Trying to clear up some understanding on Antivirus in a VMware View VDI environment and Vshield integration.
From sifting through lots of documents and literature, here's my understanding.
Vshield integration with Symantec only benefits the VMware VDI's by giving a Shared insight Cache.
A shared insight cache in only used when performing a full file scan, not real time protection.
Vshield and Shared insight cache via the Symantec Virtual appliance with the VMware epsec driver in the VDI only offloads some of the processing of a scheduled file scans and does nothing as far as the real time scanning, nor provide any of the extra features such as Outlook/email protection, web protection that installing the actual Symantec agent in the VDI would provide. Meaning, going "agentless" with these VDI's and Symantec Virtual Appliance and Vshield would only benefit a scheduled scan and not provide Real time and added feature protection.
Symantec says full scans are fairly unnecessary nowadays if real time is running all the time, making the Active scan the scheduled scan of choice.
If installing the full Symantec Endpoint Agent, it can still be configured to use the Vshield and Shared insight cache, but again this only seems to benefit scheduled file scans.
So my current thought is, for the best protection of my resources and network for a user on a VDI is still to install the full Symantec Endpoint agent, and tweak the types/times of the scans, follow the Symantec best practices for virtual implementation and forego the Vshield/Symantec Virtual Appliance integration.
That's how I'm interpreting it. Any thoughts/confirmation would be appreciated. I have to decide what to do in the next couple of days to get the VDI's up and available to users.