An integral part of implementing VDI support is the installation and configuration of Carbon Black EDR sensors. Each sensor collects data on running processes and binaries.
You can implement VDI support by using one of the following approaches:
-
Global VDI Support
-
Sensor group VDI Support
When installing a Carbon Black EDR sensor on a primary image, we recommend that you use Global VDI Support. While not required for sensor-group-based VDI support, the combination of the two solutions provides additional assurance that the primary image does not cause any sensor conflicts.
A sensor collects data upon installation and its collection process can be optimized by clearing out two types ofCarbon Black EDR directories: those storing binary or event log data. Clearing out these directories before the sensor becomes operational ensures that the sensor does not propagate a backlog of data from processes that ran while installing Carbon Black EDR to any or all of the images. Such a propagation can have adverse effects while deploying the image.
After stopping Carbon Black EDR sensor services on the client, clear the directories and files for the following types of data:
-
Windows binary data
-
Directory: %WINDIR%\CarbonBlack\store
-
Sub-directories: MD5_*
-
-
Windows event data
-
Directory: %WINDIR%\CarbonBlack\EventLogs
-
Files: eventlog_*.log.zip and active-event.log
-
-
OSX binary data
-
Directory:/var/lib/cb/store
-
Files: MD5_*
-
-
OSX event data
-
Directory: /var/lib/cb
-
Files: event.log*
-
After the directories are cleared, you can configure either global or sensor group VDI support.