Solved

Anti-virus Kaspersky light agent for VMware

Posted on 2014-11-05
9
485 Views
Last Modified: 2014-11-12
Hi guys,

I'm evaluating which option is better for my environment as I'm using VMware essentials (3 hosts with vcenter) I need a agentless or something similar for my virtual machines. I've been reading and the agentless solution from Kaspersky is not good beucase it needs vshield, which is only available on the most expensive vmware enterprise licenses. As I'm using vmware essentials I can't have vshield.

The options left are the light agent and the normal kaspersky installed on each VM like done in a normal barebone hardware running Windows .

This light agent solution seems interesting as I'm going to have a central VM doing all the heavy work and storing the AV databases. But I would like to know from your guys opinion what other vendors might be doing regarding this approach, is there any other company competing in this area with Kaspersky? Anything as good, or even better?

Thanks!
0
Comment
Question by:Alex
  • 5
  • 4
9 Comments
 
LVL 118
ID: 40424591
Any vendor based anti-virus, real-time scanning engine, causes an overhead in the VM.

We look at what surrounds the VM, so we have anti-virus on the Internet Gateway, Mail Gateway, Exchange Servers, and File Servers, so we do our best have Anti-Virus products, and leave VMs without anti-virus installed.

Most these days are Browser based payloads and attacks, and WE don't use BROWSERS on Servers.

Is this for Desktop or Servers ?

Have you looked at Trend Suite ?
0
 

Author Comment

by:Alex
ID: 40425720
You mean you have anti-virus at the gateway in which way exactly, a normal client software installed on a machine that servers as gateway? Can you clarify please?

Well you say you leave your servers with AV and your VMs without. My servers are all VMs, so I'm not sure what do you mean by that.

We have Microsoft RDS servers, lots of them. Shared based session servers basically and all of them browse the web heavily for the thinclients.

I'm looking at trend, but it seems it needs vshield for the VMware solution, no in between fat client and agent less. Do you guys use it?
0
 
LVL 118
ID: 40425807
Proxy Server, or what ever mechanism you use for clients to access the internet.

Okay, so all your servers are VMs, so what is the risk?

Unless you use your Servers as Workstations?

Do you have firewalls enabled, do you have your servers regularly patched.

If you use Real Time scanning engines on RDS, performance will be affected.

We use Trend, some of our clients use Trend, some do not use Anti-virus, and some do use anti-virus, and understand the VM/RDS will take a performance hit, and therefore have more servers to take the loading.
0
 

Author Comment

by:Alex
ID: 40425897
I'm still checking what we will use as a proxy, perhaps Bloxx as we have already used before, or Barracuda as I'm going to test it later.

T wan to have a file level scanning running on file servers so if someone dumps something with a virus there, it is scanned and blocked so no one else can access in in case it is something dodgy as a fileshare. The RDS server will need to have real time scanning, memory, files open, browser activity too perhaps. I know performance will be affected but I'm looking for a solution that can minimise  the performance hit. So far Kaspersky seems interesting with the central repository/database/scanning as then it use light agents on each server to collect the information. I'm not sure in real life how it works, first time I'm doing this and it seems it is fairly new technology.

I use pfSense as a firewall.

So with Trend, do you use the normal fat client software on the servers you need protection? What do you do with protection for RDS servers?

Thanks!
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 118
ID: 40425915
We are not convinced by "light agents" all Agents, on a server scanning in real time will cause a performance hit.

Be careful, you don't end of with a broad cast a storm, hitting all your servers at the same time, causing performance issues on the datastores.

Trend for everything, Trend was one of the first Anti-virus packages to have RDS scanning. If not the first Anti-Virus product to be verified by Citrix.
0
 

Author Comment

by:Alex
ID: 40425928
Yeah, I'm not convinced too, it is fairly new. It goes down the line with vShield for VMware. Have you ever used it?

The light agent will cause performance hit, but we hope it causes a smaller hit with this centralised approach.

Wouldn't this storm be more likely to happen with standalone fat clients running on the servers for example?

How this RDS scanning works in your opinion? Does it work well for a RDS farm? We will have several servers, so I would like to understand if it can somehow not scan the same file several times because if is being accesses by differnet RDS servers.

So let's say USER1 open file at RDS1, what happens if USER2 opens the same file at RDS2? will it be scanned again?
0
 
LVL 118
ID: 40425953
Yes, we use vShield for VDI mainly, to prevent broadcast storms on the Datastore.

Anti-Virus is a compromise, between performance and security. (unless you use vShield!)

All transactions are scanned, but Trend, scans at the network layer, to stop the process getting into memory, some scan memory for the pattern file.

You need to evaluate them all, and see how performance affects your environment.
0
 

Author Comment

by:Alex
ID: 40433057
Just go a word from the reseller saying that the light agent won't work on Windows 2012 R2.

So with Trend is or the full fat client installed on each VM or then the vShield appliance, there is no in between right?
0
 
LVL 118

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE) earned 500 total points
ID: 40433222
That's correct.

Install the full fat client, and take the performance hit!
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

HOW TO: Upload an ISO image to a VMware datastore for use with VMware vSphere Hypervisor 6.5 (ESXi 6.5) using the vSphere Host Client, and checking its MD5 checksum signature is correct.  It's a good idea to compare checksums, because many installat…
In this article, I will show you HOW TO: Suppress Configuration Issues and Warnings Alert displayed in Summary status for ESXi 6.5 after enabling SSH or ESXi Shell.
This Micro Tutorial walks you through using a remote console to access a server and install ESXi 5.1. This example is showing remote access and installation using a Dell server. The hypervisor is the very first component of your virtual infrastructu…
This video shows you how easy it is to boot from ISO images for virtual machines with the ISO images stored on a local datastore on the ESXi host.

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now