As a consultant specializing in End User Computing and Cyber Security, I’ll guide you through the process of securing non-persistent VDI desktops with VMware Carbon Black. In my previous blog post, I discussed how to deploy the Carbon Black sensor in a non-persistent VDI environment. In this article, I’ll delve deeper into the configuration of the VDI policy and sensor settings for accurate information about your VDI desktops.
Before we begin, it’s essential to understand that this article is focused on non-persistent VDI environments. If you have a persistent VDI environment, please refer to the VMware Carbon Black documentation for specific guidance.
Creating a VDI Policy
————————
To ensure accurate information about your VDI desktops, we need to create a VDI policy in the Carbon Black Management page. Here’s how to do it:
1. Log in to the Carbon Black Management page and go to Enforce > Policies.
2. Click “New Policy” and enter a name for the policy, an optional description, set the target value to “Medium,” and enter a Sensor UI Message.
3. On the “Prevention” tab, configure the following bypass rules:
* **Program FilesVMware**
* **SnapVolumesTemp**
* **SVROOT**
* **SoftwareDistributionDataStore**
* **System32SpoolPrinters**
* **ProgramDataCarbonBlack**
4. On the “Sensor” tab, configure the following settings:
* Set the “Device ID” to “Unique ID”
* Set the “VM Name” to the name of your VDI pool
5. Save the policy and apply it to the desired endpoints.
Configuring Sensor Settings
——————————
Now that we have created a VDI policy, let’s dive into the sensor settings configuration:
1. On the “Sensor Options” page, under “Manage Sensor Settings,” click “Edit.”
2. Under “Delete sensors that have been deregistered for,” set the duration to 24 hours (or consult with your stakeholders for the appropriate duration).
3. Click “Save” to apply the changes.
Auto-Deregistration and Auto-Delete Sensors
—————————————
To keep our management page clean and tidy, we’ll enable auto-deregistration and auto-delete sensors. Here’s how:
1. On the “Sensor Options” page, under “Manage Sensor Settings,” click “Edit.”
2. Under “Auto-Deregister,” set the duration to 24 hours (or consult with your stakeholders for the appropriate duration).
3. Under “Auto-Delete sensors that have been deregistered for,” set the duration to 24 hours (or consult with your stakeholders for the appropriate duration).
4. Click “Save” to apply the changes.
Deleting Unused Sensors
————————
To keep our management page clean and tidy, we’ll auto-delete unused sensors. Here’s how:
1. On the “Inventory” page, under “Endpoints,” select the desired endpoint.
2. Click “Sensor Options” and select “Manage Sensor Settings.”
3. Under “Delete sensors that have been deregistered for,” set the duration to 24 hours (or consult with your stakeholders for the appropriate duration).
4. Click “Save” to apply the changes.
Conclusion
———-
With these configuration steps, your non-persistent VDI desktops are now fully secured by VMware Carbon Black. By following these instructions, you’ll have a clean management page with accurate information about every running VDI. Remember to consult with your stakeholders for the appropriate duration for auto-deregistration and auto-delete sensors.
If you have any questions or are interested in VMware Carbon Black, feel free to contact me in any way. My name is Age Roskam, and I work as a Consultant at ITQ. Over the last decade, I’ve gained a lot of knowledge and experience in the field of End User Computing and Cyber Security. In recent years, I’ve also been awarded the VMware vExpert status every year. In 2020, I received the honor to be part of the first vExpert EUC subprogram, and in addition to that, I’m part of the vExpert Security subprogram since 2021. When I’m offline, I enjoy family, sports, and grilling on my BBQs.