Deploy VMware vCenter Protect for antivirus, asset inventory and more

VMware endowed vCenter Protect with antivirus patch management as well as scripting and inventory features for physical and virtual machines.

VMware developed vCenter Protect as an anti-malware and antivirus security product with scripting and inventory features for virtual and physical machines. Explore the main vCenter Protect features in your lab during a free trial period.

Once you understand what vCenter Protect can do and the disparate software tools it replaces, you can install and start using the security product.

Install VMware vCenter Protect

Downloading VMware vCenter Protect
Figure 1. The download page for VMware vCenter Protect.

VMware vCenter Protect requires an instance of Microsoft SQL Server 2008 in place. If you don't have it, download and install the free SQL Server 2008 Express edition.

VCenter Protect install prerequisites
Figure 2. Fulfill these prerequisites for the vCenter Protect install.

I downloaded the vCenter Protect Advanced free evaluation. VMware's page will redirect to Shavlik.com (see Figure 1), because VMware acquired the IP for vCenter Protect from Shavlik Technologies in 2011. You'll find system requirements (see Figure 2), release notes and the upgrade guide on this page.

vCenter Protect Installation Wizard
Figure 3. The wizard will take you through installation.

While it is new to most VMware administrators, vCenter Protect isn't a version 1.0 product that VMware came up with over the summer. VMware vCenter Protect sells at version 8.0.2 -- the tool has had more revisions than VMware vSphere.

VCenter Protect Database Configuration Tool
Figure 4. Configure a database in vCenter Protect with this tool.

I installed vCenter Protect on a vSphere virtual machine (VM), a Windows 2008 R2 server with SQL Server 2008 Express already installed. Immediately, I found that I was missing SP1 for Windows 2008 R2, which I installed, then reran the vCenter Protect install. Immediately, I found that I was missing .NET 4.0. Once that installed, vCenter Protect was finally ready to go.

The vCenter Protect Install wizard began (see Figure 3), and I used the vCenter Protect Database setup tool (see Figure 4), selecting "Create a new database," then configuring the connection.

VMware vCenter Protect Activation
Figure 5. Activate vCenter Protect in trial mode if you are evaluating the tool.

The database configuration finished in a few minutes, completing the setup wizard. I started vCenter Protect in trial mode to test it for 30 days (see Figure 5).

Performing a patch scan

VCenter Protect Console
Figure 6. Start a patch scan from the vCenter Protect Console.

The easiest common task vCenter Protect performs is a patch scan. I ran a patch scan on the local machine where vCenter Protect resides.

Clicking "My Machine" from the machine groups menu (see Figure 6) brings up the patch scanning window. Click "Run operation" and then "Scan now" on the next window that appears.

Patch scan results in vCenter Protect
Figure 7. The scan brought up a long list of patches in vCenter Protect.

This patch scan returned quite a list of new patches that had come out that day for a multitude of applications. On just the single VM hosting vCenter Protect, I had 64 missing patches and 1 missing service pack (see Figure 7). These missing patches aren't just Windows OS patches, but are also for MS SQL Server, Internet Explorer, Dot Net Framework, C++ and more. This illustrates the value of a patch management application: Without it, I'd have no way of keeping up with a daily list of new patches to apply.

Patch Scanning Executive Summary
Figure 8. The executive summary of my patch scan didn't say much for a single VM, but it will be very useful in real-world scans.

VCenter Protect generated a detailed patch report as well as a beautiful executive summary. On a single-VM scan, the executive summary didn't tell me a lot (see Figure 8), but for an enterprise IT infrastructure, this will be a fantastic report.

In this trial, I applied the necessary patches after the scan; however, you can scan and apply (remediate) at the same time. For production use, create machine groups and an automated patch scanning and patching schedule.

What else can vCenter Protect do?

I recommend vCenter Protect for any systems administrator that wants a single application to perform multiple critical security tasks for both the physical and virtual infrastructure.

VCenter Protect connects to a vCenter Server

Figure 9. Connect vCenter Protect to a vCenter Server with a new machine group.

You can connect VMware Protect to vCenter by creating a new machine group that maps to a vCenter server. You'll automatically add all ESXi hosts and VMs that are managed by that vCenter host (see Figure 9).

Its antivirus protection can combine an agent policy and a threat task. You can push these agents to the machines with vCenter Protect.

Use vCenter Protect to perform a scan for asset reporting as well, by creating an asset scan template.

With a template and task scheduling, you can perform power management via the tool. Also, the scripts catalog included in vCenter Protect will be useful for administrators that want to increase automation in their infrastructure.

Find more information about vCenter Protect on the product homepage, including how to start a free evaluation. Other resources include vCenter Protect's product documentation and community forum.

Dig Deeper on Securing a VMware environment