Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: How to Deploy Sensor to a Non-Persistent VDI Primary Image

Carbon Black Cloud: How to Deploy Sensor to a Non-Persistent VDI Primary Image

Environment

  • Carbon Black Cloud Sensor: 3.1.x and higher versions
  • Microsoft Windows: All Supported Versions
  • Desktop Infrastructure (VDI) Primary Image Non-Persistent Virtual
  • VMware Horizon View
  • Citrix XenDesktop

Objective

To deploy Carbon Black Cloud Sensors to a Non-Persistent VDI Primary Image, which is subsequently cloned

Resolution

Sensors 3.4.x and Higher: Sensors 3.1.x - 3.3.x:
  1. Create a policy group called "Virtual Desktops"
  2. Install sensor on the "Primary Image" using command:
    msiexec.exe /qn /i installer_vista_win7_win8-XX-X.X.X.X.msi /L*vx msi.log  COMPANY_CODE=<Company_Registration_Code>  VDI=1 GROUP_NAME="Virtual Desktops" AUTO_UPDATE=0
  3. Use the tools required to clone the VDI.
  4. The cloned VDI will register with the Carbon Black Cloud once the "CB Defense" Carbon Black Cloud Sensor Service starts. These cloned VDI will then appear in the Endpoints or Workloads page of the Carbon Black Cloud Console

Additional Notes

  • Warning: If VDI=1 was used and the sensor is uninstalled from the primary image, cloned VDI will fail to register and display within the Carbon Black Cloud Console.
  • Note: For non-persistent deployments leveraging Horizon version 7.13, 2012, and later versions, and Carbon Black Cloud sensor version 3.6+, you must remove the batch file (example batch file path: C:\CB.bat) inserted into the golden image previously. This is possible because the registry of HKLM\Software\VMware, Inc.\ViewComposer\ga\AgentIntegration is now automatically set by the the Instant Clone Agent. See Interoperability of VMware Carbon Black and Horizon for details
  • Make sure that the primary image never registers as a clone or gets deregistered.
  • The endpoint inherits the policy from the primary image unless you have previously created sensor groups, and the installed sensor matches a sensor group’s criteria. Manual policy assignment post-installation overrides the inheritance.
  • Non-persistent VDI endpoints should be managed in a separate policy from Persistent VDIs. In Non-persistent VDI policies, we recommend that you enable the setting "Auto-deregister VDI sensors that have been inactive for" to remove any clones that been inactive for the specified duration. In Persistent VDI policies, we recommend that you disable this setting to prevent unintentional uninstall of the sensor.
  • Install the sensor with the CLI_USERS parameter to ensure Repcli Authentication is configured.
  • VDI=1 has been deprecated in favor of "repcli.exe register now" in sensor versions 3.4.x and Higher and is no longer supported for use in these versions. 

Related Content


Was this article helpful? Yes No
34% helpful (1/3)
Article Information
Author:
Creation Date:
‎11-26-2018
Views:
30122
Contributors