in one of these three states. Secure Mode These virtual machines have McAfee Application Control installed and enabled. Flexible These virtual machines have any McAfee anti virus product installed and enabled. Unprotected These virtual machines do not have any McAfee anti virus product enabled. Categorizes the applications based on Global Threat Intelligence (GTI) file reputation: Good Bad Unknown For details on file reputation, see the product documentation for McAfee Application Control. Displays the events reported for these components in the virtual machines in the last 14 days. McAfee Application Control AntiVirus Firewall Memory Protection Displays all registered Data Centers. Displays the number of machines with File Integrity Monitoring (FIM) installed and enabled. For details on FIM, see the product documentation for McAfee Change Control. Specifies whether the system is in one of these two states: Secured These virtual machines have Host Intrusion Prevention (McAfee Agent based) installed. Unprotected These virtual machines do not have Host Intrusion Prevention (McAfee Agent based) installed. The OS Type value appears as the one similar to the template value that was selected while creating the VMs. However, this might not be the actual operating system installed on the VM. Displays the Boot Attestation status of virtual machines. For details, see the product documentation for Boot Attestation Service. View default queries Run the predefined queries to generate reports based on Data Center components. 18 Data Center Connector for vsphere 3.0.0 Product Guide

Queries and reports Dashboards and monitors 3 Task For option definitions, click? in the interface. 1 Log on to the epolicy Orchestrator server as an administrator. 2 Click Menu Reporting Queries & Reports. 3 From the Groups pane, select Data Center to display the queries for the selected group. McAfee epo 4.6 Reports are grouped under Shared Groups. McAfee epo 5.0 Reports are grouped under McAfee Groups. 4 From the Queries list, select a query, then click Run. 5 In the query result page, click any item in the results to drill down further. 6 Click Close when finished. Dashboards and monitors Dashboards, which are comprised of monitors, help you track key metrics from all Data Center products. McAfee epo 4.6 Dashboards are grouped under Private Dashboards. McAfee epo 5.0 Reports are grouped under McAfee Dashboards. Data Center dashboard The Data Center dashboard is added to your McAfee epo server when you install the Data Center software. The dashboard displays a collection of monitors based on the results of the default Data Center software queries. Data Center Connector for vsphere 3.0.0 Product Guide 19

3 Queries and reports Dashboards and monitors These are the default monitors that appear under the Data Center dashboard. Antimalware Status Displays whether the virtual machine is in one of these three states: Secure Mode These virtual machines have McAfee Application Control installed and enabled. Flexible These virtual machines have any McAfee anti virus product installed and enabled. Unprotected These virtual machines do not have any McAfee anti virus product enabled. Application Reputation Categorizes the applications based on GTI file reputation. Good Bad Unknown This dashboard retrieves data from the McAfee Application Control extension. For details on file reputation, see the product documentation for McAfee Application Control. 20 Data Center Connector for vsphere 3.0.0 Product Guide

Queries and reports Dashboards and monitors 3 Security Incidents (last 14 days) Displays events reported for these components in the virtual machines in the last 14 days. McAfee Application Control AntiVirus Firewall Memory Protection Datacenters Displays all registered Data Centers. Data Center Connector for vsphere 3.0.0 Product Guide 21

3 Queries and reports Dashboards and monitors File Integrity Monitoring Status Displays the number of machines with File Integrity Monitoring (FIM) installed and enabled. Enabled File Integrity Monitoring is enabled in these virtual machines. Disabled File Integrity Monitoring is disabled in these virtual machines. Not Installed File Integrity Monitoring is not installed on these virtual machines. For more details on FIM, see the product documentation for McAfee Change Control. Firewall Status Displays whether the system is in one of these two states. Secured These virtual machines have Host Intrusion Prevention (McAfee Agent based) installed. Unprotected These virtual machines do not have Host Intrusion Prevention (McAfee Agent based) installed. 22 Data Center Connector for vsphere 3.0.0 Product Guide

Queries and reports Dashboards and monitors 3 OS Distribution Displays the OS Type value as the one similar to the template value that was selected while creating the VMs. However, this might not be the actual operating system installed on the VM. Boot Attestation Status Displays the Boot Attestation status of vcenter hypervisors. For details, see the product documentation for Boot Attestation Service. Data Center Connector for vsphere 3.0.0 Product Guide 23

3 Queries and reports Dashboards and monitors 24 Data Center Connector for vsphere 3.0.0 Product Guide

Index A about this guide 5 accounts, registering 10 antimalware status dashboard 19 application reputation dashboard, GTI 19 C connector, choosing 10 conventions and icons used in this guide 5 D dashboards antimalware status 19 application reputation 19 boot attestation status 19 Data Center 19 File Integrity Monitoring Status 19 Firewall Status 19 OS Distribution 19 security incidents 19 Data Center Connector for vsphere components 7 installing 9 default queries, displaying 18 documentation audience for this guide 5 product-specific, finding 6 typographical conventions and icons 5 E epolicy Orchestrator components 7 download package 10 install extension 10 requirements 9 ESXi hypervisors 7 requirements 9 extension downloading 10 installing 10 F file reputation 19 FIM (File Integrity Monitoring Status) 19 firewall status 19 G GTI (Global Threat Intelligence), file reputation 19 H hypervisors 10 I installation download software 10 requirements 9 M McAfee ServicePortal, accessing 6 O operating system requirements 9 P protection status, displaying 18, 19 Q queries Data Centers 17 default, viewing 18 OS distribution 17 pie charts 18 S Security incidents dashboard 19 ServicePortal, finding product documentation 6 status firewall 19 trust 19 Data Center Connector for vsphere 3.0.0 Product Guide 25

Index T tags deleting 12 displaying 12 tags, defining 10 Technical Support, finding product information 6 V vcenter account editing and deleting 12 vcenter details 12 virtual machines boot status 10 virtual machines (continued) discovering 10 importing and displaying 7 virtual properties, displaying 10 VMware vcenter details, displaying 12 product component 7 VMware vcenter account 10 registering 10 26 Data Center Connector for vsphere 3.0.0 Product Guide

00