So, we have 120 VM's running on a NetAPP filer. We had this many for nearly 18+ months. Running ESX 3.0.1 Enterprise with VC 2.0.2. We've been running SAV 10.x for nearly a year with no problems. In the past 10+ days however whenever we download new virus definitions (6:15PM Pacific) the definition upgrades hits all VM's at the same exact time and puts a significant[/u] load on our filer. Now, obviously you would assume this to be normal, but for the past 18 months, we've been using the same exact schedule and process and did not see any problems.
Has anybody else running SAV on VM had this same problem recently?
Also, what are people using for solutions for updating virus definitions on SAV, McAfee, etc when all VM's share the same spindles on your SAN ? What techniques do you use to throttle the definition deployment.
I can't see a simple def update causing those types of problems. It's usually a 5-10MB download and not really file intensive. Are you sure there are no on-demand scans running after they download. If you had 120 VM's all scanning their complete hard drives for viruses at once it would definitely cause alot of disk I/O. Are sure your configuration has not changed or perhaps a engine update changed the behavior of the A/V scanner. I'd contact Symantec and have them look into why there app is causing so much disk I/O.
Our SAV guy is going to make a call tomorrow. Past experience with Symantec support sucks in my opinion
It's weird, like I said, we've had 100+ VM's for 18 months running on the same hardware so I too suspect an engine update or config changed but we've been over it with a fine-tooth comb and can't find anything.
Cool, let us know what they say. If's it's been working just fine for 18 months something had to of changed and most likely it was something in the app itself.
As a SAV admin for our desktop environment, I've seen this behavior when something is triggering a full definition update instead of an incremental. I'm too lazy to find the kb article about it on symantecs site right now.
If at all possible any SAV runs should be staggered across your virtual infrastructure. Specifically full disk scans or you will run a SAN into the ground. Any chance your runs can be staggered?