I received an email a couple of days ago from 1 of my contacts within Trend Micro. He told me Trend is working on a new version of OfficeScan which is taking into account the desktop environment is virtualized.
As most of you know Anti Virus in a VDI environment could lead to performance issues (high resource usages on Hypervisor servers and high disk I/O’s). Especially full scans and the update of the virus definition files could be bottlenecks.
“Serialization” of scans and updates on an ESX/vSphere server base is Trend’s answer;
Full System Scans During a full system scan, the entire file system is scanned for malware. This introduces a notable amount of load on any individual system. Typically, full system scans are scheduled by the administrator to take place at a certain time (e.g. 3PM on Thursdays). If several—or all—virtualized desktops start a full scan at the same time, the underlying shared hardware of the VDI server will experience extreme load, causing a slow- down of all virtual systems on the server. To ensure smooth operation and normal load on the host system, a VDI-aware endpoint security solution must serialize full scans for systems on the same VDI host. Component Updates Larger client updates present many of the same challenges and must be treated in a similar fashion to system scans. Pushing out a major update to multiple virtualized desktops at the same time can saturate the host’s network connection and introduce high I/O load on the host. This can seriously impact the performance impacton the virtual desktops that are running at that time. This load balancing must also be addressed with VDI-aware endpoint security. III. HOW TREND MICRO CAN HELP SERIALIZATION OF FULL SYSTEM SCANS PER VDI-SERVER OfficeScan will allow only a given number of virtualized endpoints to perform a full system scan at the same time. With this serialized approach, the overall impact on performance is low, yet all systems will be scanned—one after the other. SERIALIZATION OF CLIENT UPDATES PER VDI-SERVER Similar to the serialization of full scans, OfficeScan management will only update a configurable number of virtualized desktops per VDI server at the same time. PRE-SCANNING AND WHITELISTING OF BASE IMAGES Most virtual desktops will be created using the same base image. Administrators can pre-scan and whitelist the elements of that base image. The result is that in each instance of virtual desktop, OfficeScan will only scan for deviations from the base image. This eliminates most extraneousscanning, resulting in much shorter scan times which ultimately contribute to lower performance impact and increased productivity. INTEGRATION WITH VDI MANAGEMENT The next release of OfficeScan will integrate with VDI management to retrieve information about the status and location of secured virtual desktops. This will help optimize resource utilization across the entire virtual desktop environment.
I’m curious about this new version and will test it asap. Below you will find a link to the beta software and I have attached Trend Micro’s White Paper.
Trend Micro White Paper: