Did you know that VMware offers an antivirus and software update tool for both physical and virtual machines? Most VMware admins do not. Get to know VMware vCenter Protect, a security and scripting tool that could replace a handful of patch management and antivirus software products.
When VMware acquired Shavlik Technologies in 2011, I assumed that VMware was after Shavlik's NetChk Protect software-patching library for its virtual machine (VM) upgrade manager. Quite the opposite happened: VMware dropped VMware Update Manager (VUM) for vSphere Update Manager (still VUM) in vSphere 5. The new VUM only updates patches on vSphere ESXi hosts, VM hardware and VM tools. It does not update VMs running the MS Windows OS, MS Office or even Adobe applications.
Rather than kill Shavlik NetChk Protect, VMware enhanced it and debuted VMware vCenter Protect. Unlike VMware management tools to date -- perhaps excepting the new vCloud Automation Center born of DynamicOps -- vCenter Protect manages both virtual and physical machines.
What VMware vCenter Protect offers
You can guess that VMware's Protect offering is a security product by the name. Yes, vCenter Protect offers antivirus and anti-malware (AV/AM) features, and the same tool provides physical and virtual server protection. It has built-in templates and scanning to protect offline VMs.
There is more to VMware Protect than AV and AM (Figure 1). It can inventory all your assets, physical and virtual, so you truly know what's there. Its patch management capabilities keep software applications current and more secure.
Beyond protecting the data center, vCenter Protect offers built-in scripting tools and a script library via the ITScripts feature. Its Power-On Management (Wake-on-LAN) automatically powers down computers when not in use.
Replace these tools with vCenter Protect
You probably have a data center built over time with physical and virtual components, and with a variety of software products. No matter what IT solution you look at, you'll always have a "this or that" decision.
VMware vCenter Protect will replace many existing software tools, which could help you justify paying for the new product.
VCenter Protect can patch Windows OSes running on servers and workstations (even Windows 8 and Windows 2012 are supported), so don't bother with Microsoft Windows software update services (WSUS) or other OS patch management tools.
VMware vCenter Protect performs inventory and application patching of physical servers and VMs, making application patch management products from KACE, Symantec, Solarwinds, Tivoli, ManageEngine, GFI and other companies unnecessary.
Everyone uses enterprise-grade AV/AM software -- Microsoft AV Forefront, Trend Micro, Symantec Viper and others -- on servers and workstations. Some companies even use one tool for physical devices and another for virtual devices. VCenter Protect not only replaces these AV and AM products, it also does a better job of talking to vCenter to see what VMs are out there, patching offline VMs and utilizing snapshot technology for patching and virus remediation.
Are you struggling with PowerShell scripting, painfully trying to use batch files in Windows login scripts? Are you looking for a scripting tool to help you automate common tasks in the Windows infrastructure? VCenter Protect includes a growing library of pre-created and tested scripts. They are documented and easily modified to automate common tasks.
If you add up the cost of all these products as well as the time implementing and troubleshooting them, vCenter Protect may be a logical (and lower cost) replacement. On top of that, vCenter Protect natively supports virtualization, unlike some available products.
Choosing the right edition
Like other VMware products, vCenter Protect is available in multiple versions: Standard, Advanced and Essentials Government Edition (Figure 2).
If you choose Advanced over vCenter Protect Standard, you'll add antivirus, power management and ITscripts functionality. I chose the free evaluation of vCenter Protect Advanced for my lab environment. Starting out with vCenter Protect, I tried a lot of patching, antivirus scanning, inventory and even scripting.