Install the Client Software from a Gold Image

Applies To: WatchGuard EPDR, WatchGuard EDR, WatchGuard EPP

In large networks with many similar computers, you can automate the process to install the operating system and other software with a gold image. This is sometimes referred to as a master image, base image, or clone image. You then deploy the gold image to all computers on the network, which eliminates most of the manual work required to set up a new computer.

To generate a gold image, install an up-to-date operating system with all the software that users might need, such as security tools, on a computer on your network.

Gold Images

Every computer where WatchGuard Endpoint Security is installed has a unique ID assigned. WatchGuard uses this ID to identify the computer in the web UI. If you generate a gold image from a computer and then copy it to other systems, every computer that receives it inherits the same WatchGuard Endpoint Security ID and the web UI only shows one computer.

To avoid this, you can use the Endpoint Agent Tool to delete the ID. The tool is available for download. For more information, see Create an Image for Windows Persistent and Non-Persistent Environments.

In non-persistent VDI environments, some virtual hardware parameters such as the MAC address of network interface cards can change with each restart. For this reason, device hardware cannot be used to identify computers or assign licenses to them. Additionally, the storage system of non-persistent VDI computers is emptied with each restart, which also deletes the ID assigned to the computer.

Create a Gold Image for Persistent VDI Environments

In a persistent VDI environment, the information stored on a computer hard disk persists between restarts. Therefore, to create a gold image you only have to configure updates of the WatchGuard Endpoint Security protection.

After you install an updated version of the operating system and all programs that users need, create a gold image.

To create a gold image for persistent VDI environments:

  1. Install the WatchGuard Endpoint Security client software.
    For more information, see Download the WatchGuard Endpoint Agent Installer.
  2. Make sure the computer is connected to the Internet.
  3. Assign the computer a security settings profile that has updates to WatchGuard Endpoint Security protection and knowledge enabled.
    For more information, see Configure Automatic Signature File Updates, Configure Per-Computer Settings, and Assign a Settings Profile.
  4. Open the Endpoint Agent Tool.
    1. To scan the computer and preload the WatchGuard Endpoint Security goodware cache, click Start Cache Scan.
    2. To delete the computer ID, click Unregister Device.
    3. Make sure the Is a Gold Image check box is selected.
  5. Turn off the computer and generate a gold image with your virtual environment management software.

Create a Gold Image for Non-Persistent VDI Environments

In a non-persistent VDI environment, you create two security settings profiles — one to update the gold image when you prepare it and for maintenance purposes, and one to disable updates when you run the gold image because it does not make sense to update WatchGuard Endpoint Security if the computer storage system reverts to its original state with each restart.

Prepare the Gold Image

After you install an updated version of the operating system and all programs that users need, create a gold image.

To create a gold image for non-persistent VDI environments:

  1. Install the WatchGuard Endpoint Security client software.
    For more information, see Download the WatchGuard Endpoint Agent Installer.
  2. Make sure the computer is connected to the Internet.
  3. Assign a security settings profile to the computer that has updates to WatchGuard Endpoint Security protection and knowledge enabled.
    For more information, see Configure Automatic Signature File Updates and Configure Per-Computer Settings.
  4. Open the Endpoint Agent Tool.
    1. To scan the computer and preload the WatchGuard Endpoint Security goodware cache, click the Start cache scan button.
    2. To delete the computer ID, click Unregister Device.
    3. Make sure the Is a Gold Image check box is selected.
  5. Assign the computer a security settings profile that disables updates of the WatchGuard Endpoint Security protection and knowledge.
    For more information, see Configure Automatic Signature File Updates, Configure Per-Computer Settings, and Assign a Settings Profile.
  6. From the Windows service app, disable the WatchGuard agent service to make sure it does not start automatically when you use the gold image on virtual instances.
  7. Turn off the computer and generate a gold image with your virtual environment management software.
  8. In the WatchGuard Endpoint Security web UI, from the top navigation bar, select Settings.
  9. From the left pane, select VDI Environments.
  10. Configure the maximum number of computers that can be active simultaneously.
    This allows automatic management of the licenses used by these computers. For more information, see Configure VDI Environments.

Run WatchGuard Endpoint Security in a Non-Persistent VDI Environment

For WatchGuard Endpoint Security to run properly, you must change the startup type of the WatchGuard agent service, which was previously disabled in the gold image.

To change the startup type of the WatchGuard agent service, from the GPO management tools:

  1. Make sure that the GPO management tools are on a domain-connected physical computer.
  2. Create a GPO to change the startup type of the WatchGuard agent service.
  3. In the GPO settings, navigate to Computer Configuration > Policies > Windows Settings > Security Settings > System Services > WatchGuard Endpoint Agent.
  4. Change the service setting to Automatic.
    The service starts automatically on the next reboot and the client is integrated in the web UI.

Manually Update the Gold Image in a Non-Persistent VDI Environment

Because the security settings that VDI computers receive have updates disabled, we recommend that you update the gold image manually at least once a month. This makes sure that the VDI computers receive the latest version of the protection and the signature file.

To manually update the gold image in a non-persistent VDI environment:

  1. In the Windows service app, enable the WatchGuard agent service.
  2. Make sure the computer is connected to the Internet.
  3. Assign a security settings profile with updates to WatchGuard Endpoint Security protection and knowledge enabled.
    For more information, see Configure Automatic Signature File Updates, Configure Per-Computer Settings, and Assign a Settings Profile.
  4. Open the Endpoint Agent Tool.
    1. To scan the computer and preload the WatchGuard Endpoint Security goodware cache, click Start Cache Scan.
    2. To delete the computer ID, click Unregister Device.
    3. Select the Is a Gold Image check box.
  5. Assign the computer a security settings profile that disables updates of the WatchGuard Endpoint Security protection and knowledge.
    For more information, see Configure Automatic Signature File Updates, Configure Per-Computer Settings, and Assign a Settings Profile.
  6. Disable the WatchGuard Endpoint Agent service to make sure that it does not start automatically when you use the gold image on virtual instances.
  7. Turn off the computer and generate a gold image with your virtual environment management software.
  8. In the VDI environment, replace the previous image with the new one.

View Non-Persistent Computers

WatchGuard Endpoint Security uses the fully-qualified domain name (FQDN) to identify computers which had their ID deleted with the Endpoint Agent Tool and which are marked as gold image.

To view a list of non-persistent VDI computers:

  1. In the web UI, from the top navigation bar, select Settings.
  2. From the left pane, select VDI Environments.
  3. Click the Show Non-Persistent Computers link.
    The Computers list shows only non-persistent computers.

See Also

Manage Settings

Configure Automatic Signature File Updates

Configure Per-Computer Settings

Create an Image for Windows Persistent and Non-Persistent Environments