To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

Deploying WithSecure Element Agent on non-persistent VDI machines

fdaille
fdaille Member Posts: 1 Security Scout
edited November 6 in Elements Endpoint Protection (EPP)

Hello,

I am currently trying to deploy the WithSecure Element Agent on my non-persistent VDI machines.

So far, by navigating through the documentation and community discussions, I have found a VDI solution only for persistent machines: those that do not get deleted.

The persistent configuration on non-persistent machines is not fully compatible with our operations and our desire to save available licenses on the portal.

Here is our current configuration:

  • The agent is installed on our Golden Image with the parameters "--voucher XXXX-XXXX-XXXX-XXXX --use_ad_guid"
  • A scheduled task is created to add our key code to the agent at each startup of the child machines from this Golden Image: "%ProgramFiles(x86)%\F-Secure\PSB\ws_oneclient_logout.exe" --keycode XXXX-XXXX-XXXX-XXXX"
  • The Golden Image is unregistered just before deployment: "%ProgramFiles(x86)%\F-Secure\PSB\ws_oneclient_logout.exe" --nokeycode"

This method allows us to configure the Golden Image as desired, unregister the license key from it, and add a startup task that will be used by our child machines to enter the license key to be used.

Our VDI configuration (VMware Horizon) is also set up so that non-persistent machines can reuse the AD GUIDs of other machines that have been deleted (after the user logs off).

The issue is that even though we reuse the AD GUID to avoid adding a new machine to the WithSecure portal, if a pool of machines is deleted or renamed, the licenses remain used on the portal until it detects them as inactive and removes them.

We work with a large number of pools (a large number of users), and the pools are often ephemeral (for specific uses, a user might have several throughout the year).

We are looking for a way to unregister the machine from the portal at the end of each session using a logoff script. Some discussions mention this here, but without a real resolution. The last discussion dates back to October 2023. Have there been any advancements on this issue?

Thanks.

Tagged:

Categories