ESET Online Help

Search English
Select the category
Select the topic

VDI, cloning and hardware detection

ESET PROTECT On-Prem supports VDI environments, cloning of machines and non-persistent storage systems. This feature is necessary to set up a flag for the master computer or resolve a question which appears after cloning or a change of hardware.

Until the question is resolved, the client machine is unable to replicate to ESET PROTECT Server. Client only checks if the question is resolved.

Disabling hardware detection is irreversible, use it with the highest caution and only on physical machines!

When resolving multiple questions, use the Status Overview - Questions tile.

Which OSs and hypervisors are supported?


warning

Before you start using VDI with ESET PROTECT On-Prem, read more about supported and unsupported features of various VDI environments in our Knowledgebase article.

Only Windows operating systems are supported.

You can use ESET Full Disk Encryption in a virtual environment, but ESET Full Disk Encryption must not be cloned

Mobile devices managed via MDM are not supported

Linked clones in Virtual Box cannot be distinguished from one another

In very rare cases, detection can be switched off automatically by the ESET PROTECT On-Prem; this happens when ESET PROTECT On-Prem is not able to analyze the hardware reliably

See the list of supported configurations:

oCitrix PVS 7.15+ with physical machines

oCitrix PVS 7.15+ with virtual machines in Citrix XenServer 7.15+

oCitrix PVS 7.15+ and Citrix XenDesktop with Citrix XenServer 7.15+

oCitrix Machine Creation Services

o(without PVS) Citrix XenDesktop with Citrix XenServer 7.15+

oVMware Horizon 8.0+ with VMware ESXi

oMicrosoft SCCM (for re-imaging)

ESET PROTECT On-Prem supports VDI naming patterns for all supported hypervisors

VDI environments

You can use Master machine with ESET Management Agent for a VDI pool. There is no VDI connector needed; all communication is handled via ESET Management Agent. ESET Management Agent must be installed on the Master machine before the VDI pool (machine catalog) is set up.

If you want to create a VDI pool, flag the Master computer in computer details > Virtualization before creating the pool, then select Mark as Master for Cloning > Match with existing computers

If the Master computer is removed from the ESET PROTECT On-Prem, recovery of its identity (cloning) is forbidden and new machines from the pool would get a new identity each time (a new machine entry is created in the Web Console)

When a machine from the VDI pool connects for the first time, it has a mandatory 1 minute connection interval; after the first few replications, the connection interval is inherited from the master

Never disable hardware detection when using the VDI pool

You can have the master machine running along with the cloned computers, to keep it updated


important

Default group for VDI machines

New machines cloned from the Master appear in the static group set in the Cloned Computers Home Group in the Master for Cloning window.

 

vdi

Cloning machines on hypervisor

You can create a clone of a regular machine. Wait for the Question to appear and resolve it by selecting Create new computer only this time.

 

clon

Imaging of systems to physical machines

You can use a Master image with ESET Management Agent installed and deploy it on physical computers. There are two ways to accomplish this:

Create a new computer

Create a new machine in ESET PROTECT On-Prem after each image deployment.

When a clone is detected, the system can react in two ways:

oManually—Resolve each new computer manually in Questions and select Create a new computer every time.

oAutomatically—Flag the Master machine before cloning and select Mark as Master for Cloning > Create new computers.

Match with existing computer

If the image is re-deployed on a machine with previous history in ESET PROTECT On-Prem (that already had ESET Management Agent deployed), this machine is connected to its previous identity in ESET PROTECT On-Prem. If there is no previous identity matched, the system creates a new machine in ESET PROTECT On-Prem after the image is deployed on a new machine.

When a clone is detected, the system can react in two ways:

oManually—Resolve each new computer manually in Questions and select Match with an existing computer every time.

oAutomatically—Flag the Master machine before cloning and select Mark as Master for Cloning > Match with existing computers.


warning

If you have an image (or a template) of your master computer, you must keep it updated. Always update the image after upgrading or re-installing any ESET components on the master machine.

image

Parallel replication

ESET PROTECT Server can recognize and resolve parallel replication of multiple machines to a single identity in ESET PROTECT On-Prem. Such an event is reported to computer details > Alerts ('Multiple connections with identical Agent ID'). There are two ways to resolve this issue:

Use the one-click action available on the alert—computers are divided, and their hardware detection is permanently turned off

In rare cases, even computers with switched-off hardware detection can conflict—if this happens, the Reset cloned agent task is the only option

Run the Reset cloned agent task on the machine, and this will keep you from having to disable hardware detection

Troubleshooting

If you have issues with a VDI clone, perform the VDI troubleshooting steps.