VMware developed vCenter Protect as an anti-malware and antivirus security product with scripting and inventory features for virtual and physical machines. Explore the main vCenter Protect features in your lab during a free trial period.
Once you understand what vCenter Protect can do and the disparate software tools it replaces, you can install and start using the security product.
Install VMware vCenter Protect
VMware vCenter Protect requires an instance of Microsoft SQL Server 2008 in place. If you don't have it, download and install the free SQL Server 2008 Express edition.
I downloaded the vCenter Protect Advanced free evaluation. VMware's page will redirect to Shavlik.com (see Figure 1), because VMware acquired the IP for vCenter Protect from Shavlik Technologies in 2011. You'll find system requirements (see Figure 2), release notes and the upgrade guide on this page.
While it is new to most VMware administrators, vCenter Protect isn't a version 1.0 product that VMware came up with over the summer. VMware vCenter Protect sells at version 8.0.2 -- the tool has had more revisions than VMware vSphere.
I installed vCenter Protect on a vSphere virtual machine (VM), a Windows 2008 R2 server with SQL Server 2008 Express already installed. Immediately, I found that I was missing SP1 for Windows 2008 R2, which I installed, then reran the vCenter Protect install. Immediately, I found that I was missing .NET 4.0. Once that installed, vCenter Protect was finally ready to go.
The vCenter Protect Install wizard began (see Figure 3), and I used the vCenter Protect Database setup tool (see Figure 4), selecting "Create a new database," then configuring the connection.
The database configuration finished in a few minutes, completing the setup wizard. I started vCenter Protect in trial mode to test it for 30 days (see Figure 5).
Performing a patch scan
The easiest common task vCenter Protect performs is a patch scan. I ran a patch scan on the local machine where vCenter Protect resides.
Clicking "My Machine" from the machine groups menu (see Figure 6) brings up the patch scanning window. Click "Run operation" and then "Scan now" on the next window that appears.
This patch scan returned quite a list of new patches that had come out that day for a multitude of applications. On just the single VM hosting vCenter Protect, I had 64 missing patches and 1 missing service pack (see Figure 7). These missing patches aren't just Windows OS patches, but are also for MS SQL Server, Internet Explorer, Dot Net Framework, C++ and more. This illustrates the value of a patch management application: Without it, I'd have no way of keeping up with a daily list of new patches to apply.
VCenter Protect generated a detailed patch report as well as a beautiful executive summary. On a single-VM scan, the executive summary didn't tell me a lot (see Figure 8), but for an enterprise IT infrastructure, this will be a fantastic report.
In this trial, I applied the necessary patches after the scan; however, you can scan and apply (remediate) at the same time. For production use, create machine groups and an automated patch scanning and patching schedule.
What else can vCenter Protect do?
I recommend vCenter Protect for any systems administrator that wants a single application to perform multiple critical security tasks for both the physical and virtual infrastructure.
You can connect VMware Protect to vCenter by creating a new machine group that maps to a vCenter server. You'll automatically add all ESXi hosts and VMs that are managed by that vCenter host (see Figure 9).
Its antivirus protection can combine an agent policy and a threat task. You can push these agents to the machines with vCenter Protect.
Use vCenter Protect to perform a scan for asset reporting as well, by creating an asset scan template.
With a template and task scheduling, you can perform power management via the tool. Also, the scripts catalog included in vCenter Protect will be useful for administrators that want to increase automation in their infrastructure.