This article describes how to install Carbon Black Cloud Windows sensors on the command line or through software distribution tools in a VMware vSphere environment to enable the automatic identification and registration of vSphere clones.
Prerequisites
To get started, see Installing Sensors on Endpoints in a VDI Environment.
Make sure that your environment meets the minimum requirements:
- Carbon Black Cloud Windows sensor 3.7 MR2 and later
- vCenter Server 6.7 or later
- Host with ESXi 6.7 or later connected to the vCenter server
- Windows VM running OS versions that are supported by the sensor
- Carbon Black Host Module installed and running on the hosts on which VMs are deployed
Procedure
- Install the Windows sensor on VMs using the following command:
msiexec.exe /q /i <Sensor Installer Path> /L*v msi.log COMPANY_CODE="XYZABC" CLI_USERS=<UserGroupSid> AUTO_REREGISTER_FOR_VDI_CLONES=3 GROUP_NAME="<Virtual Policy>"
<
Sensor Installer Path> : Replace this value with the location of the sensor MSI file; for example,
c:\tmp\installer_win-64-3.7.0.1503.msi
.
CLI_USERS=
<UserGroupSid>: This parameter enables RepCLI usage on the clones. The value is the Security Identifier (SID) of the user account/group that will run RepCLI commands on the clones.
GROUP_NAME: Indicates the policy name that has the necessary exclusions and configurations.
- (Optional) Confirm that the required configuration properties are set correctly to enable the automatic identification and reregistration of vSphere clones:
- Use the
repcli configprops
command to verify that the configuration properties have the expected values:
Table 1.
Configuration Properties
Configuration Property and Value |
Usage |
VHostEnabled=1 |
-
Controls communication with Host User World. Supported values:
-
0=False
-
1=True (default)
|
EnableAutoReregisterFor VDIClones=3 |
-
Controls the auto-reregistration feature. Supported values:
-
1=Disable auto-reregistration for VDI clones (default)
-
2=Make reregister decision based on BIOS UUID change only
-
3=Make reregister decision based on BIOS UUID and MAC HASH change (required)
|
EnableExternalIdsChange DetectionForVDIClones=1 |
-
Controls Host User World-based auto-reregistration feature. Supported values:
-
0=False
-
1=True (default)
|
IncludeExternalIds InMsgsToBackend=1 |
-
Select if external identifiers should be sent in messages to the backend. Supported values:
-
0=False
-
1=True (default)
|
- If any of these configuration properties have different values, edit C:\ProgramData\CarbonBlack\DataFiles\cfg.ini to change them. To disable automatic reregistration, set
EnableExternalIdsChangeDetectionForVDIClones
to 0
. After you have made your changes, run the RepCLI updateconfig
command to immediately update the cfg.ini file.
Note: You must put the sensor into bypass mode before you can edit
cfg.ini. As a best practice, make a backup of
cfg.ini into another directory before you edit it in a plain text editor. After you have edited
cfg.ini, take the sensor out of bypass mode. For more details about editing
cfg.ini, see
How To Change ConfigProps Via Cfgi.ini.
- Issue the
repcli status
command to verify that the sensor can connect to the host module and can query external identifiers. For example:
cmd> repcli status
General Info:
Sensor Version[3.7.0.1500 - Oct 8 2021 - 14:41:39]
Local Scanner Version[ - ]
Sensor State[Enabled]
DeviceHash[e56223a76e00...]
DeviceID[11223344]
VirtualGuestToHostCommsStatus[Connected]
ExternalIdentity[ee8fc1c7-bd1e-4b10-9f32-04825a8b136e::501052cb-1d88-24b6-963d-9625a6c39f1e]
- Clone the VM through vSphere or by using APIs (managed object browser, pyVmomi, etc.).
The sensor running on the cloned VM should reregister. You can check the same by running repcli status
on the clone VM and ensuring that the updated external identifiers have persisted and the Device ID has changed.