VDI, cloning and hardware detection
ESET PROTECT On-Prem supports VDI environments, cloning of machines and non-persistent storage systems. This feature is necessary to set up a flag for the master computer or resolve a question which appears after cloning or a change of hardware.
•Until the question is resolved, the client machine is unable to replicate to ESET PROTECT Server. Client only checks if the question is resolved.
•Disabling hardware detection is irreversible, use it with the highest caution and only on physical machines!
•When resolving multiple questions, use the Status Overview - Questions tile.
Which OSs and hypervisors are supported?
Before you start using VDI with ESET PROTECT On-Prem, read more about supported and unsupported features of various VDI environments in our Knowledgebase article. |
•Only Windows operating systems are supported.
•You can use ESET Full Disk Encryption in a virtual environment, but ESET Full Disk Encryption must not be cloned
•Mobile devices managed via MDM are not supported
•Linked clones in Virtual Box cannot be distinguished from one another
•In very rare cases, detection can be switched off automatically by the ESET PROTECT On-Prem; this happens when ESET PROTECT On-Prem is not able to analyze the hardware reliably
•See the list of supported configurations:
oCitrix PVS 7.15+ with physical machines
oCitrix PVS 7.15+ with virtual machines in Citrix XenServer 7.15+
oCitrix PVS 7.15+ and Citrix XenDesktop with Citrix XenServer 7.15+
oCitrix Machine Creation Services
o(without PVS) Citrix XenDesktop with Citrix XenServer 7.15+
oVMware Horizon 8.0+ with VMware ESXi
oMicrosoft SCCM (for re-imaging)
•ESET PROTECT On-Prem supports VDI naming patterns for all supported hypervisors
VDI environments
You can use Master machine with ESET Management Agent for a VDI pool. There is no VDI connector needed; all communication is handled via ESET Management Agent. ESET Management Agent must be installed on the Master machine before the VDI pool (machine catalog) is set up.
•If you want to create a VDI pool, flag the Master computer in computer details > Virtualization before creating the pool, then select Mark as Master for Cloning > Match with existing computers
•If the Master computer is removed from the ESET PROTECT On-Prem, recovery of its identity (cloning) is forbidden and new machines from the pool would get a new identity each time (a new machine entry is created in the Web Console)
•When a machine from the VDI pool connects for the first time, it has a mandatory 1 minute connection interval; after the first few replications, the connection interval is inherited from the master
•Never disable hardware detection when using the VDI pool
•You can have the master machine running along with the cloned computers, to keep it updated
Default group for VDI machines New machines cloned from the Master appear in the static group set in the Cloned Computers Home Group in the Master for Cloning window. |
Cloning machines on hypervisor
You can create a clone of a regular machine. Wait for the Question to appear and resolve it by selecting Create new computer only this time.
Imaging of systems to physical machines
You can use a Master image with ESET Management Agent installed and deploy it on physical computers. There are two ways to accomplish this:
Create a new computer
Create a new machine in ESET PROTECT On-Prem after each image deployment.
When a clone is detected, the system can react in two ways:
oManually—Resolve each new computer manually in Questions and select Create a new computer every time.
oAutomatically—Flag the Master machine before cloning and select Mark as Master for Cloning > Create new computers.
Match with existing computer
If the image is re-deployed on a machine with previous history in ESET PROTECT On-Prem (that already had ESET Management Agent deployed), this machine is connected to its previous identity in ESET PROTECT On-Prem. If there is no previous identity matched, the system creates a new machine in ESET PROTECT On-Prem after the image is deployed on a new machine.
When a clone is detected, the system can react in two ways:
oManually—Resolve each new computer manually in Questions and select Match with an existing computer every time.
oAutomatically—Flag the Master machine before cloning and select Mark as Master for Cloning > Match with existing computers.
If you have an image (or a template) of your master computer, you must keep it updated. Always update the image after upgrading or re-installing any ESET components on the master machine. |
Parallel replication
ESET PROTECT Server can recognize and resolve parallel replication of multiple machines to a single identity in ESET PROTECT On-Prem. Such an event is reported to computer details > Alerts ('Multiple connections with identical Agent ID'). There are two ways to resolve this issue:
•Use the one-click action available on the alert—computers are divided, and their hardware detection is permanently turned off
•In rare cases, even computers with switched-off hardware detection can conflict—if this happens, the Reset cloned agent task is the only option
•Run the Reset cloned agent task on the machine, and this will keep you from having to disable hardware detection
Troubleshooting
If you have issues with a VDI clone, perform the VDI troubleshooting steps.