To cover some of your points one by one.
- DataCenter connector for vSphere - You can tag a machine as it is discover/refreshed but this is per Cloud Account (vCentre), so If you operate one vCentre with all you HA's available, it doesn't really help since they all get tagged the same.
- You cannot auto tag any machine by any of the attributes which are discovered through the vSphere DCC, such as Host name (which would have been nice)
- If you go down the MOVE-AV route you don't need to do the DAT updates since there is is no scan engine on the guests, but the exclusions/low-risk-process policies are separate from VSE so you end up duplicating your work for the other Endpoint Technologies.
We are running MOVE-AV for VDI and Servers. If you have any specific questions surrounding MOVE-AV feel free to ask.
Honestly, MOVE AV is confusing. Hopefully you can shed some light.
In an agentfull application (i.e. no vshield) Is Linux supported or not? https://kc.mcafee.com/corporate/index?page=content&id=KB72839 says 2.5 or later. http://www.mcafee.com/us/products/move-anti-virus.aspx#vt=vtab-SystemRequirement s says no.
If yes, it is my understanding that MOVE Scheduler is only for Windows?
Other than that, what does the load on the offload scanner appliance look like? When it is down, of course scanning will stop but will clients notice? Does network latency come into play at all?
I have just a a quick look at the Product Guide for MOVE AV Multi-Platform 3.5 (no vShield)
The McAfee MOVE AV client software requires one of these operating systems:
• Windows XP SP3 (32-bit)
• Windows 2003 R2 SP2 (32-bit)
• Windows Vista (32-bit or 64-bit)
• Windows 2008 SP2 (32-bit or 64-bit)
• Windows 7 (32-bit or 64-bit)
• Windows 2008 R2 SP1 (64-bit)
• Windows 8 (32-bit or 64 bit)
• Windows 2012
• Windows 8.1 (32-bit or 64 bit)
• Windows 2012 R2 (64-bit)
Short answer - No Linux Support.
Load on the Offload Scan Server (OSS) - This will depend on the exclusion policies and the on access quantity and number of clients using the OSS, of which their is a hard limit.
OSS Down, the client will time out on the scan request, but best practise is to use a Primary AND secondary OSS, normally configured in the SVA policy.
Network Latency - Yes this will come into play, since the file is 'sent' to the OSS to be scanned by the VirusScan engine at the far end, so the Network latency will have an effect on the time it takes for the file to be sent to the OSS to be scanned.
I hope this helps.
Certified McAfee Product Specialist - ePO
A technique I use is running a scan or update by tag. In order to equally balance the number of virtual devices that get scanned at one time I use the last digit of the mac address. If the mac address ends in digit 0-5 then you are given a tag "group 1", if 6-9 then you are given the tag "group 2", if a-d then "group 3" and so on. This will create a pretty easy and automated way to may equal number of groups. New machines will automatically be placed in to the appropriate group without intervention. Then you can run a scan at 1:00pm on group 1, A scan at 2:00pm on group 2. Dat files can be run the same way.
Hope this make sense. It works really well for me.
Good points from both. Thanks very much guys. Some good info to get me started.