?
Solved

Anti-virus Kaspersky light agent for VMware

Posted on 2014-11-05
9
Medium Priority
?
522 Views
Last Modified: 2014-11-12
Hi guys,

I'm evaluating which option is better for my environment as I'm using VMware essentials (3 hosts with vcenter) I need a agentless or something similar for my virtual machines. I've been reading and the agentless solution from Kaspersky is not good beucase it needs vshield, which is only available on the most expensive vmware enterprise licenses. As I'm using vmware essentials I can't have vshield.

The options left are the light agent and the normal kaspersky installed on each VM like done in a normal barebone hardware running Windows .

This light agent solution seems interesting as I'm going to have a central VM doing all the heavy work and storing the AV databases. But I would like to know from your guys opinion what other vendors might be doing regarding this approach, is there any other company competing in this area with Kaspersky? Anything as good, or even better?

Thanks!
0
Comment
Question by:Alex
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 122
ID: 40424591
Any vendor based anti-virus, real-time scanning engine, causes an overhead in the VM.

We look at what surrounds the VM, so we have anti-virus on the Internet Gateway, Mail Gateway, Exchange Servers, and File Servers, so we do our best have Anti-Virus products, and leave VMs without anti-virus installed.

Most these days are Browser based payloads and attacks, and WE don't use BROWSERS on Servers.

Is this for Desktop or Servers ?

Have you looked at Trend Suite ?
0
 

Author Comment

by:Alex
ID: 40425720
You mean you have anti-virus at the gateway in which way exactly, a normal client software installed on a machine that servers as gateway? Can you clarify please?

Well you say you leave your servers with AV and your VMs without. My servers are all VMs, so I'm not sure what do you mean by that.

We have Microsoft RDS servers, lots of them. Shared based session servers basically and all of them browse the web heavily for the thinclients.

I'm looking at trend, but it seems it needs vshield for the VMware solution, no in between fat client and agent less. Do you guys use it?
0
 
LVL 122
ID: 40425807
Proxy Server, or what ever mechanism you use for clients to access the internet.

Okay, so all your servers are VMs, so what is the risk?

Unless you use your Servers as Workstations?

Do you have firewalls enabled, do you have your servers regularly patched.

If you use Real Time scanning engines on RDS, performance will be affected.

We use Trend, some of our clients use Trend, some do not use Anti-virus, and some do use anti-virus, and understand the VM/RDS will take a performance hit, and therefore have more servers to take the loading.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:Alex
ID: 40425897
I'm still checking what we will use as a proxy, perhaps Bloxx as we have already used before, or Barracuda as I'm going to test it later.

T wan to have a file level scanning running on file servers so if someone dumps something with a virus there, it is scanned and blocked so no one else can access in in case it is something dodgy as a fileshare. The RDS server will need to have real time scanning, memory, files open, browser activity too perhaps. I know performance will be affected but I'm looking for a solution that can minimise  the performance hit. So far Kaspersky seems interesting with the central repository/database/scanning as then it use light agents on each server to collect the information. I'm not sure in real life how it works, first time I'm doing this and it seems it is fairly new technology.

I use pfSense as a firewall.

So with Trend, do you use the normal fat client software on the servers you need protection? What do you do with protection for RDS servers?

Thanks!
0
 
LVL 122
ID: 40425915
We are not convinced by "light agents" all Agents, on a server scanning in real time will cause a performance hit.

Be careful, you don't end of with a broad cast a storm, hitting all your servers at the same time, causing performance issues on the datastores.

Trend for everything, Trend was one of the first Anti-virus packages to have RDS scanning. If not the first Anti-Virus product to be verified by Citrix.
0
 

Author Comment

by:Alex
ID: 40425928
Yeah, I'm not convinced too, it is fairly new. It goes down the line with vShield for VMware. Have you ever used it?

The light agent will cause performance hit, but we hope it causes a smaller hit with this centralised approach.

Wouldn't this storm be more likely to happen with standalone fat clients running on the servers for example?

How this RDS scanning works in your opinion? Does it work well for a RDS farm? We will have several servers, so I would like to understand if it can somehow not scan the same file several times because if is being accesses by differnet RDS servers.

So let's say USER1 open file at RDS1, what happens if USER2 opens the same file at RDS2? will it be scanned again?
0
 
LVL 122
ID: 40425953
Yes, we use vShield for VDI mainly, to prevent broadcast storms on the Datastore.

Anti-Virus is a compromise, between performance and security. (unless you use vShield!)

All transactions are scanned, but Trend, scans at the network layer, to stop the process getting into memory, some scan memory for the pattern file.

You need to evaluate them all, and see how performance affects your environment.
0
 

Author Comment

by:Alex
ID: 40433057
Just go a word from the reseller saying that the light agent won't work on Windows 2012 R2.

So with Trend is or the full fat client installed on each VM or then the vShield appliance, there is no in between right?
0
 
LVL 122

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE^2) earned 2000 total points
ID: 40433222
That's correct.

Install the full fat client, and take the performance hit!
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I will show you HOW TO: Perform a Physical to Virtual (P2V) Conversion the easy way from a computer backup (image).
This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
Teach the user how to use create log bundles for vCenter Server or ESXi hosts Open vSphere Web Client: Generate vCenter Server and ESXi host log bundle:  Open vCenter Server Appliance Web Management interface and generate log bundle: Open vCenter Se…
This video shows you how easy it is to boot from ISO images for virtual machines with the ISO images stored on a local datastore on the ESXi host.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question