9 Replies Latest reply on May 27, 2011 6:05 AM by Sargasso

    AV on VDI VMs

    caryers Enthusiast

      Forum:

       

      Is there a leader in the VDI AV(Anti-virus) space?  We are currently a Symantec AV shop. However, we want to find the best solution for our linked-clone VDI VMs. Symantec will not have a version that is VDI "friendly" or compatible out for several months. From my understanding, Trend Micro Deep Security

      seems to be a proven player. I have also been asked to determine if anyone is using Check Point Security Gateway Virtual Edition...

       

      Any feedback or experiences would be greatly appreciated. Thanks in advance...

        • 1. Re: AV on VDI VMs
          AndreTheGiant Guru
          User ModeratorsvExpert

          Trend Micro is some months ahead...

          Most of is product features can be agenteless... and they can work not only for VDI but also for servers.

           

          Other vendor probably will have similar features soon.

           

          Andre

          • 2. Re: AV on VDI VMs
            tacticsbaby Expert

            We are about to implement a McAfee MOVE (McAfee Optimized for Virtual Enviromnets) deployment for VDI. MOVE also supports servers and is hypervisor aware. It does not use the same VMware vShield Endpoint like Trend, but it is designed to reduce the CPU and memory overhead for your VMs by offloading the heavy work such as scanning to appliances that run on the host. As a plus you can also use MOVE with XEN environments.

            • 3. Re: AV on VDI VMs
              IP2008 Enthusiast

              Can I ask what your experience has been like with Mcafee Move?

               

              Thanks!

              • 4. Re: AV on VDI VMs
                tacticsbaby Expert

                We have not deployed it yet. I will post our experience as soon as we begin. If anyone else has experience with MOVE please share. Thanks.

                • 5. Re: AV on VDI VMs
                  MAHC Hot Shot

                  We are moving from Symantec to Trend because of their redundant AV applicance and agentless AV.

                  • 6. Re: AV on VDI VMs
                    tacticsbaby Expert

                    I have heard that while Trend does allow you to lighen the client size on each guest OS that it is not a completely agentless system. At least thats what the folks a McAfee told me. Although Trend is the first to utilize vShield Endpoint. Thoughts?

                    • 7. Re: AV on VDI VMs
                      MAHC Hot Shot

                      It depends on what package you decide to use is what I am seeing.  Some of the packages I am looking at appears to be truly agentless, another that has a dormant agent that is not activated till needed, and then another that has an agent but if compromised then a virtual appliance takes over and removes the virus to make the AV redundant.

                      • 8. Re: AV on VDI VMs
                        tacticsbaby Expert

                        Interesting. In MOVE there is an agent, but instead of being 120 MB like regular VSE it was shrunken to 20 MB and most if not all of the scanning was moved to an appliance.

                        • 9. Re: AV on VDI VMs
                          Sargasso Lurker

                          Trend Deep Security doesn't need an AV Agent on the guest OS. All the scanning is done by the virtual appliance. There is however a small driver for VMWare VShield endpoint that needs to be added to each guest.

                           

                          Trend OfficeScan 10.5 has been optimized for VDI environments but still requires an in guest agent. However that agent is considerably smaller than most. Officescan plugs into VSphere or Citrix environments allowing it to schedule scans in a sequential fashion thus avoiding scan storms, and allowing a single scan of "golden images". In this fashion linked clone images don't rescan common files but only scan data unique to each cloned instance.

                           

                          If you like I can hook you up with a local Trend engineer, McAfee's probably not the best source for info on Trend products;)

                           

                          (full disclosure I work for Trend)