cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
tberry
Level 7
Report Inappropriate Content
Message 1 of 5

VirusScan in the VDI Environment

Hi All, I have an environment at work that includes a group of VDIs. I am wondering if in place of installing the VirusScan program/agent on each individual VDI if there is a way to install it outside the VDIs and onto the Hypervisor level in some way. Thanks in advance for your assistance. Regards, Tim
4 Replies
jess_arman
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 5

Re: VirusScan in the VDI Environment

@tberry Can you clarify a little bit more in regards to what you mean about installing it outside of the VDIs? Do you mean like offload scanning?

VirusScan is not designed for use in VDI environments and would not be our recommendation for the most efficient way to protect your virutal environments. We do have two products which are intended for this type of environment: MOVE which provides an offload scanning structure and Endpoint Security for Servers (can be installed on workstation class VMs also) which still installs on the endpoint but utilizes SmartScheduler functionality to limit activity based on Hypervisor resource utilization thresholds. 

Please review the following overviews/product guides and let me know if this is what you were looking for, or not. I think that MOVE is going to better fit what you're looking for.

MOVE (Management for Optimized Virtual Environments)

  1. Overview
  2. 4.8 Product Guide PD28020
  3. FAQs KB83964

ENS for Servers 

5.2 Product Guide PD28025

 

Was my reply helpful?

If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

tberry
Level 7
Report Inappropriate Content
Message 3 of 5

Re: VirusScan in the VDI Environment

Hi Jess,

 

Thanks for the quick reply. To clarify - we are looking to avoid having to install the AV client on each individual VDI and was hoping there was a way to install it once outside the VDI level where this one instance of the client would handle scanning for all the VDIs, if that makes sense.

jess_arman
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 5

Re: VirusScan in the VDI Environment

@tberry You cannot achieve this type of architecture with VSE. To me it sounds like you would be most interested in MOVE Agentless.

 

Was my reply helpful?

If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

akatt
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 5

Re: VirusScan in the VDI Environment

@tberry 

Just to concur with what jess_arman has stated...

If you are using VMWare for your VDI's, then MOVE Agentless would suit the needs.  This provides a single scan server that is referred to as an SVM (Security, or Service, Virtual Machine).  Using integrated VMWare technologies such as NSX Manager, and Guest Instropsection SVM's, as well as a file-filter driver installed on the VDI's that comes from VMware's VMTools package, the systems can be protected by a single SVM for each host, and the protected systems do not require any McAfee software installations (not even the McAfee Agent).

If the VDI's are actually part of a virtual infrastructure for something like Azure, or Hyper-V, then there is an additional solution called MOVE Multi-platform, and also a solution called ENS for Servers.  MOVE MP and ENS for Servers are what we refer to as "hypervisor-agnostic," and as such they can function within any virtual infrastructure.  The difference, is that MOVE MP and ENS for Servers will require McAfee Agent installation on all systems.  With MOVE MP, you also need to create/install software on systems that will be strictly designated as offload scan servers.  With ENS for Servers, installations have to be done on each system, but its design is essentially a lighweight version of ENS that reduces overall hypervisor load.

MOVE Agentless was specifically developed for VMWare environments, as it is highly dependent upon VMWare technologies, and as such it doesn't function in any other type of virtual infrastructure.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community