ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Reserve VM resources for ATP/SEDR VE in ESXi 6.02 or later

book

Article ID: 171226

calendar_today

Updated On:

Products

Endpoint Detection and Response Advanced Threat Protection Platform

Issue/Introduction

Symantec Advanced Threat Protection (ATP) 3.x and Symantec Endpoint Detection Response (SEDR) 4.x virtual edition (VE) require VM resources to be reserved for that VM alone.

  • If the resources are not reserved, the VM could break even on initial startup after providing the bootstrap data.
  • A broken VM with unreserved resources is not always recoverable, which may require that the OVA be redeployed to a new VM.
  • A VM could break if the block size for the datastore is not configured correctly.
    • Re-installation of EDR using the OVA is required in this situation.

Environment

  • VMware ESXi/vSphere 6.02 to 6.5 using the vSphere client or web interface.

Resolution

By default, the ATP 3.x/SEDR 4.x OVA allocates 48GB of RAM and 12 CPUs. To reserve the VM resources, you will need to edit the VM guest and specify the amount of resources to reserve.

 

 

To edit the settings on the virtual machine in the vSphere client:

  1. Navigate to the Virtual Machine and access the Summary tab.
  2. Click Edit Settings:
  3. In the settings window, click the Resources tab.
  4. For CPU, the minimum recommended amount of reservation is 12 GHz or 12,000 MHz:
  5. For memory, all guest memory must be reserved:

 

 

 

To edit the settings on the virtual machine in the ESXi web interface:

  1. Navigate to the VM.
  2. In the top-center menu, click Edit:
  3. For CPU, the minimum recommended amount of reservation is 12 GHz or 12,000 MHz:
  4. For memory, all guest memory must be reserved:

 

 

 

To edit the settings on the virtual machine in the vSphere Web Client:

  1. Navigate to the VM.
  2. Under the Actions menu in the top-center menu, click Edit Settings:
  3. For CPU, the minimum recommended amount of reservation is 12 GHz or 12,000 MHz:
  4. For memory, all guest memory must be reserved:

Note: The vSphere/ESXI host must have these resources physically available and not reserved by any other VMs in order to allocate to the ATP VM. If you do not have enough physical resources for the VM, the VM will be in an unsupported configuration and may not function correctly.

Important note about the virtual environment datastore block size:

Additional requirements are as follows:
  1. Use the proper block size, depending upon the VMFS version of your system. If your ESXi server is using VMFS-2, then set block size to 4MB or greater.
  2. If you are using a file system later than VMFS-2, then set block size to 8MB or greater.
  3. If the block size is not set correctly on the datastore where EDR is installed then reinstalling EDR is required.  EDR must be installed on a datastore with the correct block size.
    1. See Block size and vmdk size limitation - https://communities.vmware.com/t5/vSphere-Storage-Documents/VMFS-block-size/ta-p/2784698
    2. See Block size limitations of VMFS datastore (1003565) - https://kb.vmware.com/s/article/1003565
    3. PLEASE NOTE: Transferring a virtual machine to a new datastore is not supported.  Re-installation of EDR on a datastore that is configured with the correct block size is required.

Attachments

Powered by Wolken Software