VMware Horizon Community
giddyup
Contributor
Contributor

Trend Deep Security vs OfficeScan vs Other Anti- Virus Solutions?


Hello,

Our organization is currently using Deep Security 7.5 and officescan 10 for virus protection for virtual and physical endpoints.  We have 130 virtual Windows 7 desktops and around 55 virtual Windows 2008 servers using deep security and 20-30 desktops/servers using officescan.   This setup was deployed by a previous admin of the company.

I see the benifit's of deep security by scanning at the hypervisor and offloading the scanning to the DSVA.   But would and environment our size be Ok  leveraging OfficeScan (which currently is running on a hand full of virtual servers)?

Here's what I don't like about deep security.  Were a small shop and there are a lot of moving parts to consider while upgrading to Deep Security 8.  Having to upgrade vShield manger, vShield endpoint, vShield endpoint guest drivers, vCenter 5,  Deep security Manager, Deep security Filter driver, Deep Security Virtual Appliance, Deep security Agent and finally Deep Security Relay in one maintenance window.

I see this not being as much of a problem in larger orginization's where they have storage teams, server teams, application teams, etc..  but for a one man show, not so much.

Is anyone out there running Trend OfficeScan in an environment our size?

Or any other feedback from folks that use or did use deep security and have since changed to a different anti virus platform.

End state goal is trying to leverage a solution that fits our environment and not use a battle ship when I can be using a pontoon boat ; )

Thanks

Giddyup

Reply
0 Kudos
6 Replies
vincikb
Contributor
Contributor

Hi Giddyup, that is an interesting question you pose.  We currently have 1,600+ VDI desktops and 600 servers all using OfficeScan.  We are running a POC of Deep Security and like you pointed out while everything was easy enough to setup there are a lot of moving pieces to make it all work.  I too am trying to decide if all of that is worth the effort or to just stick with OfficeScan and take the RAM hit for running all those copies of AV on each VDI. 

Reply
0 Kudos
giddyup
Contributor
Contributor

vincikb

How did your DS POC go?   Were still going back in forth about ripping deep security out and just going with office scan.  To your point, I would almost rather take a litte more hit on resources and just stagger the scanning.  My biggest pain point is how many things have to be upgrade in one maintenace window.   Deactive all  trend DSVA's, Unprepare ESXi host from Deep security manager, remove vShield endpoint from ESXi hosts, Remove vShield endpoint on ALL VMs, Uninstall vShield Endpoint manager,  Upgrade vCenter, Upgrade vShield endpoint manager, Upgrade ESXi hosts, Install vShield endpoint back on all VMs, and now you can finally start your deep security manager upgrade and redeploy your DSVA's ..... :smileyplain:

So the question I raised is what happens if I encounter any issues with just my VMware vSphere upgrade during the maintenance window and can't complete Deep security upgrade?

Run dirty with no AV protection?...  LAME

I found this link this morning which even discouraged me more about DS 9: http://www.philvirtual.com/it/vmware/trend-deep-security-9-do-not-upgrade/

Reply
0 Kudos
vincikb
Contributor
Contributor

All very good points to consider giddyup.  We are still in our POC now for almost 3-4 months and nobody can decide what they want to do.  We have brought in other vendors to look at for their NAC solution but none of them have been as well integrated as Trend into a VMware solution since we are 100% virtualized for 1,600 desktops.  Today like I said everything runs smooth and easy with OfficeScan across our entire environment.  We take the hit for A/V updates at 3AM each day and you can tell based upon the spikes we have on our storage during that time.  But its ok since its so early in the morning and nobody really notices the slowness for that 30 minutes or so.  We tried using SmartScan with OfficeScan but ran into all sorts of slowness problems and filed a bug report with Trend, so until its fixed we are still using the Conventional Scan engine. 

But as the more I read and think about your comments about Deep Security you still bring up a very good point.  With everything being so integrated together to work it may be a huge pain to upgrade everything correctly and to keep track of all the versions so that everything is supported.  We are having a similar problem right now with upgrading to View 5.2 in which we found two bugs so we are stuck on View 4.6 until the next version of View comes out.  This also keeps us from going to vCenter 5.x and is also holding us up from using vCenter Navigator and some other things.  When everything works correctly VMware works great but with all of the different versions its hard to keep track of upgrade paths and then you tie it into a 3rd party solution like Trend and it makes it even more complicated.  Feel free to email me directly if you want to talk more.

Reply
0 Kudos
giddyup
Contributor
Contributor

vincikb

On a side note with View,  Did you try going to version 5.0 instead of 5.2?  I was on 4.6 and didn't encounter any issues going to 5.0.   I didn't go to 5.2 from talking to some consultants and reading some issues people had trying to go to from 4.6 to 5.2.

I'm also going with 5.0 for vCenter and ESXi from issues I've read.   Once everything is on 5.0 I'll wait for 6 to come out Smiley Happy

Again thanks for sharing your thoughts and experience!

Reply
0 Kudos
vincikb
Contributor
Contributor

giddyup, we wanted to go to straight to View 5.2 because it fixes the session timeout problem for external users that are using NAT on their home networks.  We set 5.2 up in test and it does indeed fix that bug but we ran into problems with our WYSE P25 Zero Clients (which are now fixed with firmware 4.1) but also have ran into an issue with the audio cracking problem that is on the KB article on VMware's site.  After talking to VMware and Teradici they didn't feel this problem started until 5.x and hinted at the fact that it will be fixed in the next maintenance release of View.  So I think we are going to stick with View 4.6 for now and upgrade when the next release of View comes out.

Reply
0 Kudos
LaPage
Contributor
Contributor

Hi Giddyup

I want to respond to the original query, and have not taken other comments into account, I have added my comments in bold.

Firstly Deep Security is on version 9 (as I am sure you are aware) and it is a lot more refined product since the 7.5 days, I would look to move to this version asap.

Our organization is currently using Deep Security 7.5 and officescan 10 for virus protection for virtual and physical endpoints.  We have 130 virtual Windows 7 desktops and around 55 virtual Windows 2008 servers using deep security and 20-30 desktops/servers using officescan.   This setup was deployed by a previous admin of the company.

I see the benifit's of deep security by scanning at the hypervisor and offloading the scanning to the DSVA.   But would and environment our size be Ok  leveraging OfficeScan (which currently is running on a hand full of virtual servers)?

It depends how you look at it - you get a similar level of protection as the products uses essentially the same scan engines an pattern files so both Officescan and Deep Security should be aware of the same threats at the same time.  A basic DSVA requires 2GB Ram and 20GB HDD, the pattern file for OSCE is aprox 100mb + installation space etc - this soon mounts up and dwarfs the requirements of a DSVA.

Here's what I don't like about deep security.  Were a small shop and there are a lot of moving parts to consider while upgrading to Deep Security 8.  Having to upgrade vShield manger, vShield endpoint, vShield endpoint guest drivers, vCenter 5,  Deep security Manager, Deep security Filter driver, Deep Security Virtual Appliance, Deep security Agent and finally Deep Security Relay in one maintenance window.

The devil is in the detail - as long as the environment is ready and you have the pre-requisites met then you are fine - I did an install this week on 4 ESXI hosts with aprox 50 Vms in less + config in less than a day as the end user got the environment ready for the install - the version 9 guides are a lot better as well, the previous documentation is far to complicated.

I see this not being as much of a problem in larger orginization's where they have storage teams, server teams, application teams, etc..  but for a one man show, not so much.

You don't need all of these people / teams, get straight in your mind what to do and when and you will be fine, don't point and click and hope for the best, plan and you will be ok.

Is anyone out there running Trend OfficeScan in an environment our size?

There are many users smaller than you using OSCE and Deep Security - it's your choice.

Or any other feedback from folks that use or did use deep security and have since changed to a different anti virus platform.

I install both environments, both are straightforward to install and manage as long as you plan.  Don't forget if you use Deep Security you can get rid of Officescan and have agentless AV on the ESXI hosts and agent-based AV on the endpoints.  With the Deep Security you have CPU licenses as well so not matter what the number of VMs, you do not have to buy additional licenses.

Hope this helps

Reply
0 Kudos