x
48h OFFER
If you're already a customer of
our homeusers protection,
renew now with 50% off
RENEW NOW
x
48-HOUR OFFER
50%
RENEWALS
Home users only
RENEW AT A DISCOUNT
x
EXCLUSIVE OFFER
50%
RENEWALS Home users only
RENEW AT A DISCOUNT
x
SPECIAL OFFER
If you're already a customer of
our homeusers protection,
renew now with 50% off
RENEW NOW
x
HALLOWEEN OFFER
take advantage of our
terrific discounts
BUY NOW AND GET 50% OFF
x
SPECIAL OFFER
Buy the best antivirus
at the best price
BUY NOW AND
GET 50% OFF
x
SPECIAL OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET 50% OFF
x
SPECIAL OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET 50% OFF
x
UP TO
-60%
BUY NOW
x
UP TO
-60%
BUY NOW

Hello!

You’re about to visit our web page in English
Would you like to continue?

Yes, I want to visit the web page in English No, I want to visit the web page in

If this is not what you’re looking for,

Visit our Welcome Page!

Technical Support

Need help?

 

How to create an image for Windows persistent and non-persistent environments (VDI) with products based on Aether Platform

Information applies to:

Products
Panda Adaptive Defense 360 on Aether PlatformPanda Adaptive Defense on Aether Platform
Panda Endpoint Protection on Aether PlatformPanda Endpoint Protection Plus on Aether Platform

Considerations to bear in mind before you start

Virtual environments are complex and varied. Due to these peculiarities, installing Panda solutions in these environments requires a special procedure which is described below. In environments with very specific characteristics, it may be necessary to follow the recommendations provided by the virtualization vendor to adapt Panda's general instructions to your needs. Please contact Panda Security Technical Support so that our experts can analyze your particular environment and provide you with a tailor-made solution as soon as possible.

Situation
This article offers a step-by-step walkthrough of how to install Panda Security solutions on Aether platform in persistent and non-persistent Virtual Desktop Infrastructure (VDI) environments. Due to their characteristics, virtual computers or instances require that a specific procedure be followed to ensure that the images or templates to be used in virtual environments are up to date, optimized, and don't have a previously assigned machine ID so that, when a virtual computer is started, it is uniquely registered in the Web console.

The installation procedure requires that a template (for persistent environments) or a gold image (for non-persistent environments) be prepared that will be later deployed to the virtual computers on the network. It is very important to follow this procedure closely to:
  1. Ensure engine and knowledge updates.
  2. Optimize resource and bandwidth consumption in non-persistent environments.
  3. Ensure virtual instances are uniquely identified.
Prerequisites
  • In persistent environments, computers must have fixed MAC addresses.
  • The computer used to generate the template or gold image must have an Internet connection.
Compatible systems
Generally, the procedure described in this document works* with the following types of virtual machines:
  • VMware Workstation
  • VMware Server
  • VMware ESX
  • VMware ESXi
  • Citrix XenDesktop
  • XenApp
  • XenServer
  • MS Virtual Desktop
  • MS Virtual Servers

*Bear in mind the considerations at the beginning of the article.

Product version
Version 3.41 or later of the product is required to install Panda Security's protection in non-persistent environments. This is not a requirement in the case of persistent environments, but it is recommended.



Installing the protection in persistent environments

+ Steps to prepare the machine the template will be generated from: - Steps to prepare the machine the template will be generated from:
  1. Install/update the operating system with the customer's applications.
  2. From the product console, create one group to host the template and the virtual machines ('Virtual machines' group).



    • 'Virtual machines' group
      • Go to the Settings tab, click Per-computer settings and create a settings profile for future image updates.
      • Make sure automatic updates of the protection engine are enabled.

      • Assign these settings to the group you created for the template ('Virtual machines' group).
      • Next, click the Settings tab, and select Workstations and servers from the Security section to create a settings profile for future image updates.
      • Make sure automatic knowledge updates are enabled:

      • Assign these settings to the group you created for the template ('Virtual machines' group).
  3. Install the agent and the protection:
    • Go to the Computers tab, select the template group ('Virtual machines' group), and click Add computers. This will download the installer.

    • Install the agent on the template and wait for the progress window to finish. During that time, the protection will be automatically installed, configured and updated. After the installation is completed, the computer will appear on the list of protected computers in the Web console, with a green icon. The computer's protection and knowledge will be up to date.
  4. Run Panda Aether Tool on the computer with the template.
    • Scan it by using the Scan button. This will fill the goodware cache and leave the protection in an appropriate state for virtual images. This process can take some time, depending on the contents of the hard disk. Please wait until you are notified that the operation has finished.
    • Remove the machine ID. To do this, click the Unregister device button, making sure the Is a gold image option is unchecked. This will remove the agent ID from the template, so that all virtual machines that get run obtain their ID upon being executed and connecting to Aether for the first time.



      IMPORTANT! This step is critical to ensure that each virtual machine is uniquely identified in the Web console.
  5. Access the virtual environment management tool and generate the template. If you have questions about this step, please contact your vendor.

Installing the protection in non-persistent VDI environments
The procedure for managing non-persistent VDI environments consists of three phases.
+ Phase I Preparing and generating the gold image - Phase I Preparing and generating the gold image

Before generating the gold image, you must prepare the machine from which it will be created:
  1. Install/update the operating system with the customer's applications.
  2. From the product console, create one group to host the gold image ('Gold or template image' group), and another to host virtual machines ('Virtual machines' group).
    • 'Gold or template image' group
      • Go to the Settings tab, click Per-computer settings and create a settings profile for future image updates.
      • Make sure automatic updates of the protection engine are enabled.
      • Select the automatic restart option to make sure the computer will be updated.

      • Assign these settings to the group you created for the gold image ('Gold or template image' group).
      • Next, click the Settings tab, and select Workstations and servers from the Security section to create a settings profile for future image updates.
      • Make sure automatic knowledge updates are enabled.
      • Assign these settings to the group you created for the gold image ('Gold or template image' group).
    • 'Virtual machines' group
      Virtual instances are based on the updated gold image. To optimize the VDI server's resources and reduce bandwidth usage, disable updates by following the steps below:
      • Create a Per-computer settings profile that has updates disabled, and assign it to the 'Virtual machines' group.

      • Go to Workstations and servers in the Security section of the Settings tab, disable knowledge updates, and assign those settings to the 'Virtual machines' group.

  3. Install the agent and the protection on the 'Virtual machines' group in order to generate the gold image:
    • Go to the Computers tab, select the gold image group ('Virtual machines' group), and click Add computers. This will download the installer.
    • Install the agent on the machine used to create the gold image and wait for the progress window to finish. During that time, the protection will be automatically installed and configured. After the installation is completed, the computer will appear on the list of protected computers in the Web console.
  4. Move the machine with the gold image to its Gold or template image group so that it receives the settings with the option to update. We recommend that, from the computer, you right-click the bear icon in the notifications area of the taskbar, and force a synchronization. This will push the settings to the computer so that it will start updating.

    NOTE: For Adaptive Defense, run the Panda Aether Tool, check the options Detections, Counters, Check commands and click Send.

  5. Run Panda Aether tool on the computer with the gold image.
    • Scan it by using the Scan button. This will fill the goodware cache and leave the protection in an appropriate state for virtual images. This process can take some time, depending on the contents of the hard disk. Please wait until you are notified that the operation has finished.
    • Remove the machine ID. To do this, click the Unregister device button, making sure the Is a gold image option is checked. This will remove the agent ID from the gold image, so that all virtual machines that get run obtain their ID upon being executed and connecting to Aether for the first time.



      IMPORTANT! This step is critical to ensure that each virtual instance is uniquely identified in the Web console.
  6. Disable the Panda Endpoint Agent service to prevent it from starting automatically when using the gold image on virtual instances. The service can be started using GPO policies. This is explained later in this article.
  7. Access the VDI management tools and generate the gold image. If you have questions about this step, please contact your vendor.
  8. If you want, you can configure, in the VDI environments section of the Web console, the maximum number of non-persistent machines that can be active simultaneously. This will allow automatic management of the licenses used by those machines, relieving you of the task of deleting them from the Aether platform to recover their licenses.

+ Phase II - Using GPO to change the Panda solution service's startup type - Phase II - Using GPO to change the Panda solution service's startup type

Next, you must change the Panda agent service's startup type. This service was disabled in the previous step. To do this, use the Group Policy Management Console on a physical machine connected to the domain. For more information on how to work with the Group Policy Management Console, refer to this article or contact Microsoft support.

To change the Panda Endpoint Agent service's startup type, you must create a GPO. To do that, in the GPO settings, browse to the following path: Computer Configuration, Policies, Windows Settings, Security Settings, System Services, Panda Endpoint Agent. The service will be disabled. Change the setting to Automatic. The service will start automatically on next boot and will be integrated in the console.

The Group Policy Management Editor screen will look like this:

+ Phase III Gold image maintenance - Phase III Gold image maintenance
The agent, the protection, and the signatures of the gold image created must be updated frequently, at least once per month. These updates are essential for ensuring maximum protection against the new attack techniques developed by hackers.
Follow the steps below to update the gold image:

  1. Start the machine where the gold image is installed.
  2. From the Web console, move the machine with the gold image to the 'Gold or template image' group so that it receives the appropriate settings with automatic updates of the engine and knowledge.
  3. From the computer, right-click the Panda bear icon in the notifications area of the taskbar to force a synchronization. This will update the machine.
    • Updates are performed silently in the background. We recommend you wait a few minutes to make sure the image is properly updated.
    • If a new version of the protection is available, a restart window will be displayed and the computer will restart automatically (as configured in the Per-computer settings).

      In this case, once the restart is completed, we recommend you force a new synchronization to make sure the product is fully up to date and configured properly.
  4. Run the Panda Aether tool on the computer with the gold image.
    • Scan it by using the Scan button. This will fill the goodware cache and leave the protection in an appropriate state for virtual images. This process can take some time, depending on the contents of the hard disk. Please wait until you are notified that the operation has finished.
    • Remove the machine ID. To do this, click the Unregister device button, making sure the Is a gold image option is checked. This will remove the agent ID from the gold image, so that all virtual instances that get run obtain their ID upon being executed and connecting to Aether for the first time.



      IMPORTANT! This step is critical to ensure that each virtual instance is uniquely identified in the Web console.
License management
If the aforementioned process is followed appropriately, that is, if the step to delete the agent ID is performed correctly selecting and clearing the Is a gold image option as indicated, every time a new machine is started, the system will calculate its machine ID and will determine whether the computer is a new computer or an existing one, based on the selected environment.

  • In non-persistent environments, if the maximum number of machines that can be active simultaneously for non-persistent images is set, the server will manage licenses automatically, provided there are available licenses and the number of concurrent machines is not exceeded.
  • In persistent environments, if there are multiple machines that are no longer used, delete them from the database in order to free up licenses just as you would do with physical machines. This can be done from the Aether console, by selecting all machines to delete and clicking the Delete button, or individually via the context menu of each machine to delete.
Help nº- 20190312 700050 EN

Have you resolved your query with this article?

yes no

Thanks for your answer


Why didn't you find it helpful?


The instructions are too complex.
The instructions are too long.
The instructions don't work.
I'd rather have a video.
Other reasons.




Talk to a technician!

 

Business hours: Mondays-Fridays 9:00 to 18:00 CET

Outside business hours, please use the online form.





ALWAYS ONLINE TO HELP YOU TWITTER FORUM RATE US CHAT
ALWAYS ONLINE TO HELP YOU TWITTER FORUM RATE US CHAT