How to Deploy Sophos for Virtual Environments – VMware

How to Deploy Sophos for Virtual Environments – VMware

Sophos for Virtual Environments delivers central security for VMware or Hyper-V virtual machines. Sophos VE provides real-time protection at peak performance by off-loading threat detection to a centralized security virtual machine.

In this walk-through, we will be installing the Sophos Security VM in a VMware environment, deploy the Guest VM agent to protected machines, and test real-time protection.

Install Sophos Security VM

To begin, download the Sophos for Virtual Environments executable from Sophos Central. Run the SVE_ESXi_c_sfx.exe from a machine in your environment.

SVE ESXi

Read and Accept the Sophos EULA.

Sophos VE EULA

Select the destination for the installer and Install. This can be on your local machine.

Sophos VE Destination

Once the installer has completed, the Security VM installation wizard will begin. Click Next to continue.

Sophos Security Wizard

Check the prerequisites for installation and ensure you have credentials to VMware and the ESXi host where the Security VM will reside. Click Next.

Sophos VE Prereqs

Provide the vCenter address and credentials as well as the Security VM name.

Sophos VE vCenter

A security warning will appear if an untrusted SSL is installed.

Sophos VE Cert

Choose the ESXi host where you want the Security VM installed.

Sophos VE ESXi

Select the Management Console you will be using to configure security policies and respond to alerts. We are using Sophos Central.

Sophos VE Central

Enter the Sophos Central Administrator credentials.

Sophos VE Central Creds

Provide a password for access to your Security VM. Note that this password can’t be changed after installation.

Sophos VE Support

Next, create a password for access to the guest agent installer. The guest agent installer will reside in a Public share on the Security VM.Sophos VE Public

Select a Timezone the for the Security VM.

Sophos VE Timezon

Choose the datastore where your Security VM will reside.

Sophos VE DS

Set the network, IP address, subnet mask, and domain suffix for all the networks used by the protected VMs.

Sophos VE IP

Enter the default gateway and DNS server(s) information.

Sophos VE DNS

Guest VMs can move between Security VMs. If you have already or are going to install additional Security VMs, enter their IP addresses here.

Sophos VE Additional

Review the summary and click Install when finished.

Sophos VE Summary

The Security VM will now be deployed to your ESXi host.

Sophos VE Deploy

Once complete, select Finish.

Sophos VE Next

After the Security VM installation, navigate back to Sophos Central and ensure the VM is populated under Server Protection.

Sophos VE Protected

Next, we will install the Sophos Guest VM agent on VMs we want to protect. The Guest VM agent communicates with the Security VM to protect workloads and scan accessed files.

Install Sophos Guest VM Agent on Guest VMs

From the Guest VM you would like to protect, browse to the Public folder on the Security VM.

Sophos VE Public Share

Enter the sophospublic username and password setup during the Security VM installation.

Sophos VE Share Creds

Launch the SVE-Guest-Installer.

Sophos VE Guest Agent

Launch the SVE-Guest-Installer.

Sophos VE Guest Setup

The installation for the Guest Agent will begin.

Sophos VE Guest Progress

Select Finish when completed.

Sophos VE Guest Complete

Verify Sophos for Virtual Environments Protection

Lastly, we will check that our Guest VM is protected. The first way to check is from Windows Security and Maintenance Center on the Guest VM. If the guest VM does not have Windows Security Center, we will check the log folder and then test real-time protection.

Sophos Server Protection

Utilizing the Sophos credentials, you created during the SVE setup, you can access the logs folder. Browse to the Logs folder on the Sophos Security VM and open the ProtectedGVMs document.

Sophos VE Logs

The document should display information for your newly protected Guest VM.

Sophos VE Log Server

Test Sophos Real-time Scanning

Lastly, we will test real-time scanning. To test, follow the EICAR instructions here for creating an anti-malware test file. Paste the 68-character string into a text document and save the document with an obvious name. Once the file is saved, navigate to the Security VM in Sophos Central. You should see a recent event indicating that Malware has been detected.

Sophos VE Realtime Detection

For more information read the Sophos for Virtual Environments Startup Guide

One thought on “How to Deploy Sophos for Virtual Environments – VMware

  1. Thanks for the installation info. We will try it out for our project as we mainly deal with Virtual Environments for our clients. Hope it will will be helpful for us.

    Thanks,

Comments are closed.

Comments are closed.