Endpoint solution for VDi

Hello Nathan,

I'll spare you the intricacies at the expense of completeness and accuracy, but the exact details are more confusing than helpful.

A computer object has a number of attributes (which the endpoint sends) which are used to identify it. SEC exposes (visible in the Computer Details tab) Computer name, Computer description, Operating system, and Domain/workgroup (taken from the computer's properties, all but the OS can be overridden at install time or with a registry value). In addition an IdentityTag is created when the installation is initialized.

If a computer connects and presents a known IdentityTag SEC assumes it's the one it has already seen and updates the other values in the database if necessary. If you do not correctly prepare an image the result is that Computers in Enterprise Console appear to update the same record. 

If a computer connects and presents a known properties quadruple SEC assumes RMS has been reinitialized and updates the IdentityTag in the existing computer object.

Thus if you use an image where Sophos is already fully installed and has been initialized all VMs will appear as a single computer which constantly changes its name.

If you use a correct image but the machines are assigned arbitrary names the database will fill up with mostly disconnected, inactive computers.

If the machines are started with a fixed set of names (e.g. VM01-VM50) the existing records will be "reused". Note that older alerts (they are accumulated by machine name) might be meaningless. It's also assumed that you don't change the policies in SEC without changing the image (if Sophos is already installed). Otherwise please see Force clients to request policy updates.  

Christian

Hello Nathan,

I'll spare you the intricacies at the expense of completeness and accuracy, but the exact details are more confusing than helpful.

A computer object has a number of attributes (which the endpoint sends) which are used to identify it. SEC exposes (visible in the Computer Details tab) Computer name, Computer description, Operating system, and Domain/workgroup (taken from the computer's properties, all but the OS can be overridden at install time or with a registry value). In addition an IdentityTag is created when the installation is initialized.

If a computer connects and presents a known IdentityTag SEC assumes it's the one it has already seen and updates the other values in the database if necessary. If you do not correctly prepare an image the result is that Computers in Enterprise Console appear to update the same record. 

If a computer connects and presents a known properties quadruple SEC assumes RMS has been reinitialized and updates the IdentityTag in the existing computer object.

Thus if you use an image where Sophos is already fully installed and has been initialized all VMs will appear as a single computer which constantly changes its name.

If you use a correct image but the machines are assigned arbitrary names the database will fill up with mostly disconnected, inactive computers.

If the machines are started with a fixed set of names (e.g. VM01-VM50) the existing records will be "reused". Note that older alerts (they are accumulated by machine name) might be meaningless. It's also assumed that you don't change the policies in SEC without changing the image (if Sophos is already installed). Otherwise please see Force clients to request policy updates.  

Christian