How to Deploy Sophos for Virtual Environments – VMware
Sophos for Virtual Environments delivers central security for VMware or Hyper-V virtual machines. Sophos VE provides real-time protection at peak performance by off-loading threat detection to a centralized security virtual machine.
In this walk-through, we will be installing the Sophos Security VM in a VMware environment, deploy the Guest VM agent to protected machines, and test real-time protection.
Install Sophos Security VM
To begin, download the Sophos for Virtual Environments executable from Sophos Central. Run the SVE_ESXi_c_sfx.exe from a machine in your environment.
Read and Accept the Sophos EULA.
Select the destination for the installer and Install. This can be on your local machine.
Once the installer has completed, the Security VM installation wizard will begin. Click Next to continue.
Check the prerequisites for installation and ensure you have credentials to VMware and the ESXi host where the Security VM will reside. Click Next.
Provide the vCenter address and credentials as well as the Security VM name.
A security warning will appear if an untrusted SSL is installed.
Choose the ESXi host where you want the Security VM installed.
Select the Management Console you will be using to configure security policies and respond to alerts. We are using Sophos Central.
Enter the Sophos Central Administrator credentials.
Provide a password for access to your Security VM. Note that this password can’t be changed after installation.
Next, create a password for access to the guest agent installer. The guest agent installer will reside in a Public share on the Security VM.
Select a Timezone the for the Security VM.
Choose the datastore where your Security VM will reside.
Set the network, IP address, subnet mask, and domain suffix for all the networks used by the protected VMs.
Enter the default gateway and DNS server(s) information.
Guest VMs can move between Security VMs. If you have already or are going to install additional Security VMs, enter their IP addresses here.
Review the summary and click Install when finished.
The Security VM will now be deployed to your ESXi host.
Once complete, select Finish.
After the Security VM installation, navigate back to Sophos Central and ensure the VM is populated under Server Protection.
Next, we will install the Sophos Guest VM agent on VMs we want to protect. The Guest VM agent communicates with the Security VM to protect workloads and scan accessed files.
Install Sophos Guest VM Agent on Guest VMs
From the Guest VM you would like to protect, browse to the Public folder on the Security VM.
Enter the sophospublic username and password setup during the Security VM installation.
Launch the SVE-Guest-Installer.
Launch the SVE-Guest-Installer.
The installation for the Guest Agent will begin.
Select Finish when completed.
Verify Sophos for Virtual Environments Protection
Lastly, we will check that our Guest VM is protected. The first way to check is from Windows Security and Maintenance Center on the Guest VM. If the guest VM does not have Windows Security Center, we will check the log folder and then test real-time protection.
Utilizing the Sophos credentials, you created during the SVE setup, you can access the logs folder. Browse to the Logs folder on the Sophos Security VM and open the ProtectedGVMs document.
The document should display information for your newly protected Guest VM.
Test Sophos Real-time Scanning
Lastly, we will test real-time scanning. To test, follow the EICAR instructions here for creating an anti-malware test file. Paste the 68-character string into a text document and save the document with an obvious name. Once the file is saved, navigate to the Security VM in Sophos Central. You should see a recent event indicating that Malware has been detected.
For more information read the Sophos for Virtual Environments Startup Guide
One thought on “How to Deploy Sophos for Virtual Environments – VMware”
Thanks for the installation info. We will try it out for our project as we mainly deal with Virtual Environments for our clients. Hope it will will be helpful for us.
Thanks,
Comments are closed.