I have just virtualised a Windows 2003/Citrix Presentation Server 4.5 server onto a vSphere host with a NetApp FAS2020 using NAS as the datastore where the VM is stored. There are no other VM guests on the host at the moment, and the NetApp is not being used for any other purposes yet (i.e. nothing should be taxing the hardware). I have found that ServerProtect V5.58 real time scan running on the Citrix server maxes out the CPU to constant 100% once about 8 users are logged on. If I disable realtime scan, everything goes back to normal.
Clearly I need to be able to protect users Citrix sessions from malware. What is the best way to achieve this with Citrix/Terminal Servers on VMware?
Does anyone have a newer version of ServerProtect or even OfficeScan running successfully within Citrix/Terminal Services hosted on VMware?
Thanks,
D.
Hello,
Moved to the Security Forum.
Reinstalling Trend after a P2V could help but may not.
Trend also makes programs specifically for virtualization and vSphere that will do A/V scans using the vStorage API which will not as drastically impact performance, this is something to look into. Maybe not 'real-time' but will allow better overall scanning.
Best regards,
Edward L. Haletky VMware Communities User Moderator, VMware vExpert 2009, 2010
Now Available: 'VMware vSphere(TM) and Virtual Infrastructure Security'[/url]
Also available 'VMWare ESX Server in the Enterprise'[/url]
Blogging: The Virtualization Practice[/url]|Blue Gears[/url]|TechTarget[/url]|Network World[/url]
Podcast: Virtualization Security Round Table Podcast[/url]|Twitter: Texiwll[/url]
Hi,
is that a newly installed Server or P2V?
Frank
If you find this information useful, please award points for "correct" or "helpful".
It is a P2V of an HP server (I know not best practice but we will be going to XenApp 6 and Windows 2008 R2 soon so didn't want to have to rebuild the Citrix farm twice within a couple of months).
Have you do a deinstallation?
Deinstall, reboot, delete Trend Micro reg keys and install.
Also check the System logfiles.
Sometimes there are entrys that some Files where skiped by realtime Scan.
It depends on the Folder but maybe it is possible for you to skip this Folder for your realtimescan.
Frank
If you find this information useful, please award points for "correct" or "helpful".
Hello,
Moved to the Security Forum.
Reinstalling Trend after a P2V could help but may not.
Trend also makes programs specifically for virtualization and vSphere that will do A/V scans using the vStorage API which will not as drastically impact performance, this is something to look into. Maybe not 'real-time' but will allow better overall scanning.
Best regards,
Edward L. Haletky VMware Communities User Moderator, VMware vExpert 2009, 2010
Now Available: 'VMware vSphere(TM) and Virtual Infrastructure Security'[/url]
Also available 'VMWare ESX Server in the Enterprise'[/url]
Blogging: The Virtualization Practice[/url]|Blue Gears[/url]|TechTarget[/url]|Network World[/url]
Podcast: Virtualization Security Round Table Podcast[/url]|Twitter: Texiwll[/url]
I tried an uninstall and reinstall of ServerProtect but the problem still remained.
I have decided to deploy the latest version of OfficeScan (10.5) to see if it behaves any better.
Hello,
Be sure not to have your VMs all scanning their disks at the same time. Stagger things across time else A/V will impact performance greatly.
Best regards,
Edward L. Haletky VMware Communities User Moderator, VMware vExpert 2009, 2010
Now Available: 'VMware vSphere(TM) and Virtual Infrastructure Security'[/url]
Also available 'VMWare ESX Server in the Enterprise'[/url]
Blogging: The Virtualization Practice[/url]|Blue Gears[/url]|TechTarget[/url]|Network World[/url]
Podcast: Virtualization Security Round Table Podcast[/url]|Twitter: Texiwll[/url]