VDI deployment

Hello everybody,

We are preparing to implement an Antivirus Protection of F-Secure (Business suite), to a client that has a Citrix VDI environment. We need to know where to obtain all the necessary documentation to be able to understand well this type of scenarios.

Also Know about:

- Procedure to be followed and components to be used
- Best practices for persistent and non-persistent scenarios
- How the registry works / unregistration for environments with single-image management
- What recommendations are there for the update of virus signatures in non-persistent environments
- What are the recommended exclusions that should be considered in an implementation?

I look forward to your comments.

Find more posts tagged with

Comments

MJ-perComp

Client Security with activated "Offload Scanning Agent" is what you want in VDI.
ESS is a for a Citrix Terminal Server or Exchange Server.
It has the same "role" as Client Security in Windows.

fpinillo

Matthias, when I talk about ESS, I mean Email & Server Security. The ESS within a VDI infrastructure, where should it be installed and what role does it have?

MJ-perComp

Sorry, but I have no Idea what you are searching for.
SRS ist installated as a standalone VM next to all VDIs
and Client Security 14+ is installed on the master, being the image for the VDIs.

The functionallity is configured via F-Secure Policy.
enlist the SRS servers (2 reccommended for failover).
and switch the setting on.

fpinillo

Hi Matthias,

Thank you for you comments

I understand what you are saying, however, where is the ESS function? The ESS where it is installed? In the PVS? Once the ESS is installed, what is its function and how would it work? F-Secure does not delve into any documentation this

Regards

MJ-perComp

Hi
while documentation explains all the steps needed
(https://help.f-secure.com/product.html#business/fsvs/latest/en/task_A9D53BA712464958B4D6E683AE28731F-fsvs-latest-en)

You have to understand the following:
1) The installation is not agent-less
2) The software installed on the VDI will still receive certain updates. So if your "golden image" becomes old, F-Secure will be somewhat "old". So, if you provide a new image on a daily basis the software will be pretty recent. Still it will download new updates for engines that reside in the Host and are not located on the SRS.

3) The scenario is to start all VDIs from a golden image, but depending on your setup you might trash that VDI in the evening or reuse it until a new image is provided.

The first will also delete all previous information on that client including temp files, logs, errors, events just all forensic history that is needed in case of an incident or for debugging. IMHO resetting a VDI on shutdown as a means to have a "clean environment every day" is a bad idea from the start, you then better think about why it gets unclean. Restarting a system with the same vulnerabilities every day, having to patch them after startup (or even leave them unpatched) while also the AV-Software gets reset to the same old egines and modules, creates a dangerous threat vector.

Reusing the same VDI on the next day (at least until the image was rebuild) will counter that threat, but also requires a diffenrent setup and more diskspace to store the engine state.

4) SRS is remembering (caching) the hashes it has previously analyzed. If a rebooted client ask an already know hash SRS will quickly return the answer. Usually the Client remembers the answer as well, caching it too, which will speed up the start of the client. After a reset this cache will be clean and the client will need to refetch the information from SRS. Depending on the number of SRSs and the amount of VDIs starting at the same time this might add same additional IO-load.

One trick to overcome some of the above problems VDIs can be pre-started. Sowhenever a User logs on, he gets a machine that is "clean" in the means of XEN, but also has updated everything in the background already. Still LOGs, History aso. are gone.

Hope this helps.

For a more specific recommendation I would rather ask you to query for a consultatnt. We'd be happy to advise you.

M.

fpinillo

Hi Tamas,

The SRS allows to lower the load to the virtual machine and to the VD, however, that is only a part of what is required for an implementation of a VDI infrastructure

Thank you

Fernando

etomcat

Hello,

> a client that has a Citrix VDI environment

There is a specific F-Secure product, which also supports "Citrix XenServer 6.2, 6.5" to boost the performance of F-Secure virus protection in virtualized environments. Please see:

https://www.f-secure.com/en/web/business_global/downloads/virtual-security

On that webpage you can find binary downloads and user/admin/implementation PDFs and release notes information.

Best Regards: Tamas Feher from Hungary.