XDR and virtual environment deployment

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

XDR and virtual environment deployment

L3 Networker

Hello, everyone. 

We're getting ready to incorporate XDR into our VDI infrastructure. Is anyone aware of any version restrictions with vSphere 6 and Horizon view 7.5 and .10? Has anyone had issues with resource consumption as it's deployed more and more into these types of environments? 

 

Along with that is there any helpful advice, tips n tricks, etc. that anyone can provide? I'm getting push back from other teams involved and I'm hoping this will go smoothly. 

 

Thanks in advance! 

7 REPLIES 7

L2 Linker

My 2 cents, based on view 7.4 then 7.10, persistent clones, now non-persistent linked clones, Win 7 now Win 10.

Test in a Test pool

6.1.3 works

6.1.4 doesn't work it comes up unlicensed

7.0.2 appears to work

 

Follow the instructions

VDI_ENABLED=1

do imageprep everytime you change image

 

Issues for us were less around resource consumption and more around conflicts with drivers, or with software that is restoring the profiles (we use Profile Unity).  Some of this was resolved with whitelisting, but since moving to the TRAPs in the cloud we haven't had to whitelist much.  The most frequent problem is with other IT folks saying "it's TRAPS!" for any problem that happens.

L2 Linker

I don't see anything specifically listed for VMware View on the compatibility matrix.

 

https://docs.paloaltonetworks.com/compatibility-matrix/cortex-xdr/where-can-i-install-the-cortex-xdr...

Interesting point on the support matrix.  We've called support numerous times (we've used TRAPS for years) and never caught any blowback about running it in View.  The agent instructions still have the blurb about installing in a non-persistent VDI environment.  I see Citrix listed on the compatibility matrix but wonder if that is actually compatibility for using app virtualization to package/deploy the Cortex agent (which is supported) vs support for Windows 10 running on those platforms.  We've found it to be lighter on the endpoints than any of the signature based AV we used in the past, admittedly we haven't used that stuff for some years now, and appreciate that it uses some intelligence to weed out bad software without relying on signatures which are bound to be out of date.

L3 Networker

Thank you for the replies. I have the agent installed to a test machine and the agent (v7.1.0) will not connect with the tenant. Is not seen at all. Any suggestions? Thanks again in advance. 

Does that same install work on another machine in your environment?  It wasn't clear to me if you're already using Cortex XDR and just adding it to VDI or if Cortex XDR is new to your environment.

Sorry about that... the agent install works already within our environment. We're just now adding it to our VM environment. 

 

The machine that looked OK in the console yesterday is now in a Disconnected state but I'm also logged into that device now and I can see the agent installed, however it is in a Disabled state. I'm not sure where the problem lies but it seems like there's a communication issue at some point. 

 

Thanks again for the assistance. 

I'd open a ticket, to at least get that process started.  

 

We found with non-persistent VDI they are only licensed when a user is logged into the vm.  Once they log out it releases the license until another user logs into that machine (this is with floating user assignment not dedicated).  If you are using Palo Alto NGFW at the perimeter, something we found that wasn't in the documentation is that it needs "google-base" in addition to "cortex-xdr" in the outbound security policy.  If you think it is a communication issue check your traffic logs on the firewall to see if you are seeing any "deny" actions from that machine.

 

edit:  FYI - cortex-xdr depends on ssl, web-browsing

 

  • 7667 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!