Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

SEP 12.1.2 Best Practices on Citrix Virtual Desktops ( Provisioning Services) -Part 1-

Created: 25 Jun 2013 • Updated: 11 Jun 2014 | 12 comments
Language Translations
Rodrigo Calvo's picture
+20 20 Votes
Login to vote

A few days ago I did a little research about possible configurations when we are using SEP 12.1.2 under Citrix Provisioning Services.

I share with you the first part of this research that used as a sources: Citrix and Symantec web sites.

Scenario 1

Symptoms>

  • The Target Device seems sluggish or generally slower than normal after installing or upgrading your antivirus client.
  • You notice prolonged high CPU use.
  • You notice a significant change in the write cache Disk I/O Performance. For example, if the percentage of disk write time or disk write queue length increase significantly.

Best Practices:

  • Set up the Manager content revisions to at least 45
  • Create a new SEPM Domain for just the Citrix Virtual Desktops ( Provisioning Services)
  • Create a new Group in this new SEPM Domain (For example could be: My Company>Default>Citrix Environment
  • Move from the old Domain all the Citrix Virtual Desktops to the new
  • --> At this point you could have two situations:
  • ----> Fresh Installation:
  • ---------> Then Create the Domain and add the SEP clients directly
  • ----> Existing Installation:
  • ---------> Then Use SylinkDrop
  • ---------------> it is recommended that you use the SylinkDrop included on the second installation download (Tools and Documents, \Tools\SylinkDrop)
  • ---------------> Or Export Communication Settings from the group recently created ( Citrix Environment)
  • In the Group for Citrix Environment set the communicatiosn to
    •  
      • Use Pull Mode
      • Use a Heartbeat of 120 minutes
      • Enable Download Randomization
  • Exclude the following files/process/drivers from all types of Scanning
  •  
    •  Write Cache
    • Process: BNDevice.exe
    • Following Drivers: BNNS.sys, BNNF.sys, BNPort.sys, bnistack.sys, and BNITDI.sys  ó bnistack6.sys,CvhdBusP6.sys, CFsDep2 .sys
      • Can be found at:   <systemroot>\windows\system32\drivers
    • At Provisioning Service:
      • StreamService.exe, StreamProcess.exe and the soapserver.exe
  • Apply  Virtual Exception Tool
  • Use Active Scan instead of  Full --> Update June 2014:  Some colleagues told me that a Schedule Scan ( Active, Full, etc) could not be necessary with an implemented Virtual Desktops environment, the reason?  Virtual Desktops Image will return to a basic state when the user shut down the terminal. That means a schedule or ondemand probably will review the same files every time.
    But ... Remember, if you do a new Base/Master Image,,, it's highly recommended that before deployment you execute a Full Scan to the image.
  • Enable Random  Scan  in the Antivirus Policy of this Group
  • Enable Shared Insight Cache

I hope this helps

Information Source :

 Virtualization Best Practices

http://www.symantec.com/business/support/index?page=content&id=HOWTO81060

http://www.symantec.com/business/support/index?page=content&id=TECH173650

https://www-secure.symantec.com/connect/sites/default/files/Virtualization_Best_Practices.pdf

Comments 12 CommentsJump to latest comment

Mithun Sanghavi's picture

Hello,

This is such a wonderful and much needed series of Best Practice..!! 

Thank you.

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

+1
Login to vote
Ambesh_444's picture

Nice one it will going to help us....Grt one.

Thumbsup !!

Thank& Regards,

Ambesh

"Your satisfaction is very important to us. If you find above information helpful or it has resolved your issue. Please don't forget to mark the thread as solved."

+2
Login to vote
RicheeDiaz's picture

Thank you.Wonderful and to the point.

Thanks

Richard

+1
Login to vote
Rao's picture

1 up for being precise and informative.

Thanks and Regards,

S.Rao

+1
Login to vote
Chetan Savade's picture

Nice job.

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

0
Login to vote
John Santana's picture

Thanks for the posting here man !

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

0
Login to vote