Reserve VM resources for ATP/SEDR VE in ESXi 6.02 or later

book

Article ID: 171226

calendar_today

Updated On:

Products

Endpoint Detection and Response Advanced Threat Protection Platform

Issue/Introduction

Symantec Advanced Threat Protection (ATP) 3.x and Symantec Endpoint Detection Response (SEDR) 4.x virtual edition (VE) require VM resources to be reserved for that VM alone.

  • If the resources are not reserved, the VM could break even on initial startup after providing the bootstrap data.
  • A broken VM with unreserved resources is not always recoverable, which may require that the OVA be redeployed to a new VM.

Environment

  • VMware ESXi/vSphere 6.02 to 6.5 using the vSphere client or web interface.

Resolution

By default, the ATP 3.x/SEDR 4.x OVA allocates 48GB of RAM and 12 CPUs. To reserve the VM resources, you will need to edit the VM guest and specify the amount of resources to reserve.

 

 

To edit the settings on the virtual machine in the vSphere client:

  1. Navigate to the Virtual Machine and access the Summary tab.
  2. Click Edit Settings:
  3. In the settings window, click the Resources tab.
  4. For CPU, the minimum recommended amount of reservation is 12 GHz or 12,000 MHz:
  5. For memory, all guest memory must be reserved:

 

 

 

To edit the settings on the virtual machine in the ESXi web interface:

  1. Navigate to the VM.
  2. In the top-center menu, click Edit:
  3. For CPU, the minimum recommended amount of reservation is 12 GHz or 12,000 MHz:
  4. For memory, all guest memory must be reserved:

 

 

 

To edit the settings on the virtual machine in the vSphere Web Client:

  1. Navigate to the VM.
  2. Under the Actions menu in the top-center menu, click Edit Settings:
  3. For CPU, the minimum recommended amount of reservation is 12 GHz or 12,000 MHz:
  4. For memory, all guest memory must be reserved:

Note: The vSphere/ESXI host must have these resources physically available and not reserved by any other VMs in order to allocate to the ATP VM. If you do not have enough physical resources for the VM, the VM will be in an unsupported configuration and may not function correctly.

Additional Information

Additional requirements are as follows:
  • Use the proper block size, depending upon the VMFS version of your system. If your datastore is using VMFS-2, then set block size to 4MB or greater.
  • If you are using a file system later than VMFS-2, then set block size to 8MB or greater.

NOTE: If the block size is not set correctly the EDR appliance will need to be reinstalled when the datastore is re-deployed with the correct block size.  See Block size limitations of a VMFS datastore (1003565) - https://kb.vmware.com/s/article/1003565

Attachments