Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 2 subscribers
  • Views 23744 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Endpoint solution for VDi

Dekkar

Hi, we are moving to a VDI solution and we currently run Sophos on our systems.

Our new VDi setup will run from a golden image, and provision VMs on a daily basis, so Im not too sure of the best approach to having AV on them.

As users log off the VMs they are destroyed, and a new one is spun up. 

Does sophos have some instructions on how to set up their endpoint software in this kind of envoronment?

Thanks,

Nathan

:58128


This thread was automatically locked due to age.
  • 0

    Hi Christian, I've gone through the documentation, which makes me believe that everything I want to do is possible. However I'm still not clear on one thing:

    Say our VDI servers create 50 VMs from the master image, and I have sophos pre-installed. Im presuming that these 50 VMs will connect to the Enterprise server and recieve policies and updates.

    At the end of the day, as people log off these VMs they are deleted, the server creates 50 more VMs, with the same names, in the same AD folder.

    Will the Enterprise Server even recognise that these machines are new or different? Will the Enterprise Server Console just fill up with hundreds of deleted VMs?

    We looked at other AV solutions, but they said this wasnt possible, as each VM will have its on unique identifier, and the console will get confused as to which machine is which, as they are all from the same master image. And then when they all get re-created, there will be more problems.

    Thanks,
    Nathan

    :58159
  • +1

    Hello Nathan,

    I'll spare you the intricacies at the expense of completeness and accuracy, but the exact details are more confusing than helpful.

    A computer object has a number of attributes (which the endpoint sends) which are used to identify it. SEC exposes (visible in the Computer Details tab) Computer name, Computer description, Operating system, and Domain/workgroup (taken from the computer's properties, all but the OS can be overridden at install time or with a registry value). In addition an IdentityTag is created when the installation is initialized.

    If a computer connects and presents a known IdentityTag SEC assumes it's the one it has already seen and updates the other values in the database if necessary. If you do not correctly prepare an image the result is that Computers in Enterprise Console appear to update the same record

    If a computer connects and presents a known properties quadruple SEC assumes RMS has been reinitialized and updates the IdentityTag in the existing computer object.

    Thus if you use an image where Sophos is already fully installed and has been initialized all VMs will appear as a single computer which constantly changes its name.

    If you use a correct image but the machines are assigned arbitrary names the database will fill up with mostly disconnected, inactive computers.

    If the machines are started with a fixed set of names (e.g. VM01-VM50) the existing records will be "reused". Note that older alerts (they are accumulated by machine name) might be meaningless. It's also assumed that you don't change the policies in SEC without changing the image (if Sophos is already installed). Otherwise please see Force clients to request policy updates.  

    Christian

    :58161
  • 0

    Hi Christian, thanks for this information. After a quick read I can see that this will be a great help!!

    Thanks again, 

    Nathan

    :58199
  • 0

    Yeah i have the same question related to the Healthcare services when they are ritualized what are the endpoint solution to utilize the maximum software and processes as a end user except of reporting and updating the medical records.