Views:

Prepare a template to easily deploy endpoint agents and sensors to cloned desktops on physical machines, as well as persistent and non-persistent virtual desktops.

Important
Important
  • Follow these instructions carefully. If you clone your own VDI machines, it causes agent IDs to be duplicated and deployed agents cannot perform response actions.
  • The Image Setup Tool only supports Windows agents.
Carefully review the feature support and requirements for this deployment method before reviewing the steps.
The Standard Endpoint Protection agent also supports virtual desktop deployment by manually triggering the TCacheGen tool or using the Command Line Interface.

Procedure

  1. Power on and set up the source desktop you want to use to create the template, including configuring the operating system, VM settings, and software.
  2. Configure the software for a VDI or cloned environment, including endpoint protection software.
  3. If you are deploying a Server & Workload Protection agent, configure Agent-Initiated Activation.
    1. In the Trend Vision One console, go to Endpoint Security OperationsServer & Workload ProtectionAdministrationSystem SettingsAgents.
    2. Select Allow Agent-Initiated Activation.
    3. Select Allow Trend Vision One Virtual Desktop Infrastructure (VDI) support and cloned virtual machines.
  4. In the Trend Vision One console, go to Endpoint Security OperationsEndpoint Inventory and click Agent Installer.
  5. Download the Agent Installer package you want to use and install the agent on the source desktop.
  6. After installation finishes, go to Endpoint Security OperationsEndpoint Inventory and locate the source desktop on the list.
  7. Verify that the desired endpoint policy settings are correct.
  8. If you want to facilitate future agent upgrades, create a snapshot of your source desktop.
    For more information, see Updating the Agent on Virtual Desktops.
    The following the steps detail how to download and run the Image Setup Tool. Trend Micro recommends using the Image Setup Tool for all of your template-based deployments.
    Important
    Important
    You must use the Image Setup Tool for deploying non-persistent virtual desktops.
  9. In the Trend Vision One console, go to Endpoint Security OperationsEndpoint Inventory and click Agent Installer.
  10. Click the Download Image Setup Tool icon (imagesetuptoolicon.png) for your agent type.
    The Virtual Desktop Image Setup Tool screen appears.
  11. Click Download to download the Image Setup Tool.
    Important
    Important
    The downloaded Image Setup Tool package is specific to your organization.
  12. Copy the Admin token.
    vdiimagesetuptooladm.png
  13. Extract the contents of the ImageSetupTool.zip package onto the source desktop.
  14. For customers installing the Standard Endpoint Protection agent, run the TCacheGen tool found in <ImageSetupTool folder>\TCacheGen before running the Image Setup Tool.
    • Use the graphics user interface:
      1. Double-click the executable (TCacheGen.exe or TCacheGen_x64.exe).
      2. Select Generate the pre-scan template and remove the GUID or Remove the GUID from the pre-scan template.
      3. Click Next.
    • Use the command line:
      1. Unload the Agent.
      2. Put a copy of the following files under <Agent installation folder>:
        • 32-bit platform: TCacheGen.exe and TCacheGenCli.exe
        • 64-bit platform: TCacheGen_x64.exe and TCacheGenCli_x64.exe
      3. Start the Agent again from the Start Menu.
      4. Run one of the following commands as an administrator:
        1. To scan and remove the GUID:
          • TCacheGenCli Generate_Template
          • TcacheGenCli_x64 Generate_Template
        2. To only remove the GUID:
          • TCacheGenCli Remove_GUID
          • TcacheGenCli_x64 Remove_GUID
      5. Provide the agent unload password.
    Note
    Note
    The TCacheGen executable is automatically deleted after generating the template to avoid unexpectedly triggering this tool again. Running the tool again re-creates the agent GUID and causes the agent to register as a new entry, breaking the association to current settings and logs.
  15. Run ImageSetupTool.exe as an administrator on the source desktop to prepare the agent.
    Important
    Important
    Specify if your cloned machine is physical/persistent or non-persistent.
    Command
    Use Case
    Supported Features
    ImageSetupTool.exe --persistent
    • Persistent virtual desktops
    • Physical desktop clones
    • Standard agent auto-removal
    • Vulnerability Assessment available
    • In-place upgrades
    ImageSetupTool.exe --non-persistent
    • Non-persistent virtual desktops
    • Non-persistent agent auto-removal available from Endpoint Inventory
    • Vulnerability Assessment disabled
    • In-place upgrades disabled
    ImageSetupTool.exe --persistent --no-login
    ImageSetupTool.exe --non-persistent --no-login
    Do not require a login for the newly provisioned machine
    • Citrix ICA virtual channels
  16. Paste the admin token copied from the Endpoint Inventory app when prompted.
  17. Delete the Image Setup Tool from the source desktop once image setup completes.
  18. Export your source desktop as a golden image template.
    When signing into a desktop created using the golden image template, the newly-provisioned endpoint appears in the Endpoint Inventory list.