Client Security 10 with VDI

Hello All.

We're currently deploying a VDI solution using Citrix VDI-In-A-Box. It basically runs as a virtualised appliance on an MS Windows Hyper-V 2008 Server.

Therefore, when you commission client PCs, they are created as Virtual Windows 7 PC instances in Hyper-V.

The problem we have is that once you've created a machine build template & publish it, it gets cloned effectively everytime a user logs on giving them their own machine or individual desktop if you like.

However, while each machine then has a unique account created in AD, the F-Secure PM see's subsequent machines as identical, therefore not registering any further hosts!

What we have observed is that F-Secure does see the first cloned machine from each template but subsequent PCs are not seen as separate entities, even though they have unique AD machine accounts.

What seems to be the issue is that the machines have the same UID, even though we deploy the client installation with the Randomise option set.

Even though all the clients update, I'm concerned that this isn't working as it should & then there's the fact that we'll never actually get proper stats back or be able to identify any potential security issues that F-Secure reports because it'll be unable to identify the actual problem host!

Any ideas? Is there a workaround or a fix?

Many thanks.

Find more posts tagged with

Comments

Vad

Hello All,

For your information:

Hyper-V is also supported by F-Secure Suite for the Virtual and Cloud Environments since Beta2.

Best regards,

Vad

Rick586

Hello Tamas.

I've already been asked by PM and are considering it, thank you.

However, we are using the Citrix VDI with MS Hyper-V and not VMWare. Vendors seem to always assume that organisations have the money to spend on expensive solutions such as VMware but if you're a small to middle size company, we've found that Hyper-V scales very nicely and we're a typical mid-sized company which don't have huge budgets so we have to seek alternatives which are more cost effective.

We've also found that quite a few small to mid-sized companies have started using Hyper-V because when they did the costing, found that with VMware, the costs escalated quite rapidly.

Therefore I hope that F-Secure are going to put resources into product development for MS Hyper-V, especially in view of the current global economic climate with organisations seeking to keep outgoing costs down. I also expect as a result of this, Hyper-V will gain more market share as a result.

Lastly, I'm fully aware that VMware still offers a number of features which are better suited to larger organisations in terms of scalability and ease of management, etc but if you're a smaller organisation and don't need those extras, then Hyper-V really does fit the bill!

Many thanks, Rick.

etomcat

Dear Rick586,

Please note that F-Secure Corp. is now developing a novel, more resource-efficient protection suite for the virtual and cloud environments, including support for "Citrix VDI-in-a-Box 5.x for VMware ESXi". It is possible that you could be part of the beta2 testing, if interested.

Sincerely: Tamas Feher, 2F 2000, Hungary.

Rick586

Hello Vad.

Thank you for this information as it has worked a treat and just like you explained it would.

All our Windows hosts within the VDI enviroment are now registering as seperate hosts in the PM.

Many thanks,

Rick.

Vad

Hello Rick586,

The problem is that your template already has the UID specified, doesn't matter is it Random or SMBIOS, and when you clone it, you just get the new machine with same UID.

Please, try the following:

Install Client Security on a template with SMBIOS GUID selected. On the tamplate execute in CMD:

fsmautil resetuid randomguid

(You can find fsmautil utility in F-Secure\common folder.)

After this procedure your template is ready, and each cloned machine will get new random GUID after first reboot.

Best regards,

Vad