Tekniska Support

Behöver du hjälp?

 

How to generate a gold image in Citrix environments with Adaptive Defense and Adaptive Defense 360

Informationen gäller för:

Produkter
Adaptive Defense
Adaptive Defense 360

This article provides a detailed explanation of the steps to take to generate a gold image in Citrix environments with Adaptive Defense and Adaptive Defense 360. When you export the gold image to a Citrix environment, you have to update Citrix´s catalog in order to apply the new gold image. During this process, Citrix internally boots up the gold image with the network interface disabled and power off. At that moment, the gold image has got a new agentid. These are the full steps for customers using a Citrix environment.

Steps to prepare the gold image

Follow the steps below to generate a gold image before port it to the Citrix environment.

Phase I: Preparation and generation of the gold image

Before generating the gold image, it is necessary to prepare the machine from which it will be created. Follow the instructions below:

  1. Install/update the operating system with the customer's applications.
  2. From the product console, check that the automatic updates of the knowledge and the protection's engine are enabled for the profile assigned to the gold image.

  3. Install the Adaptive Defense agent and protection.

    Follow the steps below to install an up-to-date version of the agent:

    • Log in to the product console.
    • Go to the Installation tab.
    • Download the installer for Windows and select a group.
    • After the agent has been installed, the protection installation process will automatically start.
    • After the installation is complete, the computer will appear on the list of protected computers in the console, with a green icon. The computer's knowledge will be up-to-date.
  4. Scan the computer.
    This will fill the knowledge cache enabling the product to work optimally from the start.
    Follow these steps to scan the computer:

    1. Extract the reintegra.zip file, run the Reintegra.exe tool and click Scan.
    2. Clicking the Scan button will display a warning indicating that the scan may take a few hours. You can choose to continue with the scan or cancel it.


      If you select No, you will go back to the application's main window.
      If you select Yes, a scan progress window will be displayed.
    3. Finally, a window will be displayed when the scan is completed.

    4. Click OK to go back to the main window.
  5. Restart the computer.
  6. Next, delete the agent's AgentID so that each virtual desktop generates its own AgentID and is identified uniquely. To do that, run again the Reintegra.exe tool included in reintegra.zip and click Reset AgentID.


    No message is displayed on screen when deleting the AgentID, unless there is an error.
  7. Next, you must disable the knowledge and protection updates for the profile assigned to the machine from which the gold image is to be generated.
    This way, the instances generated from the gold image template won't use the automatic update configuration for the profile. This will also prevent an 'antivirus update storm' effect, and reduce the instances' bandwidth utilization, as the instances will be generated from an up-to-date image and won't have to download any updates.
  8. Generate the gold image.
  9. At this point, and in order to preserve the gold image template configuration, it will be necessary to:

    • Duplicate the profile that contains the machine from which the gold image was created.

    • Rename the duplicated profile (for example Gold-Profile), and enable the automatic engine and knowledge updates.
    • Move the machine from the original profile to the duplicated one, so that the machine with the gold image belongs there. This way, the gold image will be updated but the instances will be independent from it.
  10. Disable Panda Endpoint Administration Agent from Start, Run, services.msc

  11. Turn off the computer that contains the gold image.

Phase II - Use GPO to change the startups type of the Panda service

It is essential to change the startup type of our service. The best workaround for this GPO is to install the GPO Management tools on a physical workstation connected to the domain to be able to add the GPO service for the Panda agent. If you don?t do this, you will not be able to select the Agent service below. Consult the following article for reference: How To Install Group Policy Management in Windows 7

Once this has been installed you can create a GPO called Panda_Agent_Service, navigate to the following settings inside the GPO settings:


In here you will find the Panda Agent service and you can modify the settings to automatic.
For example, use this GPO placed in the containers for the Citrix desktop. The report for the GPO looks simply like this:

Phase III - Maintaining the gold image

It is essential to update the agent of the created gold image on a regular basis, as using an outdated gold image may cause problems. Follow the steps below to update the gold image:

  1. Start the machine where the gold image is installed.
  2. Force a configuration update. To do that, you can:

    • Run the following command with administrator rights:

      C:\Program Files (x86)\Panda Security\WaAgent\WasLpMng\waplpmng.exe walconf -force
    • Right-click the bear icon on the task bar and click the Sync option. This option is only available if the customer has Adaptive Defense 360, Endpoint Protection or Endpoint Protection Plus.
  3. Next, launch an agent update by running the following command with administrator rights:

    C:\Program Files (x86)\Panda Security\WaAgent\WasLpMng\waplpmng.exe walupg -force -continue
  4. You must then update the knowledge. There are two ways to do this:

    • Run the following command with administrator rights to download the configuration:

      C:\Program Files (x86)\Panda Security\WaAgent\WasLpMng\waplpmng.exe walupd -force
    • Right-click the bear icon on the task bar and click the Sync option. This option is only available if the customer has Adaptive Defense 360, Endpoint Protection or Endpoint Protection Plus.
  5. Run reintegra again by choosing the second choice and this way, the service of the agent will be stopped and the AgentID will be reset to leave the gold image ready.

  6. Disable the Panda Endpoint Administration Agent and turn the computer off to keep the gold image updated.


Artikelnummer- 20180202 50113 EN
ALLTID ONLINE, REDO ATT HJÄLPA TILL TWITTER FORUM
ALLTID ONLINE, REDO ATT HJÄLPA TILL TWITTER FORUM