Deep Security 12 FR has reached end of support. Use the version selector (above) to see more recent versions of the Help Center.

Configure VMware DRS

If you're planning on using VMware Distributed Resource Scheduler (DRS) for high availability (HA), configure DRS before installing the Deep Security Virtual Appliance. After DRS is configured, deploy the virtual appliance on all ESXi servers (including backup ESXi servers), and use affinity settings "pin" them to each ESXi server. This ensures that agentless protection is still being applied after HA failover.

If DRS moves a VM from an ESXi server that has an appliance to one that doesn't, the VM will become unprotected. If the VM then returns to the original ESXi server, it still won't be protected again unless you create an event-based task to re-activate and protect a VM when it is moved onto an ESXi server with an appliance. For more information, see Automatically perform tasks when a computer is added or changed (event-based tasks).

Don't apply vMotion to the appliance. Keep each appliance on its specific ESXi server: in the DRS settings, select Disabled (recommended) or Manual. Alternatively, deploy the appliance onto local storage, not shared storage. When the virtual appliance is deployed onto local storage, DRS won't apply vMotion. For more information, see your VMware documentation.