Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2916
  • Last Modified:

Server 2008 R2 Remote Desktop Services Antivirus solution

Hello,
I am going to be implementing a new Server 2008 R2 domain structure running a Server 2008 R2 Remote Desktop Services server, Exchange 2010 Server and SQL 2008 Server all running in separate VM's on a Server 2008 R2 Hyper-V host and wanted some information regarding antivirus. I have a 55 user domain that all 55 users will log in via RDS. Currently we have a 2003 Domain running Terminal Services, Exchange 2003 and SQL 2005 running on their own physical boxes. The antivirus we use (ESET NOD32) is effective but runs a process for every user logged on and I have noticed that occasionally there are problems with the process that causes it to crash and sometimes crashing the primary ESET process and the server. I would like to move away from that type of situation.

We just recently implemented Postini Message Security service and I have been using OpenDNS content filtering along with a SonicWall TZ210 with the full Comprehensive Security Suite (Gateway AV, Spyware, Intrusion Prevention, Content Filtering) installed for some time. Keep in mind 48 of those users are accessing the server through VPN tunnels from remote offices and the TZ210 scans the VPN connections as well and the end users local pc's do have antivirus installed.

Those products/services seem to be doing a good job of blocking websites that are inappropriate and/or malicious and in blocking viruses, spam and malware before it actually hits my servers.

My question is has anyone had any experience using just firewall gateway and cloud based AV, Spam and content filtering and not installing any local AV on the server. The users have no way of physically accessing the server to use USB or the CD drive.

Any information and/or suggestions would be welcome.

Thanks in advance
Robert
0
Gadgetguyz
Asked:
Gadgetguyz
  • 9
  • 6
  • 3
1 Solution
 
Darius GhassemCommented:
Well in theory everything should be caught at the gateway filter but you know not everything is full proof. I suggest installing AV on the systems as well because this gives you a layer of security on the system itself. McAfee runs well on a Terminal Server.
0
 
GadgetguyzAuthor Commented:
True nothing is 100% even locally installed AV which is why I feel the multi-layered approach that I have in place should be a good defense w/o the resource drain of a locally installed product. Considering the end users cannot access physical equipment that opens up USB attacks etc. on the server I am hoping to be able to eliminate the cost, management and resource issues of installing an antivirus software. I am hoping someone has actual real world experience with a configuration similar to what I am wanting to use that can attest to it's effectiveness.

I do appreciate your comment!
0
 
Darius GhassemCommented:
I have had the configuration you want but again we still had some issues on the server itself even though users don't have access to the physical server the gateway device was still not catching everything which would allow for malware and virus to install on Terminal Server. Without virus protection on the Terminal Server we weren't notified of any infection until the system was fully infected and needed a rebuild at that point.

The overall issues are not knowing you are infected or not on the server.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
GadgetguyzAuthor Commented:
I see your point thanks for clarifying. What I have been seeing is even companies such as McAfee and Symantec are offering AV as a SaaS solution which is what Postini service is doing and the SonicWall is filtering email and http traffic. How long did you run your configuration?
0
 
Darius GhassemCommented:
Well the site had it in for a while but I don't know how long until  they got affectted and how long the site could have been potentially having private data been sent to hackers
0
 
GadgetguyzAuthor Commented:
Thanks I appreciate your input.
0
 
FlippCommented:
Just wanted to get some advice from someone as I have a very similar setup coming up with Server 2012 and Hyper-V with SonicWall TZ210 and about 30 Users.

Do you install AV on clients local machine as well on the RDS Server?

Any recommendations on configuring client machines to lock down?
0
 
GadgetguyzAuthor Commented:
I do not have software AV installed on the server at all. I have been running a router/cloud AV solution and AV installed on each workstation. I have been running this solution for a couple years without any issue. I have a SonicWall NSA 250MW running the comprehensive security suite.
0
 
FlippCommented:
Oh cool, so AV for Workstations is a hosted solution, so I am assuming all workstations even if they just are connecting to RDS Server have AV?
0
 
GadgetguyzAuthor Commented:
t
hat is correct each workstation has a stand alone installs of Microsoft Security Essentials.
0
 
GadgetguyzAuthor Commented:
Sorry that last comment was posted on my mobile not sure why it dropped that line down.
0
 
FlippCommented:
Do you manage these installs/updates in any way AND what product do you use on RDS Server?
0
 
FlippCommented:
We had looked at using MSE for Small Business but it seems to be only for Home or Home Office Use Only - unless something has changed?
0
 
GadgetguyzAuthor Commented:
I don't manage the workstations all they are is simply clients to connect to the RDS server. The RDS server has no anti virus all my anti virus is handled through my router and cloud solutions.
0
 
FlippCommented:
Interesting ....... would love to find out more about your architecture. You available via email or chat?
0
 
GadgetguyzAuthor Commented:
sure I'd be happy to talk to you about it do you use Google Plus?
0
 
FlippCommented:
Sure do - how do I search for you?
0
 
GadgetguyzAuthor Commented:
Here is a link to my profile - http://gplus.to/rwarren
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

  • 9
  • 6
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now