For more deployment methods for VM and VDI see Installing Windows Agents on VM or VDI.
The SentinelOne Agent is an efficient solution to protect the growing demand for virtualization, layered apps and other VDI scenarios. The SentinelOne Agent on a VDI can use all the engines and functions that an Agent on a physical endpoint uses. It does not require updates, signatures, or other legacy antivirus features.
Configure a master image of the VDI. Use the master to create VMs with unique Agent IDs. Deploy a virtual environment protected by SentinelOne.
Notes:
IMPORTANT: Use the VDI switch only for cold clones - cloned from a machine that is powered off. If used for hot clones (clones from a machine that is turned on, suspended, or hibernated), all the clones will have a duplicate UUID and will be unusable.
We use VDI (Virtual Desktop Infrastructure) and VM interchangeably. We use master image for the image that will be the template, to be deployed across all instances. Different vendors use different names.
SentinelOne does not support Agent installation using VMware App Volumes.
The VDI Switch for the Agent installer gives a UUID to each new Agent on a VM cloned from the master image. If you install the Agent on the Master without the VDI switch, all the cloned VMs will have the same UUID. This will cause collisions on the Management.
Preparing for Optimal Deployment
To deploy the SentinelOne Agent VDIs, we create a master image with the required applications and then add the Agent. Before you deploy the master image, prepare the Management Console.
Recommended: Use an image repository in your virtual environment to create protected machines from a master image. Repeat the instructions for each master image, according to your SentinelOne licenses. If the environment does not have a central repository, follow the instructions from the vendor.
If you deploy non-persistent VMs, clean inactive Agents from the SentinelOne Management Console.
To remove entries for UUIDs that no longer exist (such as previous reboots), set the Decommission policy to a low number.
Recommended: Run Full Disk Scan on the Master image, rather than on each VDI instance after it connects to the Management. Make sure the scan does not run again when it connects to the Management Console.
To add the SentinelOne Agent to the master image:
Start with a template VDI with the applications required in your environment.
Download the SentinelOne Windows Agent executable to the image.
On the master image VM, run the Agent installer with the /VDI switch.
The syntax is different depending on whether you install an EXE or an MSI installation package.
Example of an EXE package installation:
C:\Users\User1\Desktop\SentinelInstaller.exe /VDI
Example of an MSI package installation:
C:\Users\User1\Desktop\SentinelInstaller.msi VDI=true
The syntax for Agents version 22.1 and higher installed with the new installer:
C:\Users\User1\Desktop\SentinelInstaller.exe -a "VDI=true"
or
C:\Users\User1\Desktop\SentinelOneInstaller.exe -a "INSTALL_PATH_DATA=drive:\path VDI=true"
Continue the installation.
To run Full Disk Scan on the master:
We recommend that you run Full Disk Scan on the master image immediately after it is installed, before you create new VDIs from the master.
Log in to the Management Console (connection to the Management is required).
In the Management Console,
In the sidebar, click Sentinels.
Endpoints opens.
> select the master image > Actions > Full Disk Scan > Initiate Scan.
OR: open the details of the master image and click Actions > Full Disk Scan > Initiate scan.
Wait for the Full Disk Scan to complete.
In the details of the master image, make sure Scan status shows Completed.
Close the master image.
To create a VDI or VM from the master image:
Best practice: create a new VDI or VM from a master. Do not copy a virtual machine from your repository.
Make sure the Full Disk Scan on the master is done.
If you make the clones while the master runs the scan, there will be unexpected results on the new VMs.
In the details of the master image, make sure Scan status shows Completed.
Make sure the master image is turned off.
In your image repository, right-click the master image and select New VM wizard or Quick Create.
These options help you create multiple VMs based on the master image. Quick Create is a better option for a large environment.
Launch the new VMs. When they boot, the SentinelOne Agents register with the Management Console with different UUIDs.
Best Practice: We recommend that after you create the child VMs, you disconnect the master image Agent from the Management.
To see if an Agent was installed with the /VDI switch:
Run: Sentinelctl.exe agent_id -v
To upgrade Agents on VMs - versions lower than 3.3 SP1:
Important
You must upgrade the Agent on the gold or master image level of the VM.
Download the new installer.
If you upgrade these early Agents from the Management Console, the policy configuration overwrites the /VDI switch. It gives one shared UUID to the upgraded Agents.
To upgrade Agents of version 3.3 SP1 and later:
Do not use the /VDI switch.
To configure Decommission for non-persistent VMs:
Create a Dynamic Group to catch each child VM when it is created.
In Policy > More Options > Decommissioning, enable Auto decommission.
In Days, enter a low number, such as
1(to clean inactive agent computers from the list once a day) or3(to clean the list after a two-day weekend).