cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
12338
Views
25
Helpful
6
Replies

AMP on Citrix environment

john Members
Level 1
Level 1

Hi all,

We have a customer who is interested for AMP for Endpoint deployment.

All the clients are on Citrix environment and I don't know specially how citrix works.

Do I need one instance of AMP for each console or just one instance on the citrix server ?

Thanks for your help!

Regards.

1 Accepted Solution

Accepted Solutions

Hi,

please refer to this document, which guides you through the re-image process

https://www.cisco.com/c/en/us/support/docs/security/advanced-malware-protection-endpoints/118749-technote-fireamp-00.html

Hope this helps.

David

Cyber security escalation engineer

View solution in original post

6 Replies 6

David Janulik
Cisco Employee
Cisco Employee

Hi,

your question is mostly related to basic deployment scenario. For persistent and some non persistent clients always deploy AMP agent/client. The key factor however is to ask, if they are reimaged each session or each day.

Best Regards

David

Cyber security escalation engineer

David,

Thank you for your help.

I have asked and the clients are reimaged each days.

So I think I can install AMP in "write mode" of the Citrix image and it will persist on the client after it will be reimaged.

Regards.

Hi,

please refer to this document, which guides you through the re-image process

https://www.cisco.com/c/en/us/support/docs/security/advanced-malware-protection-endpoints/118749-technote-fireamp-00.html

Hope this helps.

David

Cyber security escalation engineer

Thank you for your help, I will do these steps.

Regards.

Hi,

Is Cisco AMP for Endpoints in the Citrix VDI users (windows user) running on Nutanix Acropolis Hypervisor supported?

I need to know what licenses do I need other than AMP Endpoints Licenses and how this integration works? 

As I heard from Cisco that "AMP for Endpoint for VDI is not yet supported"

Regards,

Anser

phil.reeves
Level 1
Level 1

From my reply here: 

https://community.cisco.com/t5/advanced-threats/amp-for-endpoints-deploying-on-vmview-vdis/td-p/3334576

 

I have successfully deployed Cisco AMP on non-persistent virtual desktops in a XenServer / XenDesktop environment.  It took some time to get it to a functional state without filling the write-cache disk and without causing performance issues.

 

You first need to make sure you have all the correct exclusions for your environment.

 

Steps I followed are:

 

  1. Modify the policies for both your Cisco AMP default group and your target group as follows:
  2. a) Disable Tetra Engine
  3. b) Enable Identity Persistence with the option "By Hostname across Business"

 

  1. Download the connector (with policy) and install onto your imaging machine using command-line install with the switches:   /skipdfc 1 /skiptetra 1

 

  1. Once installed, stop the Cisco AMP service.  Easiest way is from command-line: 

%programfiles%\cisco\amp\x.x.x\sfc.exe -k <protectionpassword>

 

  1. Run the following commands to recreate the local.xml file (contains GUID)

del "%PROGRAMFILES%\Cisco\AMP\local.xml"

echo ^<config^>^</config^> > "%PROGRAMFILES%\Cisco\AMP\local.xml"

  1. Shutdown the machine without restarting the service.

https://community.cisco.com/t5/advanced-threats/amp-for-endpoints-deploying-on-vmview-vdis/td-p/3334576