Product Guide

Boot Attestation Service 3.0.0For use with ePolicy Orchestrator 4.6.0, 5.0.0 Software

COPYRIGHTCopyright © 2013 McAfee, Inc. Do not copy without permission.

TRADEMARK ATTRIBUTIONSMcAfee, the McAfee logo, McAfee Active Protection, McAfee CleanBoot, McAfee DeepSAFE, ePolicy Orchestrator, McAfee ePO, McAfee EMM, Foundscore,Foundstone, Policy Lab, McAfee QuickClean, Safe Eyes, McAfee SECURE, SecureOS, McAfee Shredder, SiteAdvisor, McAfee Stinger, McAfee TotalProtection, TrustedSource, VirusScan, WaveSecure are trademarks or registered trademarks of McAfee, Inc. or its subsidiaries in the United States andother countries. Other names and brands may be claimed as the property of others.

Product and feature names and descriptions are subject to change without notice. Please visit mcafee.com for the most current products and features.

LICENSE INFORMATION

License AgreementNOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETSFORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOUHAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOURSOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR AFILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SETFORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OFPURCHASE FOR A FULL REFUND.

2 Boot Attestation Service 3.0.0 Product Guide

Contents

Preface 5About this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Find product documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

1 Introduction 7Boot attestation made easy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Components and what they do . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

2 Installation and configuration 9Overview of the installation and configuration process . . . . . . . . . . . . . . . . . . . 9Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10Download the software packages . . . . . . . . . . . . . . . . . . . . . . . . . . . 10Set up the Boot Attestation server . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Deploy using ESXi . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Whitelist ESXi host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Install the extension . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14Register the Boot Attestation server with McAfee ePO . . . . . . . . . . . . . . . . . . . 15Register a VMware vCenter account . . . . . . . . . . . . . . . . . . . . . . . . . . 15Viewing account details and boot status . . . . . . . . . . . . . . . . . . . . . . . . 17Edit or delete Boot Attestation host mapping . . . . . . . . . . . . . . . . . . . . . . . 18

3 Dashboard 21Boot Attestation Service dashboard . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Index 23

Boot Attestation Service 3.0.0 Product Guide 3

Contents

4 Boot Attestation Service 3.0.0 Product Guide

Preface

Contents About this guide Find product documentation

About this guideThis information describes the guide's target audience, the typographical conventions and icons usedin this guide, and how the guide is organized.

AudienceMcAfee documentation is carefully researched and written for the target audience.

The information in this guide is intended primarily for:

• Administrators — People who implement and enforce the company's security program.

ConventionsThis guide uses these typographical conventions and icons.

Book title, term,emphasis

Title of a book, chapter, or topic; a new term; emphasis.

Bold Text that is strongly emphasized.

User input, code,message

Commands and other text that the user types; a code sample; a displayedmessage.

Interface text Words from the product interface like options, menus, buttons, and dialogboxes.

Hypertext blue A link to a topic or to an external website.

Note: Additional information, like an alternate method of accessing anoption.

Tip: Suggestions and recommendations.

Important/Caution: Valuable advice to protect your computer system,software installation, network, business, or data.

Warning: Critical advice to prevent bodily harm when using a hardwareproduct.

Boot Attestation Service 3.0.0 Product Guide 5

Find product documentationMcAfee provides the information you need during each phase of product implementation, frominstallation to daily use and troubleshooting. After a product is released, information about the productis entered into the McAfee online KnowledgeBase.

Task1 Go to the McAfee Technical Support ServicePortal at http://mysupport.mcafee.com.

2 Under Self Service, access the type of information you need:

To access... Do this...

User documentation 1 Click Product Documentation.

2 Select a product, then select a version.

3 Select a product document.

KnowledgeBase • Click Search the KnowledgeBase for answers to your product questions.

• Click Browse the KnowledgeBase for articles listed by product and version.

PrefaceFind product documentation

6 Boot Attestation Service 3.0.0 Product Guide

1 Introduction

McAfee Boot Attestation Service provides a secure mechanism to verify the boot trust of VMWare ESXion host servers in a Data Center. It is targeted for Intel

®

servers built with Intel®

Trusted ExecutionTechnology (Intel

®

TXT).

This mechanism verifies that only trusted and certified applications figure in the OS boot‑up sequence.For details on how Intel

®

TXT works and related use cases, see www.intel.com/TXT.

Contents Boot attestation made easy Components and what they do

Boot attestation made easyBoot Attestation Service verifies the launch‑time measurements of the platform with VMWare ESXihypervisors.

The purpose of this attestation is:

• Boot verification

• Reporting

• Compliance

This activity takes place in VMware environments. The cloud/virtualization resource schedulers, SIEMs,and policy engines can use the attestation solution.

Components and what they doEach component performs specific functions to verify the trust of VMWare ESXi hypervisors.

• ePolicy Orchestrator — Allows you configure Boot Attestation Service, perform host mapping,and display the boot attestation status of the virtual environment.

• Boot Attestation Service — Provides a secure mechanism to whitelist an ESXi host and toretrieve the boot attestation status of the virtual machines and report it to the McAfee ePO server.

• Data Center Connector for vSphere — Integrates the management and automation feature ofMcAfee ePO to discover and manage your guest VMs.

• Hypervisor (ESXi) — Allows multiple operating systems to run concurrently on a hosted system.The hypervisor is a virtual operating platform that manages the execution of the guest operatingsystems. ESXi are embedded hypervisors for servers that run directly on server hardware withoutrequiring an additional underlying operating system.

1

Boot Attestation Service 3.0.0 Product Guide 7

• VMware vCenter — Console that manages the ESXi servers, which host the guest VMs thatrequire protection.

• Virtual Machines (VMs) — Completely isolated guest operating system installation within anormal host operating system that supports both virtual desktops and virtual servers.

1 IntroductionComponents and what they do

8 Boot Attestation Service 3.0.0 Product Guide

2 Installation and configuration

Before you set up your environment for Boot Attestation Service, you must first configure yourVMware vCenter console, which manages the ESXi servers.

Contents Overview of the installation and configuration process Requirements Download the software packages Set up the Boot Attestation server Install the extension Register the Boot Attestation server with McAfee ePO Register a VMware vCenter account Viewing account details and boot status Edit or delete Boot Attestation host mapping

Overview of the installation and configuration processThe Data Center Connector for vSphere extension is installed on the McAfee® ePolicy Orchestratorserver (McAfee ePO™) for the virtual machine discovery functionality. This is necessary beforeregistering the Boot Attestation server and configuring the host mapping.

The overall Boot Attestation Service installation and ESXi deployment process can be simplified intothese steps, assuming that the user already McAfee ePO.

1 Set up and configure Boot Attestation Server.

a Import the OVA package.

b Register and trust the McAfee ePO server.

c Create a whitelist for Known Good Host.

2 Install the Data Center Connector for the vSphere extension on McAfee ePO.

3 Register the Boot Attestation server on McAfee ePO.

4 Register a VMware vCenter account on McAfee ePO. As as a result, McAfee ePO discovers, imports,and displays the guest VMs under System Tree.

2

Boot Attestation Service 3.0.0 Product Guide 9

5 Retrieve and view the boot status of the host. You can view the boot status, like Trusted, Untrusted,Unknown, or Error.• If your trust status is Unknown, check whether the host is whitelisted as a Good Known Host.

• If your trust status is Error, the McAfee ePO server is unable to get the boot attestation statusfrom the Boot Attestation server. You must now perform the Boot Attestation host mapping, sothat the corrected boot status of the host is verified and displayed.

6 You can view the boot attestation status details in the McAfee ePO dashboard.

RequirementsMake sure that your environment includes these components, and that they meet the requirements.

Software requirements

• ePolicy Orchestrator 4.6 Patch 2 and later

• vCenter Server/ESXi — 5.1.0b (947939 and later)

• VMware vSphere Client 5.1

• MySQL Connector — Download the latest version available. The minimum supported version isConnector/J 5.1.25.

For details on system requirements and instructions for setting up the ePolicy Orchestratorenvironment, see McAfee ePolicy Orchestrator Installation Guide.

For Intel®

TXT and TPM hardware requirement details, see

http://www.intel.com/content/dam/www/public/us/en/documents/datasheets/trusted‑execution‑technology‑server‑platforms‑matrix.pdf.

Download the software packagesYou must download the Data Center Connector for vSphere and the open virtual appliance (OVF)package before they can be installed on ePolicy Orchestrator.

Task• From the McAfee download site (http://www.mcafee.com/us/downloads/), download these

packages.

• vSphere_Ext_3.0.0.<bldnumber>.zip

• Boot_Attestation_Server_<version number>.zip

If you installed the ePolicy Orchestrator server 4.6.x using McAfee® Endpoint Advanced SuiteInstaller (McAfee EASI), the Data Center Connector for vSphere extension is already installed andready for use in McAfee ePO.

2 Installation and configurationRequirements

10 Boot Attestation Service 3.0.0 Product Guide

Set up the Boot Attestation serverYou must deploy the open virtual appliance (OVA) package and set up the Boot Attestation serverbefore you can configure the Boot Attestation server on McAfee ePO.

Tasks• Deploy using ESXi on page 11

Deploy the OVF, which is included with the product, from the vSphere client to a hypervisor.The vSphere Client must be connected to the vCenter server, not directly to a hypervisor.

• Whitelist ESXi host on page 13To retrieve the boot status of an ESXi host, add this host as a Good Known Host. This processis known as whitelisting the ESXi host.

Deploy using ESXiDeploy the OVF, which is included with the product, from the vSphere client to a hypervisor. ThevSphere Client must be connected to the vCenter server, not directly to a hypervisor.

Before you begin• From the McAfee download site, download and extract the contents of

Boot_Attestation_Server_<version number>.zip.

• Make sure that your ESXi host, where you import the OVA, has Internet connection.

• Make sure that you follow these steps to download the latest MySQL Connector andhave it ready to be used when deploying the OVF.

• Go to http://dev.mysql.com/downloads/connector/j/.

• From Select Platform, select Platform Independent.

• Click Download in Platform Independent (Architecture Independent), Compressed TAR Archive to openthe Begin Your Download page. From this page you can click Login or Signup, or No thanks,just start my download, and download the MySQL connector.

• Copy the download link and provide it in the MySQL Connector URL field in the Propertiespage. Download link example: http://cdn.mysql.com/Downloads/Connector‑J/mysql‑connector‑java‑5.1.25.tar.gz.

Task1 From the vSphere client, select the resource pool on the hypervisor where you want to deploy the

OVA, then click File | Deploy OVF Template to open the OVF wizard.

The vSphere Client must be connected to a vCenter server to successfully deploy the OVA.

2 Apply these settings to deploy the OVF:

For thisoption...

Do this...

Source Browse to and select the Boot_Attestation_Server_<version number>.ova file.

OVF TemplateDetails

Review details about the OVA.

Name andLocation

Specify the name of the hypervisor and the inventory location.

Disk Format Select the format for disk provisioning.

Installation and configurationSet up the Boot Attestation server 2

Boot Attestation Service 3.0.0 Product Guide 11

For thisoption...

Do this...

Properties Specify these Boot Attestation server details on the Properties page:• McAfee ePolicy Orchestrator IP — IP address of the ePolicy Orchestrator server, which is

to be trusted from the Boot Attestation server. You can add multiple IP addressesseparated by commas.

• MySQL Connector URL — The download link for MySQL Connector.

• MySQL Password — Password for the MySQL root user on the Boot Attestationserver. Create a password for the database with only alphanumeric characters;no special characters are permitted.

• Boot Attestation Server User Password — Password for the Boot Attestation serveraccount. If you do not provide a password, the default password is taken aspassword.

• Boot Attestation Server User Name — User name for the Boot Attestation serveraccount. If you do not provide a user name, the default user name is taken asadmin.

Specify these networking details on the Properties page:• DNS — IP address of the DNS server for the Boot Attestation server. You can add

multiple IP addresses separated by a blank space.

• Gateway — IP address of the gateway for the Boot Attestation server.

• Interface — Interface on which the Boot Attestation server IP needs to beconfigured. If you do not provide interface details, the default value is taken aseth0.

• Boot Attestation Server IP Address — The static IP address of the Boot Attestationserver.

• Netmask — The netmask details of the Boot Attestation server.

• Hostname — Host name of the Boot Attestation server. If you do not provide thehost name, the default name is taken as BootAttestationServer.

On specifying the correct configuration information on the Properties page, the BootAttestation server is configured and ready during the initial start.

If you do not specify the correct configuration information and continue with thedeployment, the Boot Attestation server might not be configured correctly. If so,you might have to repeat the entire configuration.

Ready toComplete

Review the options you selected. You can select to turn on the virtual machineafter the import or you must manually turn it on.

3 Click Finish.

When you log on to the Boot Attestation server VM for the first time, make sure that you change thedefault password P@ssw0rd to a new password.

2 Installation and configurationSet up the Boot Attestation server

12 Boot Attestation Service 3.0.0 Product Guide

4 When the deployment is complete, verify that all Boot Attestation services report as running. Logon to the Boot Attestation server VM as root with your new password and run this command:

mtwilson status

5 (Optional) Restart the Boot Attestation server VM.

If any service reports as Not Running, or if the command fails to run, check for:

• The correct property details on the OVF Template details page.

• Successful download of the MySQL server and connector.

If you see the error again, report to McAfee Support and share the log file: /root/McAfee_BootAttestation_Install_Logs.tar.gz.

The Boot Attestation server is now ready to be configured and to communicate with the registeredMcAfee ePO server.

6 (Optional) Configure the Boot Attestation server with additional McAfee ePO server:

a From the vSphere client console or ssh, log on to the Boot Attestation server.

b Run these commands:

cd /root

bash trustHost.sh <ePOip>

Whitelist ESXi hostTo retrieve the boot status of an ESXi host, add this host as a Good Known Host. This process is known aswhitelisting the ESXi host.

Before you begin• Make sure that you have appropriate permissions to perform this task.

• Make sure that you have activated the Intel® TXT and TPM settings in the ESXi hostBIOS settings.

Installation and configurationSet up the Boot Attestation server 2

Boot Attestation Service 3.0.0 Product Guide 13

TaskFor option definitions, click ? in the interface.

1 Connect to the Management console portal, https://<Boot Attestation Server IP address>:8181/ManagementConsole/login.htm, and click Automation | White List configuration.

2 From Host type, select VMware ESXi.

3 From Configure White List For, select BIOS and Hypervisor (VMM).

4 From White List Applicable For:• BIOS — Select OEM.

• Hypervisor (VMM) — Select OEM or Global.

5 Change the Platform Configuration Registers (PCR) values, as needed. For details on PCR values,click ? in the interface.

6 In the Good Known Host field, enter the IP address of the Good Known Host as it is in vCenter.

7 In the vCenter Server field, type the IP address or host name of the vCenter server.

8 Type the login ID and Password for an account with administrator rights, then click Upload White List.

A dialog box displays the option to register the host that is whitelisted.

• Yes — The Measured Launch Environments (MLE) are added and the host is registered.

• No — The MLEs are added to the whitelist, but the host is not registered. However, it isregistered when the ePolicy Orchestrator server retrieves the boot attestation status.

Install the extensionYou must install the Data Center Connector for vSphere extension on the McAfee ePO server, whichthen can discover and import your ESXi servers that host the guest VMs.

Before you beginMake sure that the extension file is in an accessible location on the network.

TaskFor option definitions, click ? in the interface.

1 Log on to the ePolicy Orchestrator server as an administrator.

2 Click Menu | Software | Extensions | Install Extension.

3 Browse to and select the extension file vSphere_Ext_3.0.0.<bldnumber>.zip, then click OK. TheInstall Extension page displays the extension name and version details.

4 Click OK.

2 Installation and configurationInstall the extension

14 Boot Attestation Service 3.0.0 Product Guide

Register the Boot Attestation server with McAfee ePOIt is necessary to register the Boot Attestation server with McAfee ePO in order to perform the hostmapping.

Before you beginMake sure that you installed the extension for Data Center Connector for vSphere onMcAfee ePO.

TaskFor option definitions, click ? in the interface.

1 Log on to the ePolicy Orchestrator server as an administrator.

2 Click Menu | Configuration | Registered Servers, then click New Server to open the Registered Server Builderwizard.

3 From the Server type drop‑down list on the Description page, select Boot attestation server, specify a uniqueuser‑friendly name and any details, then click Next.

4 On the Details page, type the IP address or the DNS name of the host.

5 Click Test Connection to verify that the connection to the server works, then click Save.

You can register only one Boot Attestation Server on a single McAfee ePO server.

Register a VMware vCenter accountIt is necessary to register a VMware vCenter account with McAfee ePO, so that McAfee ePO establishesa connection with VMware vCenter, which manages the ESXi servers, discovers the guest VMs, anddisplays them in McAfee ePO.

Before you beginMake sure that you have configured your VMware vCenter server that manages the ESXiservers, which host the guest VMs.

The Registered Cloud Accounts option is available only after installing the Data Center Connector for vSphereextension.

TaskFor option definitions, click ? in the interface.

1 Log on to the ePolicy Orchestrator server as an administrator.

2 Click Menu | Configuration | Registered Cloud Accounts, then click Add Cloud Account to open the Add CloudAccount page.

Installation and configurationRegister the Boot Attestation server with McAfee ePO 2

Boot Attestation Service 3.0.0 Product Guide 15

3 From the Choose Connector drop‑down list on the Description page, select vSphere, then click OK.

4 On the vCenter Account Details page, type these details:

• Account name — A name for the VMware vCenter account in McAfee ePO. Account names caninclude characters a–z, A–Z, 0–9, and [_.‑], without space.

• Server Address — IP address or the host name of the available VMware vCenter. (Required)

• vCenter Username — User name of the available VMware vCenter account. (Required)

• This user's minimum role can be read only.

• This user can be a domain account.

• This user can also be a Single‑Sign‑On (SSO) user. The default user name of the SSO user isadmin@system‑domain.

• vCenter Password — Password of the available VMware vCenter account. (Required)

• Connection protocol — The protocol required to establish the connection with the VMware vCenter.

• Sync Interval (In Minutes) — Specify the time interval for running subsequent vCenter discovery.

• Port No — The port required to establish the connection with the available VMware vCenter.

• Tag — This is given by the admin to identify the VMs. Tag name can include characters a–z, A–Z,0–9, and [_.‑], with space.

5 Click Test Connection to validate VMware vCenter account details and verify that the connection to theVMware vCenter works, then click Next to open the Validate Certificate page.

6 Click Accept to validate the certificate, then click Finish.

2 Installation and configurationRegister a VMware vCenter account

16 Boot Attestation Service 3.0.0 Product Guide

7 When prompted to confirm, click OK to register the vCenter account.

This registers the VMware vCenter and imports all discovered virtual machines, which areunmanaged, into the McAfee ePO System Tree. The instances are imported with the similar structureand hierarchy present in VMware vCenter.

The virtual machines that are already added and managed by McAfee ePO are retained with theexisting policy settings, but the virtualization properties for these machines are added.

8 To view the imported virtual machines, click Menu | Systems | System Tree in McAfee ePO.

After the discovery, you can find your vCenter account under the group vSphere. The clusters andhosts from vCenter are logically grouped under each Data Center group in McAfee ePO.

Viewing account details and boot statusWhen you register the host, it appears in the System Tree in McAfee ePO, and displays boot attestationdetails. You can also view account details of the registered vCenter.

Property Description

Name Name of the vCenter that you registered in McAfee ePO.

Type Type of the Data Center Connector.

Last Successful Sync Displays the date and time when the last synchronization between McAfee ePO andVCenter occurred.

Last Sync Status Displays the synchronization status such as Synch Scheduled, Success, In Progress, andFailed.

Total VMs Displays the number of VMs that are available under the registered vCenter.

Running VMs Displays the number of VMs that are up and running under the registered vCenter.

Managed VMs Displays the number of VMs that are managed by McAfee ePO.

Auto Deploy MA Specifies if the administrator enabled the Auto deploy McAfee Agent task for theregistered vCenter account. Not available in this version.

Actions You can edit, delete, and synchronize the Vcenter account using McAfee ePO.

By default, the Firmware Trust Status and VMM Trust Status columns don't appear under System Tree. You mustselect and add them using the Choose Columns option under System Tree | Actions.

Installation and configurationViewing account details and boot status 2

Boot Attestation Service 3.0.0 Product Guide 17

The boot status of the host's BIOS and VMM versions are:

• Trusted — Both VMM and BIOS versions of the registered ESXi host are trusted.

• Untrusted — Either VMM or BIOS version of the registered host is not trusted.

• Unknown — The ESXi host is not registered or whitelisted, or the hardware used is not supported byIntel® TXT.

• Error — The McAfee ePO server is not able to retrieve the boot attestation details.

You can view the boot attestation details of a host by double‑clicking the host name listed under SystemTree. The boot attestation details are on the Virtualization tab.

Edit or delete Boot Attestation host mappingIt is necessary to map the host to the Boot Attestation server, so that the correct boot‑trust status ofthe host is verified and displayed. It is more important when there is any issue with the automaticmapping, or an already mapped ESXi server is upgraded.

Before you beginMake sure you have configured your VMware vCenter console that manages the ESXiservers, which host the guest VMs.

TaskFor option definitions, click ? in the interface.

1 Log on to the ePolicy Orchestrator server as an administrator.

2 Click Menu | Configuration | Boot Attestation Host Mapping. The Boot Attestation Host Mapping page displays thehost name, configuration, and ESXi details.

2 Installation and configurationEdit or delete Boot Attestation host mapping

18 Boot Attestation Service 3.0.0 Product Guide

3 Select a host, then click Actions | Edit Mapping to open the Edit Mapping page.

4 Select the required Firmware Configuration and VMM Configuration to be mapped, then click OK.

We recommend that you select a target host and delete its mapping, instead of editing the mapping,with the Boot Attestation server. You can delete the mapping by navigating through Actions | DeleteMapping. The available host and its details appear in the Boot Attestation Host Mapping page after the nextsynchronization with the server.

Installation and configurationEdit or delete Boot Attestation host mapping 2

Boot Attestation Service 3.0.0 Product Guide 19

2 Installation and configurationEdit or delete Boot Attestation host mapping

20 Boot Attestation Service 3.0.0 Product Guide

3 Dashboard

Dashboards, which are comprised of monitors, help you track the key metric boot attestation status oflaunch‑time measurements of the platform with VMWare ESXi hypervisors.

McAfee ePO 4.6 — Dashboards are grouped under Private Dashboards.

McAfee ePO 5.0 — Reports are grouped under McAfee Dashboards.

Boot Attestation Service dashboardThe Boot Attestation Service dashboard is added to your McAfee ePO server when you install the DataCenter Connector for vSphere extension.

The dashboard displays a collection of monitors based on the results of the default Boot AttestationService query.

This is the default monitor for Boot Attestation Service, which appears under the Data Centerdashboard.

• Boot Attestation Status — Displays the Boot Attestation status of vCenter hypervisors.

3

Boot Attestation Service 3.0.0 Product Guide 21

3 DashboardBoot Attestation Service dashboard

22 Boot Attestation Service 3.0.0 Product Guide

Index

Aabout this guide 5accounts, registering 15

BBIOS and hypervisor, configuring 13

boot attestation servercomponents 7configuring 11

mapping 18

registering 9, 15

setting up 9, 11

verifying boot status 7boot attestation service

about 7boot verification 7installing 9

boot statusretrieving 13

retrieving and displaying 17

boot status, displaying 21

Cconnector, choosing 15

conventions and icons used in this guide 5

Ddashboard

boot status 21

dashboard, viewing 21

documentationaudience for this guide 5product-specific, finding 6typographical conventions and icons 5

EePolicy Orchestrator

components 7install extension 14

ESXi hostdeploying 11

whitelisting 13

extensiondownloading 10

installing 9, 14

Ggood known host, adding 13

Hhost mapping 18

hypervisors 15

Iinstallation

requirements 10

summary 9

MMcAfee ServicePortal, accessing 6

Oopen virtual appliance, importing 11

SServicePortal, finding product documentation 6

Ttags, defining 15

Technical Support, finding product information 6

VvCenter, defining 9verification, boot 7virtual machines

boot status 15

discovering 15

virtual properties, displaying 15

VMware vCenter accountdefining 15

registering 9, 15

viewing details 17

Boot Attestation Service 3.0.0 Product Guide 23

00