When using virtual machines that run on a virtualization server, it is possible to run several instances of the same virtual machine from an original ‘gold image’. Because the identity is normally set at the time of the software installation, when multiple instances of the gold image are run at the same time, being exact replicas, they all attempt to use the same identity.
It follows from this that if the UTM9 endpoint software is installed onto the original gold image, all the virtual machines created from that gold image will have the same identity in the management console. This makes it impossible to correctly control the set of endpoint computers.
This article describes how to install UTM9 endpoint software on a gold image, so that every instance of a virtual machine run from that single gold image gets its own unique identity. This allows it to be managed correctly from the UTM console.
Known to apply to the following Sophos product(s) and version(s)
Sophos UTM v9
What To Do
In order to run UTM9 on gold images, you must force the MCS client to re-register with the server so that a new ID is assigned. This must be done when the new instance of the gold image is started for the first time.
The following procedure describes how to perform this process manually. If you wish to automate this process, refer to the section below: "Alternative ways of applying the changes".
- Stop the Sophos MCS Client service.
- Go to
%appdata%\Sophos\Management Communications System\Endpoint\Persist\ and remove the
Note: on XP the path is
%ALLUSERSPROFILE%\Application Data\Sophos\Management Communications System\Endpoint\Persist\
- Generate a “registration.txt” file containing the 13 character token and place it in the
%appdata%\Sophos\Management Communications System\Endpoint\Config\ folder. (Or on XP
%ALLUSERSPROFILE%\Application Data\Sophos\Management Communications System\Endpoint\Config\)
13 character token example:
Taken from the filename
SophosMcsEndpoint_4JIFSDOE276QZb68d.exe, the 13 characters are those following the _ (underscore) in the file name. In this case the 13 character token is
Note: It must be in the format
- Restart the Sophos MCS Client service. Re-registration will now take place.
Alternative ways of applying the changes
Once the gold image is ready you can created a batch file containing commands of the type used above. This batch file is passed in the 13 character registration token as a parameter and performs the required steps
You must shut down the computer so that the next time it is started up, a new id is assigned.