Create an Image for Linux Persistent and Non-Persistent Environments

Applies To: WatchGuard Advanced EPDR, WatchGuard EPDR, WatchGuard EDR, WatchGuard EPP

Before You Begin

Virtual environments are complex and varied. This topic describes step-by-step instructions to install WatchGuard Endpoint Security in persistent and non-persistent Virtual Desktop Infrastructure (VDI) environments. Virtual computers or instances require that you follow a specific procedure to make sure that the images or templates used in virtual environments are up-to-date, optimized, and do not have a previously-assigned machine ID. This makes sure that when the virtual computer starts, it is uniquely registered in the Endpoint Security management UI.

In some unique environments, you might have to follow the recommendations provided by the virtualization vendor to adapt these general instructions to your needs.

This installation procedure requires that you prepare a template (for persistent environments) or a gold image (for non-persistent environments) to deploy later to virtual computers on the network. It is important to follow this procedure closely to make sure that:

  • The engine and signature file (knowledge) update.
  • Resource and bandwidth consumption is optimized in non-persistent environments.
  • Virtual instances are uniquely identified.

Prerequisites

  • In persistent environments, computers must have fixed MAC addresses.
  • The computer used to generate the template or gold image must have an Internet connection.
  • You must be able to download one of these tools:

    And, the tool must be run as root.

Compatible Systems

Generally, this procedure works for these types of virtual machines:

  • VMware Workstation
  • VMware Server
  • VMware ESX
  • VMware ESXi
  • Citrix XenDesktop
  • XenApp
  • XenServer
  • Microsoft Virtual Desktop
  • Microsoft Virtual Servers

Install the Protection in Persistent Environments

Caution: It is important that you carefully follow each step in this procedure. After you complete the procedure, you must verify that all cloned devices display in the Endpoint Security management UI. Devices cloned incorrectly can affect the visibility of monitored actions, impact the reliability of the Advanced Protection, and compromise the security of your network. If you see only a single device in the management UI, you must repeat the process, rebuild the gold image, and deploy it again to the affected endpoints as soon as possible.

Install the Protection in Non-Persistent VDI Environments

The procedure to manage non-persistent VDI environments includes three phases.

Verify Computers in the Management UI

To make sure that you have followed the procedure correctly, make sure that the computers display in the Endpoint Security management UI.

Caution: If you see a single device, you must remove the device from the Computers list and start the procedure from scratch, that is, rebuild the gold image and deploy it again to the affected endpoints.

Persistent Computers

To verify persistent computers, from the management UI:

  1. Select Computers.
  2. Confirm that the cloned devices display in the list.

Non-Persistent Computers

WatchGuard Endpoint Security uses the FQDN (Fully Qualified Domain Name) to identify computers with IDs that have been deleted with the Endpoint Agent Tool and that are marked as gold image.

To verify non-persistent VDI computers, from the management UI:

  1. Select Settings.
  2. From the left pane, select Computer Maintenance.
  3. In the VDI Environments section, click Show non-persistent computers.
    The computers list displays with the non-persistent computers.
  4. Confirm that the devices are in the list.

License Management

After you delete the agent ID and disable the Is a Gold Image option, when a new computer starts, the system calculates its machine ID and determines whether the computer is a new computer or an existing one, based on the selected environment.

Non-Persistent Environments

If the maximum number of computers that are active simultaneously for non-persistent images is set, the server manages licenses automatically, provided there are available licenses and the number of concurrent machines is not exceeded.

Persistent Environments

If there are multiple computers that you no longer use, delete them from the database to free up licenses just as you would do with physical computers. You can delete all computers, or select an individual computer to delete.