move scheduler 2.5.0 product guide - mcafee · pdf file1 introduction mcafee move scheduler...

Product Guide

McAfee MOVE Scheduler 2.5.0For use with ePolicy Orchestrator® 4.5.0 and 4.6.0 Software

COPYRIGHTCopyright © 2012 McAfee, Inc. Do not copy without permission.

TRADEMARK ATTRIBUTIONSMcAfee, the McAfee logo, McAfee Active Protection, McAfee AppPrism, McAfee Artemis, McAfee CleanBoot, McAfee DeepSAFE, ePolicy Orchestrator,McAfee ePO, McAfee EMM, McAfee Enterprise Mobility Management, Foundscore, Foundstone, McAfee NetPrism, McAfee Policy Enforcer, Policy Lab,McAfee QuickClean, Safe Eyes, McAfee SECURE, SecureOS, McAfee Shredder, SiteAdvisor, SmartFilter, McAfee Stinger, McAfee Total Protection,TrustedSource, VirusScan, WaveSecure, WormTraq are trademarks or registered trademarks of McAfee, Inc. or its subsidiaries in the United States andother countries. Other names and brands may be claimed as the property of others.

LICENSE INFORMATION

License AgreementNOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETSFORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOUHAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOURSOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR AFILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SETFORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OFPURCHASE FOR A FULL REFUND.

2 McAfee MOVE Scheduler 2.5.0 Product Guide

Contents

Preface 5About this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Find product documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

1 Introduction 7About McAfee MOVE Scheduler . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Components and what they do . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

2 Installation and configuration 9Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Download McAfee MOVE Scheduler packages . . . . . . . . . . . . . . . . . . . . . . 10Platform support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10Install the Scheduler Agent package . . . . . . . . . . . . . . . . . . . . . . . . . . 10Install the Scheduler extension . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Register virtual servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Deploy the Scheduler Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Deploy with ePolicy Orchestrator 4.5 . . . . . . . . . . . . . . . . . . . . . . 12Deploy with ePolicy Orchestrator 4.6 . . . . . . . . . . . . . . . . . . . . . . . 13

Troubleshoot installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15Uninstall McAfee MOVE Scheduler . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Uninstall from ePolicy Orchestrator 4.5 . . . . . . . . . . . . . . . . . . . . . . 15Uninstall from ePolicy Orchestrator 4.6 . . . . . . . . . . . . . . . . . . . . . . 16Uninstall the McAfee MOVE Scheduler extension . . . . . . . . . . . . . . . . . . 18

Upgrading McAfee MOVE Scheduler . . . . . . . . . . . . . . . . . . . . . . . . . . 18Install the Scheduler extension . . . . . . . . . . . . . . . . . . . . . . . . . 19Install the Scheduler Agent package . . . . . . . . . . . . . . . . . . . . . . . 19Deploy with ePolicy Orchestrator 4.5 . . . . . . . . . . . . . . . . . . . . . . 19Deploy the MOVE Agent with ePolicy Orchestrator 4.6 . . . . . . . . . . . . . . . . 20

Configuring permission sets for McAfee MOVE Scheduler . . . . . . . . . . . . . . . . . . 22Configure permission sets . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

3 Monitoring and managing 23Managing your virtual environment . . . . . . . . . . . . . . . . . . . . . . . . . . 23Configuring templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Create an on-demand scan template . . . . . . . . . . . . . . . . . . . . . . . 24Create an offline virtual image scan template . . . . . . . . . . . . . . . . . . . 24

Configuring policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25Create a policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25Apply a policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Charts and queries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27View hypervisor details . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28Purge scan log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

McAfee MOVE Scheduler 2.5.0 Product Guide 3

Index 29

Contents


Preface

This guide provides the information you need for all phases of product use, from installation toconfiguration to troubleshooting.

Contents

About this guide Find product documentation

About this guideThis information describes the guide's target audience, the typographical conventions and icons usedin this guide, and how the guide is organized.

AudienceMcAfee documentation is carefully researched and written for the target audience.

The information in this guide is intended primarily for:

• Administrators — People who implement and enforce the company's security program.

ConventionsThis guide uses the following typographical conventions and icons.

Book title or Emphasis Title of a book, chapter, or topic; introduction of a new term; emphasis.

Bold Text that is strongly emphasized.

User input or Path Commands and other text that the user types; the path of a folder or program.

Code A code sample.

User interface Words in the user interface including options, menus, buttons, and dialogboxes.

Hypertext blue A live link to a topic or to a website.

Note: Additional information, like an alternate method of accessing an option.

Tip: Suggestions and recommendations.

Important/Caution: Valuable advice to protect your computer system,software installation, network, business, or data.

Warning: Critical advice to prevent bodily harm when using a hardwareproduct.


Find product documentationMcAfee provides the information you need during each phase of product implementation, frominstallation to daily use and troubleshooting. After a product is released, information about the productis entered into the McAfee online KnowledgeBase.

Task

1 Go to the McAfee Technical Support ServicePortal at http://mysupport.mcafee.com.

2 Under Self Service, access the type of information you need:

To access... Do this...

User documentation 1 Click Product Documentation.

2 Select a product, then select a version.

3 Select a product document.

KnowledgeBase • Click Search the KnowledgeBase for answers to your product questions.

• Click Browse the KnowledgeBase for articles listed by product and version.

PrefaceFind product documentation


http://mysupport.mcafee.com

1 Introduction

McAfee MOVE Scheduler manages the scheduling of your virus protection software so you can keepyour virtual environment running smoothly.

Contents

About McAfee MOVE Scheduler Components and what they do

About McAfee MOVE SchedulerTraditional security solutions for virtual environments run as an anti-virus application on every VM onthe hypervisor. This model results in reduced VM density per hypervisor, and causes high disk, CPU,and memory usage.

The problem

In typical deployment of virtual machine servers, common tasks like scanning for viruses can occur onall servers at the same time. This creates a significant load on the virtual infrastructure and impactsperformance.

The McAfee solution

McAfee MOVE Scheduler solves this issue by:

• Scheduling on-demand scans based on hypervisor and resource availability, so that virtualmachines (VMs) remain usable during scans.

• Scanning VMs while they are turned off (through integration with McAfee VirusScan Enterprise forOffline Virtual Images).

1


Components and what they doEach component performs specific functions to keep your environment protected.

• ePolicy Orchestrator — Installs client software, pushes out new policies, monitors client activity,creates reports, and stores and sends out content and client updates to managed systems.

• Hypervisor — Allows multiple operating systems to run concurrently on a hosted system. Thehypervisor is a virtual operating system that manages the execution of the guest operating systems.

• Virtual Machines (VMs) — Completely isolated guest operating system installation within anormal host operating system that supports both virtual desktops and virtual servers. HostsVirusScan Enterprise 8.7/8.8 and the Scheduler Agent.

• Offline Virtual Image (OVI) — Provides anti-virus scans and DAT updates to VMs in a poweredoff state. Optional.

• McAfee MOVE Scheduler Agent — Provides scheduling functions for powered-on virtualmachines with a Windows service.

• McAfee VirusScan Enterprise — Performs anti-virus scanning operations.

• McAfee MOVE Scheduler Extension — Queries the hypervisor for the VM's state, CPU data, andstorage details. Synchronizes collective VM data with systems in the System Tree and initiatesscans on the VMs. Supplies charts and queries detailing anti-virus scan activity and compliance forvirtual machines and hypervisors, and provides management of scheduling policies.

1 IntroductionComponents and what they do


2 Installation and configuration

Install, set up, and configure features for the McAfee MOVE Scheduler software.

Contents

Requirements Download McAfee MOVE Scheduler packages Platform support Install the Scheduler Agent package Install the Scheduler extension Register virtual servers Deploy the Scheduler Agent Troubleshoot installation Uninstall McAfee MOVE Scheduler Upgrading McAfee MOVE Scheduler Configuring permission sets for McAfee MOVE Scheduler

RequirementsVerify that your environment meets these system and software requirements.

• ePolicy Orchestrator versions 4.5 Patch 1 (build 851) or later or 4.6

• McAfee Agent versions 4.5 or 4.6

• VirusScan Enterprise version 8.7 or 8.8

• VirusScan Enterprise for Offline Virtual Images (OVI) version 2.0.x or 2.1

• McAfee Agent and VirusScan Enterprise are installed on all virtual machines.

If you want to schedule anti-virus scanning on powered-off virtual machines, you must install VirusScanEnterprise for Offline Virtual Images, VirusScan Enterprise, and the McAfee MOVE Scheduler Agent onthe OVI server.

2


Download McAfee MOVE Scheduler packages You must download the McAfee MOVE Scheduler packages before installation.

• From the McAfee download site, download these packages for McAfee MOVE Scheduler:

Package name Description

MOVE-SCH_Ext_2.5.0.zip Product extension; contains the evaluation license

MOVE-SCH_Agent_2500_WIN.zip Deployment package; contains the installerMOVESchedulerSetup.exe

MOVE-SCH_250_License.zip License extension; upgrades evaluation package to a fullylicensed package

help_mov_sched_250.zip Help extension

MOVE-SCH_Agent_2500_DOC.zip Documentation package

If you want to schedule scans for powered-off virtual machines, download the VirusScan Enterprise forOffline Virtual Images (OVI) software package. See the installation guide included in the OVI softwarepackage for installation details.

Software and documentation is also available from the ePolicy Orchestrator 4.6 Software Manager.

Platform support McAfee MOVE Scheduler supports these operating systems, and is available for these virtualizationplatforms.

Virtualizationplatforms

Citrix XenServer 5.5, 5.6 and 6.0

VMware vCenter 4.0, 4.1, and 5.0, ESX 4.0 and 4.1, and ESXi 4.0, 4.1, and 5.0

Operating systems Windows XP SP3

Windows Vista (x86, x64)

Windows 7 (x86, x64)

Windows 2003 Server R2 SP2 (x86, x64)

Windows 2008 Server SP2 (x86, x64)

Windows 2008 R2 SP1 (x64)

See the documentation for VirusScan Enterprise for Offline Virtual Images for information on operatingsystems support.

Install the Scheduler Agent packageYou must add the McAfee MOVE Scheduler Agent package to the Master Repository before you candeploy the agent to managed VMs.

Task

For option definitions, click ? in the interface.

1 From the ePolicy Orchestrator console, click Menu | Software | Master Repository.

2 Click Actions | Check In Package.

2 Installation and configurationDownload McAfee MOVE Scheduler packages


3 Select Product or Update (.ZIP) for package type.

4 Browse to and select the MOVE-SCH_Agent_2500_WIN.zip file, then click Next.

5 Verify the displayed information.

6 Click Save to check in the package.

If the repository includes a previous version of the software, it is removed when you check inversion 2.5.

The new package appears in the Packages in Master Repository list on the Master Repository page.

Install the Scheduler extension The Scheduler extension must be installed in ePolicy Orchestrator before you can manage theanti-virus scans on your virtual machines.

Before you begin

Make sure that the extension is in an accessible location on the network.

The extension is named MOVE-SCH_Ext_2.5.0.zip and can be found in the folder whereyou downloaded it. The ePolicy Orchestrator help extension is named help_mov_sched_250.zip and should also be installed using this same process.

Task


1 From the ePolicy Orchestrator console, click Menu | Software | Extensions | Install Extension.

2 Browse to and select the extension file, then click OK.

3 Verify that the product name appears in the Extensions list.

Register virtual servers Before you can deploy McAfee MOVE Scheduler to VMs, you must register the hypervisors in ePolicyOrchestrator.

Before you begin

The supplied credentials must have an assigned role that provides at least read permissionsto the server.

When hypervisors are registered:

• The Scheduler communicates with the registered hypervisor and collects data for scheduling.

• Registered hypervisors are added to the System Tree group MOVE Scheduler Virtual Infrastructure.

Installation and configurationInstall the Scheduler extension 2


• All managed VMs associated with a registered hypervisor receive a VM tag to identify it.

• The Scheduler regularly queries registered hypervisors and applies the VM tag to any virtualmachines managed by ePolicy Orchestrator.

Task


1 From the ePolicy Orchestrator console, click Menu | Configuration | Registered Servers.

2 On the Registered Servers page, click New Server.

3 Configure these settings for the new server. Click Next when finished.

• Server Type — Select VMware vCenter or ESX or Xen Pool, depending on the virtual machine server beingadded.

• Name — Enter the name of the registered server, for example, Test vCenter.

• Notes — Add descriptive information about the server.

4 On the Details page, configure these settings:

• Protocol — Select https or http, depending on the protocol the server uses to receive client requests.

Typically HTTP is disabled in virtual environments. See your virtual server documentation forinstructions on how to enable HTTP connectivity prior to registering the server with HTTP.

• Server — Enter the server's host name or IP address.

• User — Enter the user name credentials to connect with the server.

• Password — Enter the password associated with the user.

5 Click Test Connection to validate your settings.

The Test Connection Success message is displayed if ePolicy Orchestrator is able to connect to thespecified server.

6 Click Save to save the registered server configuration.

Do not remove hypervisors from the System Tree. Delete them by removing the registered server.Hypervisors deleted from the System Tree are re-discovered later, but any previous policy associationsare lost, resulting in scans no longer being scheduled.

Deploy the Scheduler AgentUse ePolicy Orchestrator to deploy the Scheduler Agent to your virtual machines.

Deploy with ePolicy Orchestrator 4.5 Create a client task in ePolicy Orchestrator 4.5 to deploy the Scheduler Agent to virtual machines.

2 Installation and configurationDeploy the Scheduler Agent


Task


1 Select a group in the System Tree.

McAfee recommends creating the client task at the My Organization level and applying it on machinescontaining the virtual machine (VM) tag.

2 Click Menu | Systems | System Tree, then click the Assigned Client Tasks tab.

3 Click Actions | New Client Task Assignment, then on the Description page, type the name of the task, forexample, Install MOVE Scheduler agent on VM client, and add a description to the Notes field.

4 From the Type drop-down list, select Product Deployment | Send this task to only computers which have the followingcriteria:, then click the edit link for Has any of these tags.

5 In the Edit Included Tags dialog, add the VM tag, click OK, then click Next.

6 On the Configuration page in Target platforms, select Windows.

7 From the Products and components list, select MOVE Scheduler Agent 2.5.0, change these settings, then clickNext.

• Set Action to Install.

• Set Language to Language Neutral.

• Set Branch to Current.

8 On the Schedule page:

• Select Enabled for the schedule status.

• From the Schedule type list, select the schedule. To deploy immediately, select Run Immediately.

• Set the other schedule settings as required then click Next.

9 Review and verify the details on the Summary page, then click Save.

10 If you scheduled the task to run immediately, perform an agent wake-up call.

11 Confirm that the Scheduler Agent has been successfully installed: Check the system informationand McAfee MOVE Scheduler properties reported to the ePolicy Orchestrator console.

For details, see the McAfee ePolicy Orchestrator Product Guide.

Deploy with ePolicy Orchestrator 4.6Installing the McAfee MOVE Scheduler Agent on virtual machines from ePolicy Orchestrator 4.6requires two tasks. First you must create a deployment client task, then assign that task to virtualmachines.

Create a deployment task Before a task can be assigned to systems, it must be created.

Installation and configurationDeploy the Scheduler Agent 2


Task


1 From the ePolicy Orchestrator console, click Menu | Policy | Client Task Catalog.

2 In the left column under McAfee Agent, select Product Deployment.

3 Click Actions | New Task, select Product Deployment, then click OK.

4 Type the name of the task, for example, Install MOVE Scheduler agent on VM client, and addinformation to the Description field.

5 Make sure that Windows is the only Target platform selected.

6 For Products and components:

a Select MOVE Scheduler Agent 2.5.0 from the first drop-down list.

b Set the Action to Install, set the Language to Language Neutral, and set the Branch to Current.

7 Select the remaining options according to your environment's best practices, then click Save.

The newly created task appears in the Client Task Catalog.

Assign a deployment taskBefore McAfee MOVE Scheduler can function, the agent must be deployed to virtual machines.

Before you begin

You must have already added McAfee MOVE Scheduler to the Master Repository and registeredyour virtual servers to the ePolicy Orchestrator System Tree.

Task



McAfee recommends creating the client task at the My Organization level and applying it on only thosemachines tagged as virtual machines (VM).

2 Click Menu | Policy | Client Task Assignments.

3 Select the Assigned Client Tasks tab.

4 Select Actions | New Client Task Assignment.

5 Select these settings:

• Product — McAfee Agent

• Task Type — Product Deployment

• Task Name — The name of the task you created earlier

6 Under Tags, select Send this task to only computers which have the following criteria.

7 Next to Has any of these tags, click edit.

8 Click Add, select VM from the list, click OK, then click Next.

2 Installation and configurationDeploy the Scheduler Agent


9 On the Schedule tab next to Schedule type, select Run Immediately from the drop-down list.

10 Set the Options as appropriate, then click Next.

11 Examine the settings displayed on the Summary tab, then click Save to assign the task.

The McAfee MOVE Scheduler Agent is now deployed to every system in the System Tree that wasassigned the VM tag.

Troubleshoot installation When you upgrade ePolicy Orchestrator after installing McAfee MOVE Scheduler, scans on VMs might fail.

This scan failure can occur in these situations after you install McAfee MOVE Scheduler:

• Upgrade ePolicy Orchestrator from 4.5 to 4.6

• Create a new ePolicy Orchestrator 4.6 installation

Task

1 On the ePolicy Orchestrator server, open Windows Explorer.

2 Navigate to the %ProgramFiles%\McAfee\ePolicy Orchestrator\Server\Extensions\installed\MOVE\2.5.0\webapp\WEB-INF\lib folder.

On 64-bit servers, use %ProgramFiles (x86)% at the beginning of the specified path.

3 Delete the file dom4j*.jar.

4 Click Start | Run, enter services.msc, then press Enter.

5 Restart the McAfee ePolicy Orchestrator 4.6.0 Application Server or McAfee ePolicy Orchestrator 4.5.0 Application Serverservice. Click OK when prompted to restart dependent services.

Agent-server communications are restored and scans on virtual machines function properly.

Uninstall McAfee MOVE SchedulerUninstall McAfee MOVE Scheduler and remove all components using ePolicy Orchestrator.

Tasks

• Uninstall from ePolicy Orchestrator 4.5 on page 15Uninstall the McAfee MOVE Scheduler Agent from the virtual machines using ePolicyOrchestrator.

• Uninstall from ePolicy Orchestrator 4.6 on page 16Uninstalling the McAfee MOVE Scheduler Agent with ePolicy Orchestrator 4.6 requires twoseparate tasks. First create a client removal task, then assign that task to virtual machines.

• Uninstall the McAfee MOVE Scheduler extension on page 18Complete the uninstallation by removing the McAfee MOVE Scheduler extension fromePolicy Orchestrator.

Uninstall from ePolicy Orchestrator 4.5Uninstall the McAfee MOVE Scheduler Agent from the virtual machines using ePolicy Orchestrator.

Installation and configurationTroubleshoot installation 2


Task




2 Click Menu | Systems | System Tree | Client Tasks, then click New Task.

3 On the Description page, type the name of the task, for example, Uninstall MOVE Agents from VMclients, and add a description to the Notes field.

4 From the Type drop-down menu, select Product Deployment | Send this task to all computers, then click Next.



• Set Action to Remove.

• Set Language to English.


7 On the Schedule page, select Enabled for the schedule status.

8 Select a Schedule type, select Run Immediately to deploy now, then click Next.



11 To confirm that McAfee MOVE Scheduler has been successfully uninstalled, check that McAfeeMOVE Scheduler properties are no longer present in the system information page.

Uninstall from ePolicy Orchestrator 4.6Uninstalling the McAfee MOVE Scheduler Agent with ePolicy Orchestrator 4.6 requires two separatetasks. First create a client removal task, then assign that task to virtual machines.

Tasks

• Create an uninstall task on page 16To remove the agent with ePolicy Orchestrator 4.6, you must first create a removal task.

• Assign the uninstall task to virtual machines on page 17To remove the McAfee MOVE Scheduler Agent from virtual machines with ePolicyOrchestrator 4.6, you must assign the uninstallation client task to those virtual machines.

Create an uninstall task To remove the agent with ePolicy Orchestrator 4.6, you must first create a removal task.

2 Installation and configurationUninstall McAfee MOVE Scheduler


Task






4 Type the name of the task, for example, Uninstall MOVE Scheduler from VM clients, and addany descriptive information to the Description field.


6 For Products and components select these settings:

• Product — MOVE Scheduler Agent 2.5.0

• Action — Remove

• Language — Language Neutral

• Branch — Current



Assign the uninstall task to virtual machines To remove the McAfee MOVE Scheduler Agent from virtual machines with ePolicy Orchestrator 4.6, youmust assign the uninstallation client task to those virtual machines.

Task



2 Click Menu | Policy | Client Task Assignments, then click the Assigned Client Tasks tab.

3 Click Actions | New Client Task Assignment.







7 Click Add, select VM from the list, then click OK.

8 Click Next.


Installation and configurationUninstall McAfee MOVE Scheduler 2




The McAfee MOVE Scheduler Agent is now removed from every system in the System Tree that wasassigned the uninstall task.

Uninstall the McAfee MOVE Scheduler extension Complete the uninstallation by removing the McAfee MOVE Scheduler extension from ePolicyOrchestrator.

Task


1 From the ePolicy Orchestrator console, click Menu | Software | Extensions.

2 From the Extensions tab under McAfee, select MOVE Scheduler.

3 Click Remove, then click OK to remove the extension.

This removes the McAfee MOVE Scheduler extension and associated policies from ePolicy Orchestrator,unregister any registered hypervisors, and deletes the MOVE Scheduler Virtual Infrastructure group from theSystem Tree.

Upgrading McAfee MOVE SchedulerUpgrade any version to McAfee MOVE Scheduler 2.5 by installing the extension, adding the agentpackage to the repository, then deploying the agent.

The steps to upgrade McAfee MOVE Scheduler are the same for each version, but there are differencesin how the product behaves during the upgrade.

Overview

The upgrade process is similar to a new installation with important considerations. When you installthe McAfee MOVE Scheduler extension into ePolicy Orchestrator, it replaces the older version.Hypervisors registered with the older extension are maintained in the ePolicy Orchestrator databaseafter the upgrade is complete. Policies and scan compliance data are migrated during the upgradeprocess.

You are unable to schedule scans on any virtual machines before this process is complete. Because thisreduces your environment's security, try to complete the upgrade process as quickly as possible.

Important considerations

Version Behavior

1.5 The McAfee MOVE Scheduler 2.5 extension can't communicate with the MOVE for Servers1.5 Agent, so you can't schedule scans on machines with the older agent until they areupgraded. The McAfee MOVE Scheduler Agent version 2.5 replaces the older agent duringdeployment. After the agent deployment is complete, your upgrade is finished.

2.0 The McAfee MOVE Scheduler 2.0 extension can manage the 2.5 agents and a 2.5 extensioncan manage 2.0 agents. Scheduled scans continue during a 2.0 to 2.5 upgrade, unlike the1.5 to 2.5 upgrade.

2 Installation and configurationUpgrading McAfee MOVE Scheduler


Install the Scheduler extension The Scheduler extension must be installed in ePolicy Orchestrator before you can manage theanti-virus scans on your virtual machines.

Before you begin

Make sure that the extension is in an accessible location on the network.

The extension is named MOVE-SCH_Ext_2.5.0.zip and can be found in the folder whereyou downloaded it. The ePolicy Orchestrator help extension is named help_mov_sched_250.zip and should also be installed using this same process.

Task


1 From the ePolicy Orchestrator console, click Menu | Software | Extensions | Install Extension.

2 Browse to and select the extension file, then click OK.

3 Verify that the product name appears in the Extensions list.

Install the Scheduler Agent packageYou must add the McAfee MOVE Scheduler Agent package to the Master Repository before you candeploy the agent to managed VMs.

Task


1 From the ePolicy Orchestrator console, click Menu | Software | Master Repository.

2 Click Actions | Check In Package.

3 Select Product or Update (.ZIP) for package type.

4 Browse to and select the MOVE-SCH_Agent_2500_WIN.zip file, then click Next.

5 Verify the displayed information.

6 Click Save to check in the package.

If the repository includes a previous version of the software, it is removed when you check inversion 2.5.

The new package appears in the Packages in Master Repository list on the Master Repository page.

Deploy with ePolicy Orchestrator 4.5 Create a client task in ePolicy Orchestrator 4.5 to deploy the Scheduler Agent to virtual machines.

Task



McAfee recommends creating the client task at the My Organization level and applying it on machinescontaining the virtual machine (VM) tag.

Installation and configurationUpgrading McAfee MOVE Scheduler 2


2 Click Menu | Systems | System Tree, then click the Assigned Client Tasks tab.

3 Click Actions | New Client Task Assignment, then on the Description page, type the name of the task, forexample, Install MOVE Scheduler agent on VM client, and add a description to the Notes field.

4 From the Type drop-down list, select Product Deployment | Send this task to only computers which have the followingcriteria:, then click the edit link for Has any of these tags.

5 In the Edit Included Tags dialog, add the VM tag, click OK, then click Next.



• Set Action to Install.

• Set Language to Language Neutral.


8 On the Schedule page:

• Select Enabled for the schedule status.

• From the Schedule type list, select the schedule. To deploy immediately, select Run Immediately.

• Set the other schedule settings as required then click Next.



11 Confirm that the Scheduler Agent has been successfully installed: Check the system informationand McAfee MOVE Scheduler properties reported to the ePolicy Orchestrator console.

For details, see the McAfee ePolicy Orchestrator Product Guide.

Deploy the MOVE Agent with ePolicy Orchestrator 4.6Installing the McAfee MOVE Scheduler Agent on virtual machines from ePolicy Orchestrator version 4.6requires two tasks. First you must create a deployment client task, then assign that task to virtualmachines.

Tasks

• Create a deployment task on page 13Before a task can be assigned to systems, it must be created.

• Assign a deployment task on page 14Before McAfee MOVE Scheduler can function, the agent must be deployed to virtualmachines.

Create a deployment task Before a task can be assigned to systems, it must be created.

Task




2 Installation and configurationUpgrading McAfee MOVE Scheduler



4 Type the name of the task, for example, Install MOVE Scheduler agent on VM client, and addinformation to the Description field.


6 For Products and components:

a Select MOVE Scheduler Agent 2.5.0 from the first drop-down list.

b Set the Action to Install, set the Language to Language Neutral, and set the Branch to Current.



Assign a deployment taskBefore McAfee MOVE Scheduler can function, the agent must be deployed to virtual machines.

Before you begin

You must have already added McAfee MOVE Scheduler to the Master Repository and registeredyour virtual servers to the ePolicy Orchestrator System Tree.

Task




2 Click Menu | Policy | Client Task Assignments.

3 Select the Assigned Client Tasks tab.

4 Select Actions | New Client Task Assignment.







8 Click Add, select VM from the list, click OK, then click Next.




The McAfee MOVE Scheduler Agent is now deployed to every system in the System Tree that wasassigned the VM tag.

Installation and configurationUpgrading McAfee MOVE Scheduler 2


Configuring permission sets for McAfee MOVE SchedulerA permission set is a group of permissions (or access rights) granted to a user account for specificfeatures of a product. Permission sets only grant permissions — they never remove a permission.

All permissions to all products and features are automatically assigned to global administrators. Otherusers must have permission assigned manually. Global administrators can assign existing permissionsets when creating or editing user accounts and when creating or editing permission sets.

For more information on permission sets, see the ePolicy Orchestrator documentation.

McAfee MOVE Scheduler permission set

The McAfee MOVE Scheduler software adds a MOVE Scheduler 2.5 Policy section to the permission sets withone setting. This defines access rights to the McAfee MOVE Scheduler software features. The globaladministrators must grant permissions to users to use McAfee MOVE Scheduler, as no permissions aregranted by default.

Other required permission sets

The global administrator gives ePolicy Orchestrator permissions to handle other areas that work withthe McAfee MOVE Scheduler including queries, dashboards, and the Threat Event Log.

For these McAfee MOVE Scheduler features... These permissions sets are required

Dashboards Dashboards, Queries

Queries Queries

Registering hypervisors Registered servers

Events on virtual machines Systems, System Tree access, Threat Event Log

Configure permission sets Update the read/write access permissions assigned to the user roles for McAfee MOVE Scheduler,which are defined for your ePolicy Orchestrator environment.

Task


1 From the ePolicy Orchestrator console, click Menu | User Management | Permission Sets.

2 Select a user role from the Permission Sets list.

3 Next to MOVE Scheduler 2.5 Policy, click Edit.

4 Select the permission level.

5 Click Save.

For more information on permission sets, see the ePolicy Orchestrator documentation.

2 Installation and configurationConfiguring permission sets for McAfee MOVE Scheduler


3 Monitoring and managing

McAfee MOVE Scheduler allows you to monitor the status of virtual servers and their managed virtualmachines from the ePolicy Orchestrator console. You can create scan policies and monitor scan statusand compliance.

Contents

Managing your virtual environment Configuring templates Configuring policies Charts and queries

Managing your virtual environmentMcAfee MOVE Scheduler manages the scanning of your VMs from ePolicy Orchestrator.

After you register a XEN Pool or VMware vCenter servers in ePolicy Orchestrator, McAfee MOVEScheduler retrieves information about the hypervisors and their virtual machines, and adds the detailsto the System Tree.

How VMs are organized in the System Tree

McAfee MOVE Scheduler creates a group named MOVE Scheduler Virtual Infrastructure in the System Treeunder My Organization. It adds all virtual infrastructure details from registered XEN Pool, VMware vCenter,and ESX servers to this group.

McAfee MOVE Scheduler expects to manage all entries in the MOVE Scheduler Virtual Infrastructure group. Don'talter the contents of this group. Doing so causes unexpected results.

Typically, you organize systems in the System Tree any way that makes sense for your environment.Virtual servers, however, must be organized in this specialized group.

Identifying with the VM tag

McAfee MOVE Scheduler applies a VM tag to all virtual systems that are added to ePolicy Orchestrator.This tag makes it easy to identify virtual machines in the System Tree. The tag is applied when ahypervisor is registered with ePolicy Orchestrator, and is periodically updated.

Configuring templates McAfee MOVE Scheduler uses templates to schedule scans on virtual machines.

A template is one of these disabled scan tasks:

3


• VirusScan Enterprise on-demand scan tasks

• VirusScan Enterprise for Offline Virtual Images scan tasks

The template tasks specify the settings used during scans that are scheduled by McAfee MOVEScheduler. Templates must be disabled and assigned to the My Organization group in the System Tree.You can copy and disable existing VirusScan Enterprise on-demand scan tasks to create these templates.

Create an on-demand scan templateThis template task is used by the McAfee MOVE Scheduler policy to schedule on-demand scans foronline virtual machines. This template defines what is scanned by the on-demand anti-virus scan task.

Task


1 Select the My Organization group in the System Tree.

McAfee MOVE Scheduler templates must be assigned to the My Organization level. The McAfee MOVEScheduler policy detects only templates assigned at this location.

2 Click Menu | Systems | System Tree | Client Tasks.

3 Click New Task.

4 Configure these settings, then click Next.

• Name — Enter the name of the task, for example, Template task for on-demand scanscheduling.

• Notes — Add a description for the template task.

• Type — Select On Demand Scan (VirusScan Enterprise 8.8.0).

• Tags — Select Send this task to all computers.

5 Click Next.

The Configuration page that appears has the same settings as VirusScan Enterprise.

6 Configure the task according to your environment's requirements, then click Next.

See the VirusScan Enterprise Product Guide for details.

7 In the Schedule page, select Disabled for the schedule status.

This setting is critical — the schedule status must be set as Disabled so it can be detected by McAfeeMOVE Scheduler and added to a McAfee MOVE Scheduler policy.

8 Configure other schedule settings as required, then click Next.

9 Review and verify the details, then click Save.

If you want different task settings on different virtual machines, create another task for those virtualmachines, and mark that task as Disabled.

Create an offline virtual image scan template McAfee MOVE Scheduler uses VirusScan Enterprise for Offline Virtual Image scan templates to specifyscan settings used when scheduling virtual image scans on offline virtual machines.

Create this task only if you want to schedule scans on offline virtual machines.

3 Monitoring and managingConfiguring templates


Task


1 Select the My Organization group in the System Tree.

McAfee MOVE Scheduler templates must be assigned to the My Organization level. The McAfee MOVEScheduler policy detects only templates assigned at this location.

2 Click Menu | Systems | System Tree | Client Tasks.

3 Click New Task.

4 On the Description page, configure these settings, then click Next.

• Name — Enter the name of the task, for example, Template task for offline scanscheduling.

• Notes — Add a description for the template task.

• Type — Select an option for Virtual Image Scan.

• Tags — Select Send this task to all computers.

The Configuration page that appears has the same settings as VirusScan Enterprise for Offline VirtualImages.

5 Configure the task according to your environment's requirements, then click Next.

See the VirusScan Enterprise for Offline Virtual Images Product Guide for details.

6 On the Schedule page, set the schedule status to Disabled.

The schedule status must be set as Disabled so it can be detected by McAfee MOVE Scheduler andadded to a McAfee MOVE Scheduler policy.

7 Set the other schedule settings as required.

8 Click Next.

9 Review and verify the details, then click Save.

If you want different task settings on different virtual machines, you can either change the settings onthe task after assigning it (by breaking inheritance) or create another disabled template task for thevirtual machines requiring different behavior.

Configuring policies Policy information for McAfee MOVE Scheduler is grouped into a single Scheduler category.

You can create or modify as many policies as you need. The McAfee MOVE Scheduler extensionincludes a preconfigured McAfee Default policy, which cannot be edited or deleted but can be copied orused as a base for new policies.

This policy allows the administrator to define how and when anti-virus scans run on a hypervisor, andare applied to the hypervisor instead of the virtual machine (VM) or system.

Create a policy Create a new McAfee MOVE Scheduler policy to change behavior on managed virtual systems.

Monitoring and managingConfiguring policies 3


Task


1 From the ePolicy Orchestrator console, click Menu | Policy | Policy Catalog.

2 From the Product drop-down list, select MOVE Scheduler 2.5.0, then click Actions | New Policy.

3 From the New Policy page, enter these settings, then click OK.

• Create a policy based on this existing policy — Select the base policy (for example, McAfee Default policy) forthe new policy.

• Policy Name — Type a name for the new policy (for example, MOVE ODS Server Policy).

• Notes — Enter a description of the new policy.

4 From the Policy Settings page, enter these settings.

Maximum concurrentscans per Hypervisor

Limits the number of concurrent scans to be run on the virtual machines of ahypervisor. This policy is valid only for VirusScan Enterprise on-demand scans.VirusScan Enterprise for Offline Virtual Images scans run only 1 concurrent scanper OVI server.

Maximum concurrentscans per storage

Limits the number of concurrent scans to be run on the virtual machines of ahypervisor that are on the same storage.

Scan Frequency Select the scan period for the policy. Currently, only Weekly setting is available —this creates at least one on-demand scan attempt every week. (A week isdefined as Monday through Sunday.)

VSE Task Name Select the template task for on-demand scans. This task is listed with disabledVirusScan Enterprise on-demand scan tasks that are applied at the My Organizationlevel in the System Tree. One VirusScan Enterprise template can be assigned perpolicy.

OVI Task Name Select the template task for Offline Virtual Image scans. This task is listed withdisabled VirusScan Enterprise for Offline Virtual Images scan tasks applied atthe My Organization level in the System Tree. One VirusScan Enterprise for OfflineVirtual Images template can be assigned per policy.

This requires a VirusScan Enterprise for Offline Virtual Images server bespecified in the OVI Servers setting.

Scan Time Set or clear the time slots to specify available scan times. Green denotes a timeslot where a scan can start and white denotes a time when a scan can't start.Grid cells can be toggled available (green) or unavailable (white) by clicking thecell, column header, or row header.

Start new scans onlyif average CPUusage of hypervisorin last 5 minutes isless than NNN %

Select to specify that new scans should be started only when the average CPUusage of the hypervisor over the last five minutes is less than the specifiedpercentage. Deselect to start a new scan whenever it is possible based on othersettings.

OVI Servers Systems in ePolicy Orchestrator that have VirusScan Enterprise for OfflineVirtual Images installed and should be used to scan offline virtual images.Multiple VirusScan Enterprise for Offline Virtual Images systems can be selected.

Use this setting for scanning offline virtual machines. Only systems runningVirusScan Enterprise for Offline Virtual Images appear in this list.

5 Click Save.

3 Monitoring and managingConfiguring policies


Apply a policyMcAfee MOVE Scheduler policies differ from traditional ePolicy Orchestrator policies; they are appliedto the hypervisor instead of to the managed system.

Task


1 From the ePolicy Orchestrator console, click Menu | Systems | System Tree.

2 Select the MOVE Scheduler Virtual Infrastructure group or hypervisor containing the target virtual machines.

3 Click Assigned Policies.

4 In the Product drop-down list, select MOVE Scheduler 2.5.0.

5 On the Actions column of the McAfee Default policy, select Edit assignment.

6 On the Policy Assignments page, change these settings:

• Inherit from — Select Break inheritance and assign the policy and settings below option.

• Assigned Policy — Select the policy that you created earlier from the Assign Policy drop-down list.

7 Click Save.

Charts and queriesCharts and queries provide data about a particular item and filter the data for specific subsets. Forexample, high-level events reported by particular clients for a specified time period. Reportsincorporate queries and can be scheduled and sent as a PDF file or email message.

Table 3-1 Charts

Chart Details

Hypervisor Table Lists the hypervisors that are members of the registered servers, and displays themanaged virtual machines associated with the hypervisors.

Compliance for theLast 7 Days

Displays a pie chart of virtual machines indicating their compliance status.

A system is considered compliant if the most recent scan was completed successfully.

You can click on the chart to drill down into the details of the scan on each virtualmachine in the group, whether compliant or noncompliant.

Click Details to view the last 7 days' on the hypervisor where that virtual machinewas running. You can scroll to view the entire period. To view the scan-specificdetails like scan type or actual scan period, hover the cursor over a scan bar.

Scan Activity perHypervisor

Provides the details of completed, running, and in-progress scans on eachhypervisor for the last 24 hours.

To view scan activity and CPU usage over the last 24 hours, click a specific hypervisor.

Table 3-2 Queries

Query Description

MOVE Scheduler: AV Scan Compliance Displays a pie chart of systems indicating compliance status. Asystem is considered compliant if it has been successfully scanned inthe last 7 days.

MOVE Scheduler: AV Scan Log Provides details of the scans scheduled in the last 7 days.

Monitoring and managingCharts and queries 3


Table 3-2 Queries (continued)

Query Description

MOVE Scheduler: Error Logs Displays internal error logs. For example, if the ePolicy Orchestratorserver is unable to connect to XenPool due to invalid credentials.

MOVE Scheduler: Running AV ScansBy Storage

Displays the details of running anti-virus scans by storage.

View hypervisor detailsMcAfee MOVE Scheduler provides important hypervisor information to track your virtual environment.

Task


1 View the hypervisor list: Click Menu | Reporting | MOVE Scheduler.

2 View all hypervisors: Click MOVE Scheduler Virtual Infrastructure, expand the server tree, then select a server.

3 View the list of related virtual machines: Click the server, select the requested hypervisor, thenselect Actions | Show Related Virtual Machines.

The System : System Information page lists all related virtual machines. You can perform various actionson any listed virtual machine. For example, you can wake up the McAfee Agent on a virtualmachine by selecting it and clicking Wake Up Agents.

Purge scan logThe McAfee MOVE Scheduler operation generates internal events that accumulate in the database.

The ePolicy Orchestrator server task Move Scheduler: Purge Scan Logs is disabled by default and can be runmanually or enabled and run based on the selected criteria. You can purge the scan log to manage thesize of the database.

To... Do this...

View the server task Click Menu | Automation | Server Tasks.

Run the McAfee MOVE Scheduler: Purge Scan Logstask

Select Run for the associated task.

Schedule the McAfee MOVE Scheduler: Purge ScanLogs task

1 Select Edit for each task.

2 In the Schedule Status field, select Enabled, then click Next.

3 Select the available actions, then click Next.

4 Define the task schedule, then click Next.

3 Monitoring and managingCharts and queries


Index

A

about this guide 5agent

assign deployment task 14, 21

assign uninstall task 17

create deployment task 13, 20

create uninstall task 16

deploy with ePolicy Orchestrator 4.5 12, 19

deploy with ePolicy Orchestrator 4.6 13, 14, 20, 21

uninstall from ePolicy Orchestrator 4.5 15

agent package, check in 10, 19

C

Citrix XenServer, requirements 10

client tasksagent deployment 13, 20

assign agent deployment task 14, 21

assign agent uninstall task 17

create agent uninstall task 16

componentsdownloading 9, 10

overview 8configuration 22

conventions and icons used in this guide 5

D

documentationaudience for this guide 5product-specific, finding 6typographical conventions and icons 5

E

ePolicy Orchestratoradd deployment package 10, 19

install 11, 19

register hypervisors 11

System Tree organization 23

uninstall 18

H

hypervisorsregister 11

hypervisors (continued)register in ePolicy Orchestrator 11

show related systems 28

view details 28

I

installationassign deployment task 14, 21

check in deployment package 10, 19

common problems 15

create agent deployment task 13, 20

deploy agent in ePolicy Orchestrator 4.5 12, 19

download packages 10

extensions 11, 19

register hypervisors 11

troubleshooting 15

M

McAfee MOVE Schedulerintroduction 7

McAfee ServicePortal, accessing 6

O

offline virtual image, scanningsoftware requirements 24

template 24

operating systems, requirements 10

P

packagesdownload

check in agent package 10

permission setslist 22

modify 22

overview 22

required 22

policiesapplying 27

create 25

difference from standard policy usage 25

options summary 25


policies (continued)overview 25

R

requirementssoftware 9

S

ServicePortal, finding product documentation 6supported platforms, requirements 10

System Treeadding hypervisors 23

applying policies 27

organization 23, 25

view hypervisor details 28

T

Technical Support, finding product information 6templates

create on-demand scan 24

templates (continued)create OVI scan 24

definition 23

example 24

troubleshooting 15

U

uninstallationagent from ePolicy Orchestrator 4.5 15

assign agent task 17

create client task 16

remove ePolicy Orchestrator extension 18

V

virtual machines, tagging 11, 23

VMware ESX, supported versions 10

VMware ESXi, supported versions 10

VMware vCenter, supported versions 10

Index


move scheduler 2.5.0 product guide - mcafee · pdf file1 introduction mcafee move scheduler...

Documents