Use the following procedure to install Carbon Black Cloud Windows sensors in an environment that has both full and instant Horizon clones.
Procedure
- Create the golden image for the full clone pool. As per the Horizon documentation, perform the required steps, including installing VMware Tools and Horizon Agent. Do not install the Carbon Black Cloud sensor on the golden image.
- Put the Carbon Black Cloud sensor MSI on the golden image (preferably in the System Root directory).
- Prepare the Customization Specification that will be used to create the full clone pool.
- Add the following sensor installation command into Customization Specification commands:
msiexec.exe /q /i <Sensor Installer Path > /L*v msi.log COMPANY_CODE="XYZABC" CLI_USERS=<UserGroupSid> GROUP_NAME="<NAME Virtual Policy>"
Note: For Horizon Pre-7.13, 8.0 and Windows sensors 3.7MR2+, add the following parameter to enable automatic reregistration of clones:AUTO_REREGISTER_FOR_VDI_CLONES=3
. If you are using an older sensor version, use theBASE_IMAGE=1
parameter instead.< Sensor Installer Path> : Replace this value with the location of the sensor MSI file; for example,c:\tmp\installer_win-64-3.6.0.1941.msi
.CLI_USERS= UserGroupSid: This parameter enables RepCLI usage on the clones. The value is the Security Identifier (SID) of the user account/group that will run RepCLI commands on the clones.GROUP_NAME: Indicates the policy name that has the necessary exclusions and configurations to apply to the clones.See Installing Windows Sensors on Endpoints and Windows Sensor Supported Commands. For more information about RepCLI, see Managing Sensors by using RepCLI in the User Guide.
- Deploy the full clone pool from the golden image VMTemplate by using the Customization Specification.
The cloned VMs are registered to the Carbon Black Cloud console. If enabled by policy, a background scan is run on each cloned VM after the pool is provisioned. Note that the background scan can cause performance issues, depending on how many VMs exist per host.
- Enable sensor settings to deregister inactive VMs. This setting provides operational and management benefits to instant clone VMs.
- In the Carbon Black Cloud console, go to Inventory>Endpoints>Sensor Options>Sensor Settings or Inventory>Workloads>Sensor Options>Sensor Settings or Inventory>VDI Clones>Sensor Options>Sensor Settings.
- For instant clones, enable the following options and set the timeframes to ensure automatic clean-up of inactive, deregistered instant clones. Do not enable these options for full clones.
- Delete sensors that have been deregistered for...
- Deregister VDI sensors that have been inactive for...
- Enable the Signature Update setting on Enforce>Policy>Assigned Policy>Local Scan>Signature Update.
Note: This installation method requires a different golden image for the full clone pool than for the instant clone pool.
With the 3.7+ Windows sensor, a reboot is needed on VDI clones to fully apply new ransomware protections.