Video Screencast Help
Give us your opinion and win with Symantec! Please help us by taking this survey to tell us about your experience with Symantec Connect, so that we can continue to grow and improve.  Take the survey.

SEP 12.1.2 Best Practices on Citrix Virtual Desktops ( Provisioning Services) -Part 1-

Created: 25 Jun 2013 • Updated: 11 Jun 2014 | 12 comments
Language Translations
Rodrigo Calvo's picture
+20 20 Votes
Login to vote

A few days ago I did a little research about possible configurations when we are using SEP 12.1.2 under Citrix Provisioning Services.

I share with you the first part of this research that used as a sources: Citrix and Symantec web sites.

Scenario 1

Symptoms>

  • The Target Device seems sluggish or generally slower than normal after installing or upgrading your antivirus client.
  • You notice prolonged high CPU use.
  • You notice a significant change in the write cache Disk I/O Performance. For example, if the percentage of disk write time or disk write queue length increase significantly.

Best Practices:

  • Set up the Manager content revisions to at least 45
  • Create a new SEPM Domain for just the Citrix Virtual Desktops ( Provisioning Services)
  • Create a new Group in this new SEPM Domain (For example could be: My Company>Default>Citrix Environment
  • Move from the old Domain all the Citrix Virtual Desktops to the new
  • --> At this point you could have two situations:
  • ----> Fresh Installation:
  • ---------> Then Create the Domain and add the SEP clients directly
  • ----> Existing Installation:
  • ---------> Then Use SylinkDrop
  • ---------------> it is recommended that you use the SylinkDrop included on the second installation download (Tools and Documents, \Tools\SylinkDrop)
  • ---------------> Or Export Communication Settings from the group recently created ( Citrix Environment)
  • In the Group for Citrix Environment set the communicatiosn to
    •  
      • Use Pull Mode
      • Use a Heartbeat of 120 minutes
      • Enable Download Randomization
  • Exclude the following files/process/drivers from all types of Scanning
  •  
    •  Write Cache
    • Process: BNDevice.exe
    • Following Drivers: BNNS.sys, BNNF.sys, BNPort.sys, bnistack.sys, and BNITDI.sys  ó bnistack6.sys,CvhdBusP6.sys, CFsDep2 .sys
      • Can be found at:   <systemroot>\windows\system32\drivers
    • At Provisioning Service:
      • StreamService.exe, StreamProcess.exe and the soapserver.exe
  • Apply  Virtual Exception Tool
  • Use Active Scan instead of  Full --> Update June 2014:  Some colleagues told me that a Schedule Scan ( Active, Full, etc) could not be necessary with an implemented Virtual Desktops environment, the reason?  Virtual Desktops Image will return to a basic state when the user shut down the terminal. That means a schedule or ondemand probably will review the same files every time.
    But ... Remember, if you do a new Base/Master Image,,, it's highly recommended that before deployment you execute a Full Scan to the image.
  • Enable Random  Scan  in the Antivirus Policy of this Group
  • Enable Shared Insight Cache

I hope this helps

Information Source :

 Virtualization Best Practices

http://www.symantec.com/business/support/index?page=content&id=HOWTO81060

http://www.symantec.com/business/support/index?page=content&id=TECH173650

https://www-secure.symantec.com/connect/sites/default/files/Virtualization_Best_Practices.pdf

Comments 12 CommentsJump to latest comment

Mithun Sanghavi's picture

Hello,

This is such a wonderful and much needed series of Best Practice..!! 

Thank you.

Mithun Sanghavi
Associate Security Architect

MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

+1
Login to vote
Ambesh_444's picture

Nice one it will going to help us....Grt one.

Thumbsup !!

Thank& Regards,

Ambesh

"Your satisfaction is very important to us. If you find above information helpful or it has resolved your issue. Please don't forget to mark the thread as solved."

+2
Login to vote
RicheeDiaz's picture

Thank you.Wonderful and to the point.

Thanks

Richard

+1
Login to vote
Rao's picture

1 up for being precise and informative.

Thanks and Regards,

S.Rao

+1
Login to vote
Chetan Savade's picture

Nice job.

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

0
Login to vote
John Santana's picture

Thanks for the posting here man !

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

0
Login to vote