Install the Endpoint Software on Virtual Environments with a Template or Gold Image (Windows Computers)
Applies To: WatchGuard Advanced EPDR, WatchGuard EPDR, WatchGuard EDR, WatchGuard EPP
In large networks with many similar computers, you can automate the process to install the operating system and other software, such as security tools, with a template or gold image. You then deploy the template or gold image to all computers on the network.
This can also be done on virtual computers. Virtual environments are complex and varied. The steps to install WatchGuard Endpoint Security in persistent and non-persistent Virtual Desktop Infrastructure (VDI) environments require that the images or templates to be used in the virtual environment are up-to-date, optimized, and do not have a previously assigned device ID. At a high level, the steps to create a template or gold image for WatchGuard Endpoint Security are:
- Update the operating system and install the latest version of the WatchGuard Endpoint Security product on the virtual machine.
- Remove the device ID.
- Disable the agent service startup.
- Generate the template or gold image.
- Configure VDI cloning to enable the agent service in the post-customization phase.
These steps are detailed in corresponding help topics to create a template (for persistent environments) or a gold image (for non-persistent environments):
It is important to follow these procedures closely to:
- Make sure that the engine and signature file (knowledge) update.
- Optimize resource and bandwidth consumption in non-persistent environments.
- Make sure that virtual instances are uniquely identified.
Compatible Systems
Generally, the procedures to create and deploy a template or gold image will work for these types of virtual machines:
- VMware Workstation
- VMware Server
- VMware ESX
- VMware ESXi
- Citrix XenDesktop
- XenApp
- XenServer
- MS Virtual Desktop
- MS Virtual Servers
About the Unique Device ID
Every computer where WatchGuard Endpoint Security is installed has a unique device ID assigned. WatchGuard uses this ID to identify the computer in the management UI. If you generate a gold image from a computer and then copy it to other systems, every computer that receives it inherits the same device ID and the management UI only shows one computer. Each virtual computer must be uniquely registered in the management UI.
To make sure that each device ID is unique, you can use the Endpoint Agent Tool to delete the ID. The tool is available for download. When the virtual computer restarts with the new template or gold image, the system calculates its device ID and determines whether the computer is a new computer or an existing one, based on the environment.
Non-Persistent Environments
If the maximum number of machines that are active simultaneously for non-persistent images is set, the server manages licenses automatically, provided there are available licenses and the number of concurrent machines is not exceeded.
In non-persistent VDI environments, some virtual hardware parameters such as the MAC address of network interface cards can change with each restart. For this reason, device hardware cannot be used to identify computers or assign licenses to them. Additionally, the storage system of non-persistent VDI computers is emptied with each restart, which also deletes the ID assigned to the computer.
Persistent Environments
If there are multiple machines that are no longer used, delete them from the database to free up licenses just as you would do with physical machines. You can delete all machines, or select an individual machine to delete.