Solved

Anti-virus Kaspersky light agent for VMware

Posted on 2014-11-05
9
474 Views
Last Modified: 2014-11-12
Hi guys,

I'm evaluating which option is better for my environment as I'm using VMware essentials (3 hosts with vcenter) I need a agentless or something similar for my virtual machines. I've been reading and the agentless solution from Kaspersky is not good beucase it needs vshield, which is only available on the most expensive vmware enterprise licenses. As I'm using vmware essentials I can't have vshield.

The options left are the light agent and the normal kaspersky installed on each VM like done in a normal barebone hardware running Windows .

This light agent solution seems interesting as I'm going to have a central VM doing all the heavy work and storing the AV databases. But I would like to know from your guys opinion what other vendors might be doing regarding this approach, is there any other company competing in this area with Kaspersky? Anything as good, or even better?

Thanks!
0
Comment
Question by:Alex
  • 5
  • 4
9 Comments
 
LVL 117
ID: 40424591
Any vendor based anti-virus, real-time scanning engine, causes an overhead in the VM.

We look at what surrounds the VM, so we have anti-virus on the Internet Gateway, Mail Gateway, Exchange Servers, and File Servers, so we do our best have Anti-Virus products, and leave VMs without anti-virus installed.

Most these days are Browser based payloads and attacks, and WE don't use BROWSERS on Servers.

Is this for Desktop or Servers ?

Have you looked at Trend Suite ?
0
 

Author Comment

by:Alex
ID: 40425720
You mean you have anti-virus at the gateway in which way exactly, a normal client software installed on a machine that servers as gateway? Can you clarify please?

Well you say you leave your servers with AV and your VMs without. My servers are all VMs, so I'm not sure what do you mean by that.

We have Microsoft RDS servers, lots of them. Shared based session servers basically and all of them browse the web heavily for the thinclients.

I'm looking at trend, but it seems it needs vshield for the VMware solution, no in between fat client and agent less. Do you guys use it?
0
 
LVL 117
ID: 40425807
Proxy Server, or what ever mechanism you use for clients to access the internet.

Okay, so all your servers are VMs, so what is the risk?

Unless you use your Servers as Workstations?

Do you have firewalls enabled, do you have your servers regularly patched.

If you use Real Time scanning engines on RDS, performance will be affected.

We use Trend, some of our clients use Trend, some do not use Anti-virus, and some do use anti-virus, and understand the VM/RDS will take a performance hit, and therefore have more servers to take the loading.
0
 

Author Comment

by:Alex
ID: 40425897
I'm still checking what we will use as a proxy, perhaps Bloxx as we have already used before, or Barracuda as I'm going to test it later.

T wan to have a file level scanning running on file servers so if someone dumps something with a virus there, it is scanned and blocked so no one else can access in in case it is something dodgy as a fileshare. The RDS server will need to have real time scanning, memory, files open, browser activity too perhaps. I know performance will be affected but I'm looking for a solution that can minimise  the performance hit. So far Kaspersky seems interesting with the central repository/database/scanning as then it use light agents on each server to collect the information. I'm not sure in real life how it works, first time I'm doing this and it seems it is fairly new technology.

I use pfSense as a firewall.

So with Trend, do you use the normal fat client software on the servers you need protection? What do you do with protection for RDS servers?

Thanks!
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 117
ID: 40425915
We are not convinced by "light agents" all Agents, on a server scanning in real time will cause a performance hit.

Be careful, you don't end of with a broad cast a storm, hitting all your servers at the same time, causing performance issues on the datastores.

Trend for everything, Trend was one of the first Anti-virus packages to have RDS scanning. If not the first Anti-Virus product to be verified by Citrix.
0
 

Author Comment

by:Alex
ID: 40425928
Yeah, I'm not convinced too, it is fairly new. It goes down the line with vShield for VMware. Have you ever used it?

The light agent will cause performance hit, but we hope it causes a smaller hit with this centralised approach.

Wouldn't this storm be more likely to happen with standalone fat clients running on the servers for example?

How this RDS scanning works in your opinion? Does it work well for a RDS farm? We will have several servers, so I would like to understand if it can somehow not scan the same file several times because if is being accesses by differnet RDS servers.

So let's say USER1 open file at RDS1, what happens if USER2 opens the same file at RDS2? will it be scanned again?
0
 
LVL 117
ID: 40425953
Yes, we use vShield for VDI mainly, to prevent broadcast storms on the Datastore.

Anti-Virus is a compromise, between performance and security. (unless you use vShield!)

All transactions are scanned, but Trend, scans at the network layer, to stop the process getting into memory, some scan memory for the pattern file.

You need to evaluate them all, and see how performance affects your environment.
0
 

Author Comment

by:Alex
ID: 40433057
Just go a word from the reseller saying that the light agent won't work on Windows 2012 R2.

So with Trend is or the full fat client installed on each VM or then the vShield appliance, there is no in between right?
0
 
LVL 117

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE) earned 500 total points
ID: 40433222
That's correct.

Install the full fat client, and take the performance hit!
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

It Is not possible to enable LLDP in vSwitch(at least is not supported by VMware), so in this article we will enable this, and also go trough how to enabled CDP and how to get this information in vSwitches and also in vDS.
Veeam Backup & Replication has added a new integration – Veeam Backup for Microsoft Office 365.  In this blog, we will discuss how you can benefit from Office 365 email backup with the Veeam’s new product and try to shed some light on the needs and …
Teach the user how to convert virtaul disk file formats and how to rename virtual machine files on datastores. Open vSphere Web Client: Review VM disk settings: Migrate VM to new datastore with a thick provisioned (lazy zeroed) disk format: Rename a…
Teach the user how to install log collectors and how to configure ESXi 5.5 for remote logging Open console session and mount vCenter Server installer: Install vSphere Core Dump Collector: Install vSphere Syslog Collector: Open vSphere Client: Config…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now