EPSecLib

The NSX Manager handles the deployment of this virtual machine. In the past (with vShield), the third party SVA solution handles the deployment. That solution now connects to the NSX Manager. The NSX Manager handles the deployment of this SVA. If there are alarms on the SVA's in the environment, re-deploy them through the NSX Manager.

  • Any configuration is lost as this is all stored inside the NSX Manager.

  • It is better to re-deploy the SVA virtual machines, instead of rebooting them.

  • NSX relies on EAM for deploying and monitoring VIBs and SVMs on host such as the SVA.

  • EAM is the source of truth for determining the Install Status.

  • The Install status in NSX User Interface (UI) can only tell if the VIBs are installed, or if the SVM is powered on.

  • The Service status in NSX UI indicates if the functionality in the virtual machine is working

SVA deployment and relationship between NSX and vCenter Server Process

  1. When the Cluster is selected to be prepared for Endpoint, an Agency is created on EAM to deploy the SVA.

  2. EAM then deploys the ovf to the ESXi host with the agency info it created.

  3. NSX Manager verifies if ovf was deployed by EAM.

  4. NSX Manager verifies if virtual machine was powered on by EAM.

  5. NSX Manager communicates to the Partner SVA Solution Manager that the virtual machine was powered on and registered.

  6. EAM sends an event to NSX to indicate that installation was complete.

  7. Partner SVA Solution Manager sends an event to NSX to indicate that the service inside the SVA virtual machine is up and running.

  8. If you are having an issue with the SVA, there are two places you can look at the logs. You can check the EAM logs, as EAM handles the deployment of these virtual machines. For more information, see Collecting diagnostic information for VMware vCenter Server 4.x, 5.x and 6.0 (1011641). Alternatively, look at the SVA logs.

    For more information, see Guest Introspection Logs.

  9. If there is a problem with the SVA deployment, it is possible that there is an issue with EAM and the communication to NSX Manager. You can check the EAM logs, and the simplest thing to do is to restart the EAM Service. For more information, see Host Preparation.

  10. If all of the above seems to be working, but you want to test the Endpoint functionality, you can test this with an Eicar Test file:

    • Create any new text file with any label. For example: eicar.test.

    • The contents of the file should only be the following string:

      X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

    • Save the file. Upon saving, you should see that the file is deleted. This verifies that the Endpoint solution is working. For more information see Eicar.