Hello together,
I'm new to vmware view I'm planning to set up an automated desktop pool with provisioning. My question is:
I am going to install my golden master so complete as possible with my third party apps, right?
But what will happen with my managed anti-virus solution. I am using F-Secure with the F-Secure Management appliance where every Client is checked in by his unique number/name.
If I install the anti-virus in the golden master image what consequenzes will this produce in my antivirus management? Do I have only one client to manege, or do i get more clients??
hope you know what I mean
regards
Dennis
can you install the client in Unmanaged mode in your master and then have it "phone home" during deployment of a linked clone, otherwise you will have either x# of clients all with the same machine name, this should not increase the Linked clone size too much as it should only be registry changes or perhaps a couple of files and a virus DAT update. also consider your policy on Virus Scans, you really do not want all your VDI Guests to kick off their scan at the same time. :smileygrin:
If you found this or any other answer useful please consider the use of the Helpful or correct buttons to award points
Tom Howarth VCP / vExpert
VMware Communities User Moderator
Blog: www.planetvm.net
Contributing author for the upcoming book "[VMware vSphere and Virtual Infrastructure Security: Securing ESX and the Virtual Environment|http://my.safaribooksonline.com/9780136083214]”. Currently available on roughcuts
We use Symantec and in our case each client is assigned a unique GUID on the installation of AV. Symantec had a KB article for this very problem and the solution was to delete the GUID through the registry right before shutdown. This would result in each client created from that template creating a new GUID on startup and thus everyone having a unique identifier. Maybe F-Secure has something similar.
If you found this or any other post helpful please consider the use of the Helpful/Correct buttons to award points
Another option is to not install the AV solution intially in your golden master but deploy it through group policy when the computer joins the domain the first time, this has worked ok for us.
Have you considered virtualizing the application and deploying the virtualized application to the workstation upon connection?
Hi Mike,
I'm going to hijack the thread a bit here... why would you want to virtualize an application on a virtualized desktop?
And how would you do that?
Ken
If you virtualize the application ( Citrix, App-V, ThinApp) and deploy it via some other means you are reducing the amount of items that need to be installed and maintained in the golden image and thus all VDI machines.
If you found this or any other post helpful please consider the use of the Helpful/Correct buttons to award points
Do your licenses for VDI's include the opportunity to virtualize applications, or is the ability to use ThinApp an additional license from VMWare?
If so, this may not be effective for this user.
You will want to check with your rep but I believe the premier version of VMware View gives you the ability to use ThinApp.
If you found this or any other post helpful please consider the use of the Helpful/Correct buttons to award points
If you own the Premier package you have the license for ThinApp.
If you found this or any other answer useful please consider the use of the Helpful or correct buttons to award points
Tom Howarth VCP / vExpert
VMware Communities User Moderator
Blog: www.planetvm.net
Contributing author for the upcoming book "[VMware vSphere and Virtual Infrastructure Security: Securing ESX and the Virtual Environment|http://my.safaribooksonline.com/9780136083214]”. Currently available on roughcuts
virtualised applications add a dimention to your VDI deployment, by coupling them with a profile management solution, you can completely decouple the user from the machine
If you found this or any other answer useful please consider the use of the Helpful or correct buttons to award points
Tom Howarth VCP / vExpert
VMware Communities User Moderator
Blog: www.planetvm.net
Contributing author for the upcoming book "[VMware vSphere and Virtual Infrastructure Security: Securing ESX and the Virtual Environment|http://my.safaribooksonline.com/9780136083214]”. Currently available on roughcuts
Tom has answered with many of the reasonsfor virtualizing applications.
I work in a very large enterprise environment and one major drain on resources is patching desktops - OS and applications.
By decoupling the application from the OS, I have the ability to have master images of each - 1 image to patch instead of 30,000 desktops to patch - which includes the infamous problems of laptops that are on again/off again connections to the network.
BTW - I know I am echoing MS's presentation on why to virtualize applications but it makes sense and I expect it to be the future of computing.
Lesser concerns include legacy applications that we just "can't" get rid of for operational issues -- need some way to provide those 8 bit applications to the 32/64 bit desktops and the ability to define by policy who gets what application and how many copies are available - more control in software licensing.
HTH
Mike
but is the virtualisation of an anti virus programm a good way? In my opinion it is something that have to be in the startup und should alwas be runnig.
Is it possible to control the thinapp so, that noone can shutdown the app?
And if the antivirus solution is a thinapp - I've the same problem...I can not controll it over the management server of my anti virus because the GUID is always the same...or am I wrong??
Haven't tested it so i can't answer whether it works or not - the View pilot is in the early planning stage.
From a patching standpoint, the master image should be all that matters - that is the image that goes to all virtual desktops.
Have to look at the documentation in terms of whether the users can "opt out" - based on our security environment, there are multiple applications that are not "opt out" acceptable and I am hoping to virtualize all of them.
I also expect to be able to govern whether the users can access local resources, add applciations, etc. We manage a very tightly controlled environment and the virtualization software will need to meet those requirements.
IMHO the App Virtualisation of a Anti-Virus is not a good fit, AV requires a close coupling with the OS to be completely effective, App Virt isolates the virtualised application from the OS and can not affect it. so, by that statement a App Virt'ed Antivirus package would only be functional with in the application virtualisation bubble. and not for any other applications or more importantly the OS
If you found this or any other answer useful please consider the use of the Helpful or correct buttons to award points
Tom Howarth VCP / vExpert
VMware Communities User Moderator
Blog: www.planetvm.net
Contributing author for the upcoming book "[VMware vSphere and Virtual Infrastructure Security: Securing ESX and the Virtual Environment|http://my.safaribooksonline.com/9780136083214]”. Currently available on roughcuts
How did you get on with this in the end Dennis?
I am about to embark on a view test deployment with Fsecure and would like to keep the central management console if I can.
Thanks.