We have to ESXi hosts sharing the load of our virtual servers, and soon to be VDI clients.
We have TWO (2) SEPM servers, sharing the load of SEP running on our virtual servers and physical clients. The client computers exist in roughly 4 major groups in the SEPM structure, plus some groups for special purposes. We operate in computer mode, NO user mode.
We have had the virtual servers for several years and are planning a move to VDI for the clients very soon - about 350-370 clients will be converted.
Part of the install process for the SVA (Security Virtual Appliance) was to complete or edit the information in the XML install file, AND to export the communications setting from the group. That should have been a red flag right there "group" and not "groupS".
OK, so I chose our largest group of desktop computers since I HAD to have something to put into the folder where the install XML and other install files resided.
So I run the command line to install just like the documents state - JAVA this and that, and it used the XML install file and created the SVA for host1. I did this again with a newly edited XML install file and created SVA for the ESXi host number 2. So now we have the two VMware host EXSi "machines", each with a SVA running under them. Trouble from minute one - getting the vShield thing in place has broken some certain communications with host1, but the biggest question is this - so now what?
I came in this AM and saw in the logs that our senior network admin was having big trouble running an install on one of the servers. I checked and the server was found in the desktop computer group! Yikes! I can't figure how a server got into the desktop group, but I have a funny feeling I'm about to find out.
Since I was only able to export the communications setting from one single SEP group and not multiple groups to use for the SVA install, I assume that now any computer - server or otherwise that appears to the SVA will be transported by magic into this desktop group?
OR, will it refuse to communicate with the servers since the SVA has only the settings for the desktop group and not the server group in SEP?
What's the point of groups if the SVA can only understand one single group's communication settings? Do I have to create a SVA, and thus a shared insight cache for every single SEP group we have? One for servers, one for public computers, one for our employee desktop computers, another for management people and so on?
If so, then what's the point?
What is the purpose of the communication settings file export that is used for the SVA install?
What if when we move to VDI, we have 4 different groups of computers in SEP? What about servers? We have 2 different server groups - one for DCs, and another for other servers - file/print, etc.? How does the SVA communicate with them since it only has the settings for the desktop group?
What if I create a whole new group and split things - or combine groups? What will the SVA do?
Is this why the SVA virtual appliances appear to be doing nothing at all, and there's no communication - SEPM console shows "uinknown"??
Is sharing information about files scanned using an administrator defined scheduled scan, or a manual scan, all that these SVA virtual devices can do for the overhead they consume and install requirements in VMWare?
And finally - doing an exhaustive search on the SVA - shared insight cache - is there anyone who knows about these, how they work, and what about organizations with multiple computer groups in SEP?