While implementing McAfee MOVE, I came across a weird issue where the vShield vmservice-vshield-pg portgroup was not present on the ESXi hosts in the cluster while vShield Endpoint was correctly enabled. This post shortly describes the vShield Endpoint solution and how I fixed this.
Implementing cool antivirus techniques like McAfee MOVE, Trend Micro Deep Security, Bitdefender Security and Kaspersky Security requires you to deploy vShield Manager and vShield Endpoint and requires a specific configuration order. With vShield Endpoint, you are able to perform antivirus scanning in your hypervisor layer. No need for agents inside your VMs, which decreases overhead and the amount of agents you need to manage.
vShield Endpoint is embedded in ESXi with vSphere 4.1 U3 and higher. If you are using vSphere Essentials Plus and higher, you don’t need additional licenses.
Before you can enable vShield Endpoint, you need to deploy vShield Manager and connect it to your vCenter Server. After deployment, you can install vShield Endpoint by navigating to the specific host in the Hosts & Clusters view and using the Summary tab to find the Install button for vShield Endpoint.
After installing vShield Endpoint, it should create a standard vSwitch on each host you enabled Endpoint on. This switch is used for communication between the antivirus appliance and the ESXi host and therefore does not require physical uplink ports.
In my case, the vSwitch and portgroup were not present on each host and I could not figure out why this was happening. Because Google does not return any hits on ‘missing vmservice-vshield-pg’ I thought it would be a good idea to place this post.
The solution was rather simple: uninstall vShield Endpoint from the host and perform a new install. This will take about 2 minutes for each host.
The problem was probably caused by the order in which Endpoint and the McAfee MOVE appliance was enrolled. You should first enroll the required security components and link them to vShield Manager, after which you can enable vShield Endpoint and it will start creating the local vSwitches.
Hopefully this information will save you some time Googl’ing! Thanks for reading!