Anti-virus Kaspersky light agent for VMware

Hi guys,

I'm evaluating which option is better for my environment as I'm using VMware essentials (3 hosts with vcenter) I need a agentless or something similar for my virtual machines. I've been reading and the agentless solution from Kaspersky is not good beucase it needs vshield, which is only available on the most expensive vmware enterprise licenses. As I'm using vmware essentials I can't have vshield.

The options left are the light agent and the normal kaspersky installed on each VM like done in a normal barebone hardware running Windows .

This light agent solution seems interesting as I'm going to have a central VM doing all the heavy work and storing the AV databases. But I would like to know from your guys opinion what other vendors might be doing regarding this approach, is there any other company competing in this area with Kaspersky? Anything as good, or even better?

Thanks!
AlexAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Any vendor based anti-virus, real-time scanning engine, causes an overhead in the VM.

We look at what surrounds the VM, so we have anti-virus on the Internet Gateway, Mail Gateway, Exchange Servers, and File Servers, so we do our best have Anti-Virus products, and leave VMs without anti-virus installed.

Most these days are Browser based payloads and attacks, and WE don't use BROWSERS on Servers.

Is this for Desktop or Servers ?

Have you looked at Trend Suite ?
0
AlexAuthor Commented:
You mean you have anti-virus at the gateway in which way exactly, a normal client software installed on a machine that servers as gateway? Can you clarify please?

Well you say you leave your servers with AV and your VMs without. My servers are all VMs, so I'm not sure what do you mean by that.

We have Microsoft RDS servers, lots of them. Shared based session servers basically and all of them browse the web heavily for the thinclients.

I'm looking at trend, but it seems it needs vshield for the VMware solution, no in between fat client and agent less. Do you guys use it?
0
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Proxy Server, or what ever mechanism you use for clients to access the internet.

Okay, so all your servers are VMs, so what is the risk?

Unless you use your Servers as Workstations?

Do you have firewalls enabled, do you have your servers regularly patched.

If you use Real Time scanning engines on RDS, performance will be affected.

We use Trend, some of our clients use Trend, some do not use Anti-virus, and some do use anti-virus, and understand the VM/RDS will take a performance hit, and therefore have more servers to take the loading.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

AlexAuthor Commented:
I'm still checking what we will use as a proxy, perhaps Bloxx as we have already used before, or Barracuda as I'm going to test it later.

T wan to have a file level scanning running on file servers so if someone dumps something with a virus there, it is scanned and blocked so no one else can access in in case it is something dodgy as a fileshare. The RDS server will need to have real time scanning, memory, files open, browser activity too perhaps. I know performance will be affected but I'm looking for a solution that can minimise  the performance hit. So far Kaspersky seems interesting with the central repository/database/scanning as then it use light agents on each server to collect the information. I'm not sure in real life how it works, first time I'm doing this and it seems it is fairly new technology.

I use pfSense as a firewall.

So with Trend, do you use the normal fat client software on the servers you need protection? What do you do with protection for RDS servers?

Thanks!
0
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
We are not convinced by "light agents" all Agents, on a server scanning in real time will cause a performance hit.

Be careful, you don't end of with a broad cast a storm, hitting all your servers at the same time, causing performance issues on the datastores.

Trend for everything, Trend was one of the first Anti-virus packages to have RDS scanning. If not the first Anti-Virus product to be verified by Citrix.
0
AlexAuthor Commented:
Yeah, I'm not convinced too, it is fairly new. It goes down the line with vShield for VMware. Have you ever used it?

The light agent will cause performance hit, but we hope it causes a smaller hit with this centralised approach.

Wouldn't this storm be more likely to happen with standalone fat clients running on the servers for example?

How this RDS scanning works in your opinion? Does it work well for a RDS farm? We will have several servers, so I would like to understand if it can somehow not scan the same file several times because if is being accesses by differnet RDS servers.

So let's say USER1 open file at RDS1, what happens if USER2 opens the same file at RDS2? will it be scanned again?
0
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Yes, we use vShield for VDI mainly, to prevent broadcast storms on the Datastore.

Anti-Virus is a compromise, between performance and security. (unless you use vShield!)

All transactions are scanned, but Trend, scans at the network layer, to stop the process getting into memory, some scan memory for the pattern file.

You need to evaluate them all, and see how performance affects your environment.
0
AlexAuthor Commented:
Just go a word from the reseller saying that the light agent won't work on Windows 2012 R2.

So with Trend is or the full fat client installed on each VM or then the vShield appliance, there is no in between right?
0
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
That's correct.

Install the full fat client, and take the performance hit!
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VMware

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.