Installing Guest Introspection automatically installs a new VIB and a service virtual machine on each host in the cluster. Guest Introspection is required for Activity Monitoring, and several third-party security solutions.

Note: You cannot migrate a Service VM (SVM) using vMotion/SvMotion. SVMs must remain on the host on which they were deployed for a correct operation.

Prerequisites

The installation instructions that follow assume that you have the following system:
  • A data center with supported versions of vCenter Server and ESXi installed on each host in the cluster.
  • Hosts in the cluster where you want to install Guest Introspection have been prepared for NSX. See "Prepare Host Clusters for NSX" in the NSX Installation Guide. Guest Introspection cannot be installed on standalone hosts. If you are deploying and managing Guest Introspection for anti-virus offload capability only, you do not need to prepare the hosts for NSX, and the NSX for vShield Endpoint license does not allow it.
  • NSX Manager installed and running.
  • Ensure the NSX Manager and the prepared hosts that run Guest Introspection services are linked to the same NTP server and that time is synchronized. Failure to do so might cause VMs to be unprotected by anti-virus services, although the status of the cluster will be shown as green for Guest Introspection and any third-party services.

    If an NTP server is added, VMware recommends that you then redeploy Guest Introspection and any third-party services.

  • If your network contains vSphere 7.0 or later, ensure that the vCenter clusters do not use a vSphere Lifecycle Manager (vLCM) image to manage ESXi host life-cycle operations. Guest introspection service cannot be installed on vCenter clusters that use a vLCM image.

    To verify whether a vLCM image is used to manage hosts in the cluster, log in to the vSphere Client and go to Hosts and Clusters. In the navigation pane, click the cluster, and navigate to Updates > Image. If a vLCM image is not used for the cluster, you must see the SetUp Image button. If a vLCM image is used for the cluster, you can view the image details, such as ESXi version, vendor add-ons, image compliance details, and so on.

If you want to assign an IP address to the Guest Introspection service virtual machine from an IP pool, create the IP pool before installing Guest Introspection. See "Working with IP Pools" in the NSX Administration Guide.

Caution: Guest Introspection uses the 169.254.x.x subnet to assign IP addresses internally for the GI service. If you assign the 169.254.1.1 IP address to any VMkernel interface of an ESXi host, the Guest Introspection installation will fail. The GI service uses this IP address for internal communication.

vSphere Fault Tolerance does not work with Guest Introspection.

Guest Introspection is not supported with vSphere Auto Deploy on stateless ESXi hosts.

Procedure

  1. Navigate to Networking & Security > Installation and Upgrade > Service Deployment.
  2. Click Add.
  3. In the Deploy Network and Security Services dialog box, select Guest Introspection.
  4. In Specify schedule (at the bottom of the dialog box), select Deploy now to deploy Guest Introspection immediately after it is installed or select a deployment date and time.
  5. Click Next.
  6. Select the datacenter and clusters where you want to install Guest Introspection, and click Next.
  7. On the Select storage and Management Network Page, select the datastore on which to add the service virtual machines storage or select Specified on host. It is recommended that you use shared datastores and networks instead of "specified on host" so that deployment workflows are automated.
    The selected datastore must be available on all hosts in the selected cluster.

    If you selected Specified on host, complete the following substeps for each host in the cluster.

    1. On the Home page, click Hosts and Clusters.
    2. Click a host in the Navigator, and then click Configure.
    3. In the left navigation pane, under Virtual Machines click Agent VMs, and then click Edit.
    4. Select the datastore and click OK.
  8. If you set datastore as Specified on host, you must set the network also as Specified on host.

    If you selected Specified on host, follow the substeps in Step 7 to select a network on the host. When you add a host (or multiple hosts) to the cluster, the datastore and network must be set before each host is added to the cluster.

  9. In IP assignment, select one of the following:
    Select To
    DHCP Assign an IP address to the Guest Introspection service virtual machine through Dynamic Host Configuration Protocol (DHCP). Select this option if your hosts are on different subnets.
    Use IP Pool Assign an IP address to the Guest Introspection service virtual machine from the selected IP pool.
  10. Click Next and then click Finish on the Ready to complete page.
  11. Monitor the deployment until the Installation Status column displays Succeeded.
    In NSX 6.4.0 and later, the name of the GI SVM in vCenter Server displays the IP address of the host that it has been deployed on.
  12. If the Installation Status column displays Failed, click the icon next to Failed. All deployment errors are displayed. Click Resolve to fix the errors. Sometimes, resolving the errors displays additional errors. Take the required action and click Resolve again.
    Caution: In a network that contains vSphere 7.0 or later, after the Guest Introspection service or any other third-party partner service is installed, you cannot use a vLCM image on the vCenter clusters. If you try to use a vLCM image on the vCenter clusters, warning messages are displayed in the vSphere Client to inform you that standalone VIBs are present on the hosts.