mcafee boot attestation service 3.5 · • from the mcafee download site, download and extract the...

Product Guide

McAfee Boot Attestation Service 3.5.0For use with ePolicy Orchestrator 4.6.7, 4.6.8, 5.1.0 Software

COPYRIGHTCopyright © 2014 McAfee, Inc. Do not copy without permission.

TRADEMARK ATTRIBUTIONSMcAfee, the McAfee logo, McAfee Active Protection, McAfee DeepSAFE, ePolicy Orchestrator, McAfee ePO, McAfee EMM, Foundscore, Foundstone, PolicyLab, McAfee QuickClean, Safe Eyes, McAfee SECURE, SecureOS, McAfee Shredder, SiteAdvisor, McAfee Stinger, McAfee Total Protection, TrustedSource,VirusScan, WaveSecure are trademarks or registered trademarks of McAfee, Inc. or its subsidiaries in the United States and other countries. Othernames and brands may be claimed as the property of others.

Product and feature names and descriptions are subject to change without notice. Please visit mcafee.com for the most current products and features.

LICENSE INFORMATION

License AgreementNOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETSFORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOUHAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOURSOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR AFILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SETFORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OFPURCHASE FOR A FULL REFUND.

2 McAfee Boot Attestation Service 3.5.0 Product Guide

http://mcafee.com

Contents

Preface 5About this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Find product documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

1 Introduction 7Boot attestation made easy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Components and what they do . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

2 Installation and configuration 9Overview of installation and configuration . . . . . . . . . . . . . . . . . . . . . . . . 9Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10Download the software packages . . . . . . . . . . . . . . . . . . . . . . . . . . . 10Deploy the OVA package . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Deploy using vSphere client . . . . . . . . . . . . . . . . . . . . . . . . . . 11Install the extensions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13Register a VMware vCenter account . . . . . . . . . . . . . . . . . . . . . . . . . . 14Install Boot Attestation Service extension . . . . . . . . . . . . . . . . . . . . . . . . 16Register the Boot Attestation server with McAfee ePO . . . . . . . . . . . . . . . . . . . 17Upgrading Boot Attestation Service . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Upgrade Boot Attestation server . . . . . . . . . . . . . . . . . . . . . . . . . 17Configuring the template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Create a template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18Create template through Hypervisors tab . . . . . . . . . . . . . . . . . . . . . 19Edit template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20Assign template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Delete template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

Registered vCenter account details and boot status . . . . . . . . . . . . . . . . . . . . 23

3 Dashboard 25Boot Attestation Service dashboard . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Index 27

McAfee Boot Attestation Service 3.5.0 Product Guide 3

Contents


Preface

This guide provides the information you need to work with your McAfee product.

Contents About this guide Find product documentation

About this guideThis information describes the guide's target audience, the typographical conventions and icons usedin this guide, and how the guide is organized.

ConventionsThis guide uses these typographical conventions and icons.

Book title, term,emphasis

Title of a book, chapter, or topic; a new term; emphasis.

Bold Text that is strongly emphasized.

User input, code,message

Commands and other text that the user types; a code sample; a displayedmessage.

Interface text Words from the product interface like options, menus, buttons, and dialogboxes.

Hypertext blue A link to a topic or to an external website.

Note: Additional information, like an alternate method of accessing anoption.

Tip: Suggestions and recommendations.

Important/Caution: Valuable advice to protect your computer system,software installation, network, business, or data.

Warning: Critical advice to prevent bodily harm when using a hardwareproduct.


Find product documentationAfter a product is released, information about the product is entered into the McAfee online KnowledgeCenter.

Task1 Go to the McAfee ServicePortal at http://support.mcafee.com and click Knowledge Center.

2 Enter a product name, select a version, then click Search to display a list of documents.

PrefaceFind product documentation


http://support.mcafee.com

1 Introduction

McAfee® Boot Attestation Service provides a secure mechanism to verify the boot trust of VMWareESXi on host servers in a data center. It is targeted for Intel

®

servers built with Intel®

Trusted ExecutionTechnology (Intel

®

TXT).

This mechanism verifies that only trusted and certified applications figure in the operating systemboot-up sequence. For details on how Intel

®

TXT works and related use cases, see www.intel.com/TXT.

Contents Boot attestation made easy Components and what they do

Boot attestation made easyBoot Attestation Service verifies the launch-time measurements of the platform with VMware ESXihypervisors.

The purpose of this attestation is to:

• Verify the boot trust of VMWare ESXi

• Generate the trust reports

• Check compliance

This activity takes place in VMware environments. The cloud/virtualization resource schedulers, SIEMs,and policy engines can use the attestation solution.

Components and what they doEach component performs specific functions to verify the trust of VMware ESXi hypervisors.

• ePolicy Orchestrator — Allows you to configure Boot Attestation Service, and display the bootattestation status of the virtual environment.

• Boot Attestation Service — Provides a secure mechanism to whitelist an ESXi host and toretrieve the boot attestation status of the hypervisors and report it to the McAfee ePO server.

• Data Center Connector for vSphere — Integrates the management and automation feature ofMcAfee ePO to discover and manage your guest VMs.

• Hypervisor (ESXi) — Allows multiple operating systems to run concurrently on a hosted system.The hypervisor is a virtual operating platform that manages the execution of the guest operatingsystems. ESXi is an embedded hypervisor for servers that run directly on server hardware withoutrequiring an extra underlying operating system.

1


• VMware vCenter — Console that manages the ESXi servers, which host the guest VMs thatrequire protection.

• Virtual Machines (VMs) — Completely isolated guest operating system installation within anormal host operating system that supports both virtual desktops and virtual servers.

1 IntroductionComponents and what they do


2 Installation and configuration

Before you set up your environment for Boot Attestation Service, you must first configure yourVMware vCenter console, which manages the ESXi servers.

Contents Overview of installation and configuration Requirements Download the software packages Deploy the OVA package Install the extensions Register a VMware vCenter account Install Boot Attestation Service extension Register the Boot Attestation server with McAfee ePO Upgrading Boot Attestation Service Configuring the template Registered vCenter account details and boot status

Overview of installation and configurationThe Data Center Connector for vSphere extension is installed on the McAfee® ePolicy Orchestrator®

server (McAfee ePO™) for the virtual machines and hosts discovery functionality. Discovering the hostsis necessary before registering the Boot Attestation server.

The overall Boot Attestation Service installation and ESXi deployment process can be simplified intothese steps, assuming that you already have McAfee ePO installed.

1 Deploy the OVA package.

2 Install the Data Center Connector for vSphere, vSphere extension, and Boot Attestation Service onMcAfee ePO server.

3 Configure the Boot Attestation template.

4 Retrieve and view the Boot Attestation status of the host.

5 Boot Attestation status details can be viewed from these areas of McAfee ePO:

• Dashboard

• System Tree

• Queries and Reports

2


RequirementsMake sure that your environment includes these components, and that they meet the requirements.

Software requirements

• ePolicy Orchestrator 4.6.7, 4.6.8, or 5.1.0

• vCenter Server/ESXi — 5.1 update 1c / 5.5

• VMware vSphere Client 5.1 or 5.5

For details on system requirements and instructions for setting up the ePolicy Orchestratorenvironment, see McAfee ePolicy Orchestrator Installation Guide.

For Intel®

TXT and TPM hardware requirement details, see

http://www.intel.com/content/dam/www/public/us/en/documents/datasheets/trusted-execution-technology-server-platforms-matrix.pdf.

Download the software packagesYou must download the Data Center Connector for vSphere, the BAS Extension files, and the OVA filebefore they can be installed on ePolicy Orchestrator.

Boot Attestation Service 3.5.0 is compatible only with MDCC 3.5.0 and vSphere 3.5.0

Task• From the McAfee download site (http://www.mcafee.com/us/downloads/), download these

packages.

• MDCC_3.5.0.zip

• VSPHEREDCEXTN.zip

• Boot_Attestation_Service_<version number>.zip

If you installed the ePolicy Orchestrator server 4.6.x using Installer for McAfee Endpoint Suites, theData Center Connector for vSphere extension is already installed and ready for use in McAfee ePO.

Deploy the OVA packageYou must deploy the open virtual appliance (OVA) package and set up the Boot Attestation serverbefore you can configure the Boot Attestation server on McAfee ePO.

Tasks• Deploy using vSphere client on page 11

Deploy the OVA, which is included in the product package, using vSphere client on ahypervisor.

2 Installation and configurationRequirements


http://www.intel.com/content/dam/www/public/us/en/documents/datasheets/trusted-execution-technology-server-platforms-matrix.pdf

http://www.intel.com/content/dam/www/public/us/en/documents/datasheets/trusted-execution-technology-server-platforms-matrix.pdf

http://www.mcafee.com/us/downloads/

Deploy using vSphere clientDeploy the OVA, which is included in the product package, using vSphere client on a hypervisor.

Before you begin• From the McAfee download site, download and extract the contents of

Boot_Attestation_Service_<version number>.zip.

• Make sure that your ESXi host, where you import the OVA, has Internet connection.

The vSphere client must be connected to the vCenter server, not directly to a hypervisor.

Task1 From the vSphere client, select the resource pool or the hypervisor where you want to deploy the

OVA, then click File | Deploy OVF Template to open the OVF wizard.

The vSphere client must be connected to a vCenter server to successfully deploy the OVA.

2 Apply these settings to deploy the OVF:

For thisoption...

Do this...

Source Browse to and select the Boot_Attestation_Service_<version number>.ova file.

OVF TemplateDetails

Review details about the OVA.

Name andLocation

Specify the name of the hypervisor and the inventory location.

Storage Select the storage drive from the list.

Disk Format Select the format for disk provisioning.

Network Mapping Map the networks used in the OVF template to networks in your inventory.

Installation and configurationDeploy the OVA package 2


For thisoption...

Do this...

Properties Specify these Boot Attestation server details on the Properties page:• McAfee ePolicy Orchestrator IP — IP address of the ePolicy Orchestrator server, which

is trusted from the Boot Attestation server. You can add multiple IP addressesseparated by commas.

• PostgreSQL Password — Password for the Postgres user on the Boot Attestationserver. Create a password for the database with only alphanumeric characters;no special characters are permitted.

• User Name — User name for the Boot Attestation management portal. If you donot provide a user name, the default user name is taken as admin.

• Password — Password for the Boot Attestation management portal. If you do notprovide a password, the default password is taken as password.

• Host Name — Host name for the Boot Attestation server account. If you do notprovide a host name, the default host name is taken as BootAttestationServer.

Specify these networking details on the Properties page:• DNS — IP address of the DNS server for the Boot Attestation server. You can add

multiple IP addresses separated by a blank space.

• Gateway — IP address of the gateway for the Boot Attestation server.

• IP Address — Static IP address for the Boot Attestation server

• Netmask — The netmask details of the Boot Attestation server.

• Interface — Interface on which the Boot Attestation server IP address must beconfigured. If you do not provide interface details, the default value is eth0.

On specifying the correct configuration information on the Properties page, the BootAttestation server is configured and ready during the initial start.

If you do not specify the correct configuration information and continue with thedeployment, the Boot Attestation server might not be configured correctly. If so,you might have to repeat the entire configuration.

Ready toComplete

Review the options you selected. You can select to turn on the virtual machineafter the import or you can manually turn it on.

3 Click Finish.

When you log on to the Boot Attestation server VM for the first time, make sure that you change thedefault password, P@ssw0rd. All user credentials must be configured for security reasons.

2 Installation and configurationDeploy the OVA package


4 When the deployment is complete, verify that all Boot Attestation services report as Running. Log onto the Boot Attestation server VM as root with your new password and run this command:

mtwilson status

5 (Optional) Restart the Boot Attestation server VM.

If any service reports as Not Running, or if the command fails to run, check for the correct propertydetails on the OVF Template details page.

If you see the error again, report to McAfee support and share the log file: /root/McAfee_BootAttestation_Install_Logs.tar.gz.

The Boot Attestation server is now ready to be configured and to communicate with the trustedMcAfee ePO server.

6 (Optional) Configure the Boot Attestation server with an additional McAfee ePO server:

a From the vSphere client console or ssh, log on to the Boot Attestation server.

b Run these commands:

cd /root

bash trustHost.sh <ePOip>

Install the extensionsYou must install the Data Center Connector for vSphere extension and the vSphere extension on theMcAfee ePO server, which then can discover and import your ESXi servers that host the guest VMs.

Before you beginMake sure that the extension files are in an accessible location on the network.

Installation and configurationInstall the extensions 2


TaskFor option definitions, click ? in the interface.

1 Log on to the ePolicy Orchestrator server as an administrator.

2 Click Menu | Software | Extensions | Install Extension.

3 For each extension, browse to and select the extension file. then click OK.

• VSPHEREDCEXTN.zip

• MDCC_3.5.0.zip

The Install Extension page displays the extension name and version details.

4 Click OK.

Register a VMware vCenter accountUsing Data Center Connector for vSphere, register a VMware vCenter account with McAfee ePO so thatMcAfee ePO communicates with the VMware vCenter, which manages the ESXi servers.

Before you beginMake sure that you have configured your VMware vCenter server that manages the ESXiservers, which host the guest VMs.

The Registered Cloud Accounts option is available only after installing the Data Center Connector for vSphereextension.


1 Log on to the McAfee ePO server as an administrator.

2 Click Menu | Configuration | Registered Cloud Accounts, then click Add Cloud Account to open the Add CloudAccount page.

2 Installation and configurationRegister a VMware vCenter account


3 From the Choose Connector drop-down list on the Description page, select VMware vSphere, then click OK.

4 On the vCenter Account Details page, type these details:

• Account Name — A name for the VMware vCenter account in McAfee ePO. Account names caninclude characters a–z, A–Z, 0–9, and [_.-], without space.

• Server Address — (Required) IP address or the host name of the available VMware vCenter.

• vCenter Username — (Required) User name of the available VMware vCenter account.

• This user's minimum role can be read-only.

• This user can be a domain account.

• This user can also be a Single-Sign-On (SSO) user. The default user name of the SSO user isadmin@system-domain.

• vCenter Password — (Required) Password of the available VMware vCenter account.

• Connection protocol — The protocol required to establish the connection with the VMware vCenter.

• Sync Interval (In Minutes) — Specify the time interval for running subsequent vCenter discovery.

• Port No — The port number required to establish the connection with the available VMwarevCenter.

• Tag — This is given by the admin to identify the VMs. Tag name can include characters a–z, A–Z,0–9, and [_.-], with space.

5 Click Test Connection to validate VMware vCenter account details and verify the connection to theVMware vCenter, then click Next to open the Validate Certificate page.

6 Click Accept to validate the certificate, then click Finish.

Installation and configurationRegister a VMware vCenter account 2


7 When prompted to confirm, click OK to register the vCenter account.

This action registers the VMware vCenter and imports all discovered virtual machines, which areunmanaged, into the McAfee ePO System Tree. The instances are imported with the similarstructure and hierarchy present in VMware vCenter.

The virtual machines that are already added and managed by McAfee ePO are retained with theexisting policy settings, but the virtualization properties for these machines are added.

8 View the imported VMs: click Menu | Systems | System Tree in McAfee ePO.

After the discovery, you can find your vCenter account under the group vSphere. The clusters and hostsfrom vCenter are logically grouped under each Data Center group in McAfee ePO.

Install Boot Attestation Service extensionYou must install the Boot Attestation Service extension to allow the Boot Attestation servercommunicate with the McAfee ePO server and retrieve the attestation details of the host.



2 Click Menu | Software | Extensions | Install Extension.

3 Browse to and select the extension file BootAttestationService.zip, then click OK. The Install Extensionpage displays the extension name and version details.

4 Click OK.

2 Installation and configurationInstall Boot Attestation Service extension


Register the Boot Attestation server with McAfee ePOIt is necessary to register the Boot Attestation server with McAfee ePO in order to perform the hostmapping.

Before you beginMake sure that you installed the extension for Data Center Connector for vSphere onMcAfee ePO.



2 Click Menu | Configuration | Registered Servers, then click New Server to open the Registered Server Builderwizard.

3 From the Server type drop‑down list on the Description page, select Boot attestation server, specify a uniqueuser‑friendly name and any details, then click Next.

4 On the Details page, type the IP address.

5 Click Test Connection to verify that the connection to the server works, then click Save.

You can register only one Boot Attestation Server on a single McAfee ePO server.

Upgrading Boot Attestation ServiceTo upgrade Boot Attestation Service from 3.0.1 to 3.5.0, you must first upgrade the extension for DataCenter, Data Center Connector for vSphere. You must then upgrade the Boot Attestation server andinstall the Boot Attestation Service extension.

For details about upgrading the extensions for Data Center and Data Center Connector for vSphere,see Install the extensions.

Upgrade Boot Attestation serverFollow this procedure to upgrade the Boot Attestation server 1.1.5 and 1.1.6 to 3.5.0

Task1 Download the Boot Attestation Service upgrade package.

2 Copy the package to the /root directory on the Boot Attestation server VM.

3 Extract the file using the command unzip BootAttestationUpgrade.zip.

4 Run this upgrade script from the current directory: bash <upgradeBootAttestation.sh>.

A confirmation message appears for both the success and failure status.

After upgrading the extensions and Boot Attestation server, you will be able to view the BootAttestation status on the McAfee ePO server.

Make sure you take a backup of the existing setup before upgrading to Boot Attestation Service 3.5.0.

Installation and configurationRegister the Boot Attestation server with McAfee ePO 2


Template creation and mapping will happen automatically when the Boot Attestation Service 3.5.0upgrade is complete.

Configuring the templateAll the Boot Attestation templates can be configured according to your requirements. You can create,edit, assign, or delete templates.

Create a templateYou can create a new template from the Hypervisors tab and the Templates tab by using the createtemplate option.

Steps to create template through the Templates tab:



2 Click Menu | Configuration | Boot Attestation Configuration.

3 Go to the Templates tab, then click Actions from the bottom left corner.

4 Select Create Template.

2 Installation and configurationConfiguring the template


5 On the Create Template window, type these details:

• Template name— A name for the template

• Manufacturer — Select the appropriate manufacturer.

• Firmware version — Select firmware version to filter hosts.

• VMM version — Select VMM version to filter hosts.

• Select host — Choose the host for which the template must be created.

• Select the Firmware version and VMM version sensor settings.

6 Click OK.

Creating a template through the Templates tab is the recommended approach when the number of hostsare more.

Create template through Hypervisors tabThe Hypervisors tab provides an option to create templates for the selected hosts.

Steps to create template through the Hypervisors tab:




3 Select a host from the list of hosts available in the Hypervisors tab.

Installation and configurationConfiguring the template 2


4 Click Actions, and select Create Template.

The Create Template window appears on the screen.

5 On the Create template window, type these details:

• Template name— Type a name for the template

• Select the Firmware version and VMM version sensor settings accordingly.

6 Click OK to complete creating the template.

Edit templateYou can change or update the template name and the sensor settings options by using the Edit Templateoption.




3 Go to the Templates tab and select the template that has to be edited.

4 Click Actions from the bottom left corner of the screen.

5 Select Edit Template.



6 Update the Template name or change the firmware and VMM sensor settings.

7 Click OK.

Assign templateThe Assign template option is used to assign templates to hosts through the Hypervisors tab.

Automatic template assignment happens at regular intervals, which assigns the template to theappropriate hosts.




3 From the Hypervisors tab, select the host where the template must be assigned.


5 Select Assign Template.

Installation and configurationConfiguring the template 2


6 From the Choose template option, select the template to be assigned.

7 Click OK.

Delete templateYou can delete a template by using the delete template option.




3 Go to the Templates tab and select the template that has to be deleted.


5 Select Delete Template.

A confirmation question appears on screen.

6 Click Yes to complete deleting the template.

You can navigate to the audit log file and view the detailed information on the success and failure statusof the template tasks such as create, edit, assign, and delete.



Registered vCenter account details and boot statusWhen you register the host, it appears in the System Tree in McAfee ePO, and displays boot attestationdetails. You can also view account details of the registered vCenter.

Property Description

Name Name of the vCenter that you registered in McAfee ePO.

Type Type of the Data Center Connector.

Last Successful Sync Displays the date and time when the last synchronization between McAfee ePO andVCenter occurred.

Last Sync Status Displays the synchronization status such as Synch Scheduled, Success, In Progress, andFailed.

Total VMs Displays the number of VMs that are available under the registered vCenter.

Running VMs Displays the number of VMs that are up and running under the registered vCenter.

Managed VMs Displays the number of VMs that are managed by McAfee ePO.

Auto Deploy MA Specifies if the administrator enabled the Auto deploy McAfee Agent task for theregistered vCenter account. Not available in this version.

Actions You can edit, delete, and synchronize the Vcenter account using McAfee ePO.

By default, the Firmware Trust Status and VMM Trust Status columns don't appear under System Tree. You mustselect and add them using the Choose Columns option under System Tree | Actions.

Boot Attestation Service provides five different types of attestation status:

• Trusted — Firmware and VMM values are matched with mapped host template configuration

• Untrusted — Firmware, VMM, or both values are not matched with the mapped host templateconfiguration.

• Unknown — The ESXi host is not registered or whitelisted, or the hardware used is not supported byIntel® TXT.

• Error — The McAfee ePO server is not able to retrieve the boot attestation details.

• Disabled — The host is assigned to a template which has both firmware and VMM sensors disabled,or either one of them is disabled.

You can view the boot attestation details of a host by double-clicking the host name listed under SystemTree. The boot attestation details are on the Virtualization tab.

Installation and configurationRegistered vCenter account details and boot status 2


2 Installation and configurationRegistered vCenter account details and boot status


3 Dashboard

Dashboards, which are comprised of monitors, help you track the key metric boot attestation status oflaunch‑time measurements of the platform with VMWare ESXi hypervisors.

McAfee ePO 4.6 — Dashboards are grouped under Private Dashboards.

McAfee ePO 5.1 — Reports are grouped under McAfee Dashboards.

Boot Attestation Service dashboardThe Boot Attestation Service dashboard is added to your McAfee ePO server when you install the DataCenter Connector for vSphere extension.

The dashboard displays a collection of monitors based on the results of the default Boot AttestationService query.

This is the default monitor for Boot Attestation Service, which appears under the Data Centerdashboard.

• Boot Attestation Status of Hypervisors — Displays the boot attestation status of vCenter hypervisors.

3


The boot status of the host's firmware and VMM versions are:

• Trusted — Both VMM and firmware versions of the registered ESXi host are trusted, or both thesensors are disabled in the template assigned to the host.

• Untrusted — Either VMM or firmware version of the registered host is not trusted.

• Unknown — The ESXi host is not registered or whitelisted, or the hardware used is not supported byIntel® TXT.

• Error — The McAfee ePO server is not able to retrieve the boot attestation details.

You can view the boot attestation details of a host by double-clicking the host name listed in the SystemTree. The boot attestation details are on the Virtualization tab.

3 DashboardBoot Attestation Service dashboard


Index

Aabout this guide 5accounts, registering 14

automatic mapping 17

Bboot attestation server

components 7configuring 11

registering 9, 17

setting up 9, 10

verifying boot status 7boot attestation service

about 7boot verification 7installing 9upgrading 17

boot statusdisplaying 25

retrieving and displaying 23

Cconfiguration 18

connector, choosing 14

conventions and icons used in this guide 5

Ddashboard

boot status 25

dashboardsboot status 25

viewing 25

documentationproduct-specific, finding 6typographical conventions and icons 5

EePolicy Orchestrator

components 7install extension 13

ESXi hostdeploying 11

extensiondownloading 10

installing 9, 10, 13

Hhypervisors 14

Iinstallation

deploying the OVA package 9downloading the software 9installing the extensions 9overview 9requirements 10

upgrading the service 9

MMcAfee ServicePortal, accessing 6

Oopen virtual appliance, importing 11

SServicePortal, finding product documentation 6status

boot status 25

viewing 25

System Tree 23

Ttags, defining 14

technical support, finding product information 6templates

assigning 21

configuring 18

creating 18

deleting 22

editing 20

VvCenter, defining 9


verification, boot 7virtual machines

boot status 14

discovering 14

virtual properties, displaying 14

VMware vCenter accountdefining 14

VMware vCenter account (continued)registering 9, 14

viewing details 23

vSphere client 11

Index


mcafee boot attestation service 3.5 · • from the mcafee download site, download and extract the...

Documents