In one of my recent VDI projects I was working with Symantec Endpoint Protection as the choice of AV solution. When I started working on the project I was not able to find much information on the exact steps required for me to design and implement a Horizon View solution with Symantec Endpoint protection. I worked my way across the design and implementation by reading various whitepapers both by VMware and Symantec.
This prompted me to work on a series of blog articles which covers the Symantec SEP integration with Horizon View , I would attempt and complete it in a 3 Part series. I want to give due attention to each step and provide enough information for anyone who would need a reference on this topic which is why I will be separating it in 3 parts.
In the first part I would discuss the various components and the architecture for this solution.
How SEP Works?
SEP client needs to be installed on each client virtual machines in case of Horizon View VMs this will be installed as part of the desktop base image. The individual clients will protect the virtual computers. The SEP clients would report to the available Symantec End Point Protection Manager and get content updates from the internal LiveUpdate Administrator.
In order to optimize the performance following are the available features in SEP.
- Virtual image exception: White list files from standard virtual machine image to optimize scanning.
- Shared Insight cache (Security Virtual Appliance) : Shares scans results centrally across virtual clients to reduce bandwidth and latency
- Resource leveling: Randomizes scan and update schedules to prevent resource utilization spikes.
- Offline image scanning: Finds threats even in offline virtual machine images.
Components of this solution
- VMware Horizon View 5.2
- VMware vCloud® Networking and Security 5.1 (vShield Manager , vShield Endpoint)
- VMware vSphere 5.x
- Symantec SEP 12.1.2 (Symantec Endpoint Protection Manager,Live Update Administrator , Security Virtual Appliance , Virtual Image Exception Tool, ClientSideClonePrepTool)
The basic architecture of the Symantec Endpoint protection is same as the reference architecture for AV solutions integrated with vShield for VMware View , there are two other AV providers who have a similar offering Mcaffe MOVE and Trend Micro End Point Security
The communication flow for SEP is described above , major role to reduce load for the scans are played by the Symantec Virtual Appliance which integrates with the vShield framework and provide a shared insights cache. The VIE or the Virtual Image Exception tool does white listing of files and makes sure that only the files which are changed get scanned hence reducing AV storms.
In the next two parts I will cover
- Implementation details for all the components
- Configuration details