Anti-virus is a definite concern in Virtual Desktop Infrastructure (VDI) deployment and no one that I have found out here in the blogosphere or on the vendor sites recommends it (except for the AV vendors). The problem is the way AV functions in the virtual environment. The people that don’t believe it causes hang-ups don’t seem to understand what is going on in this environment.
In this environment, the desktop is, for all intensive purposes, generated from a single, pre-built image each time someone boots up. The problem with desktop AV is that whenever it comes online, it goes out to see if it is up to date. When a virtual desktop spawns from the image that includes AV, it is always whatever version you built into the image (let’s call it v3.0). So each time one or one-hundred virtual desktops are spawned, that v3.0 AV tries to “phone home” to see if it is up-to-date. Of course, it is not up-to-date because you built your image five months ago, so then it (and any other image that just spawned) starts pulling down all of the updates to get it up to the current rev of v3.8. By the way, in our non-persistent environment, as soon as I log that desktop off it is "destroyed" and all of those updates disappear so that when I bring up my next instance, I go right back to v3.0.
Now in a physical environment automatic updates are no big deal other than the fact that they may impact the Internet connection when they all try to suck those updates through the straw. In a virtual environment, all of those images reside on the storage system and so every one of those disks is spinning trying to make these virtual desktops appear to operate like a physical desktop and that’s when you get into trouble.
To date and from what I have seen, there is no AV solution for the virtual desktop that is analogous to what we have used in the physical desktop world. That is one reason why people deploy virtual desktops in a non-persistent manner: If I get a virus, no big deal. I’m going to destroy that entire desktop image and everything with it when I log out of it. What if it infects the files? There are AV solutions for the storage that can go and scrub everything on the storage system where we keep the user files and everything else.
So, all of that being said, the AV folks are furiously working on a solution that works here. Just keep this important element in mind as you move down the VDI path.
Posts
No comments:
Post a Comment