Video Screencast Help

Symantec Protection Center on Virtual server - Can't install VMWare tools

Created: 24 Aug 2012 | 6 comments

I installed the SPC virtual appliance per Symantec's instructions in our ESX Hosted environment.  However the Windows Web Server Core product has no interface when you log in to the appliance.  The VMWare tools are required in order for the virtual machine to properly manage it's assigned virtual resources.  However, I'm not able to install the VMWare tools via the "VM" -> "Guest",-> "Install/Upgrade VMWare Tools" menu options when I open a console in the vSphere client.  There is no interface in the Core product which I assume is causing the difficulty.  How do I install the tools?  The hotkey pass through for this appliance seems to be disabled.  Not being able to install VMWare tools on a virtual server is a bad thing.....

Thanks,

 

Dino Ingram

Comments 6 CommentsJump to latest comment

rscovel's picture

Hello Dino,

Installation of VMWare tools was initially planned to be installed automatically, but there were concerns with the security implications of having them installed. As such, they were not included by default, and, as you say, there is no GUI for the installation.

In addition, there is no ability to install using the SPC_Admin account as you do not have command line access.

In testing the tools have been installed successfully by launching the setup at the command line, but again, because of the security concerns around the file sharing and the other holes this makes in the security of this SECURITY APPLIANCE, support for this has not been included.

Russ Scovel
Inside Systems Engineer

Altiris SOS – Endpoint Management and Mobility
Symantec Corporation 
www.symantec.com

ingram59's picture

Thanks for the timely response.  Does Symantec plan on 'loosening the screws' a little bit to allow installation of the tools, by allowing access to pass-through hotkeys or command prompt availability?  While it is only on one virtual appliance, Symantec exacts a hefty toll in the form of a MANDATORY memory and CPU committment for installation of the virtual appliance.  Without the availability of the VMWare tools all resources assigned to that VM are fully committed and unavailable to other VMs.  IMHO, for our environment this is a serious shortcoming. 

Thanks

Dino Ingram

ingram59's picture

As far as I know, there's nothing to look at.  The VMWare console merely presents a message that it mounts the media and shows completed.  However the question seem moot, given the status indicated further in this thread.

Dino

ingram59's picture

One other thought.  I understand that it is classified as a security appliance, however, I think that classification is overstated.  Please, correct me if I'm in error with the following observation.  Also I mean no offence, nor is my intent to foment an argument or confrontation. 

The SPC console appears to be used as a centralized point for monitoring and reporting, not for administration of the various products that snap-in to it.  That being the case, where is the added security risk that would cause the concern.  Conversely, the SEPM is a true management console, and, in my opinion poses more of a risk that a centralized monitoring tool.  That being the case why hasn't Symantec locked down the SEPM console?  Don't misunderstand, I'm NOT advocating that they do so, it's merely a question designed to get some understanding

Thanks,

Dino

rscovel's picture

We have data in the CMDB that could be classified as sensitive. IP addresses, connection times, users last logon times, etc.

This is data that SEPM has as well.

We do more than just report, in regards to SEPM. We manage via workflows and consolidate data from multiple regions (Multiple SEPM's) in one spot.

I won't go down the road of which products are classified in what manner, but will say that because of it's LOCKED DOWN state the APPLIANCE is meant to be low maintenance. There are little, if any, of the vulnerabilities that affect Windows OS as a whole that affect this appliance because of our security stance and it's locked down nature.

Regards.

Russ Scovel
Inside Systems Engineer

Altiris SOS – Endpoint Management and Mobility
Symantec Corporation 
www.symantec.com