Video Screencast Help
Give us your opinion and win with Symantec! Please help us by taking this survey to tell us about your experience with Symantec Connect, so that we can continue to grow and improve.  Take the survey.

Handling VDI

Created: 09 Jul 2013 | 5 comments

We will have machines running in a VDI (Virtual Desktop Infrastructure).  We want to run SEP on them.  The problem is that these machines are powered off at the end of each day, and boot the next day as new machines.  (They are virtual machines, where we don't save the state.)  Won't they look like new machines to SEP each day.  Will that add machines to our SEPM and not give us an accurate license count?  For instance, if we have 100 VDI machines, and we have our database to delete clients that haven't connected for 30 days.  If there are 20 business days in a month, and we reboot these 100 machines each day, they may show up as 2000 machines in our SEPM.

How are other clients handling this?  We would like to have an accurate count of our machines for licensing purposes.

Operating Systems:

Comments 5 CommentsJump to latest comment

Brɨan's picture

There is separate setting for VDI clients. See here on how to configure:

http://www.symantec.com/docs/HOWTO81115

Also, have you seen this KBA on how to setup?

Using Symantec Endpoint Protection in non-persistent virtual desktop infrastructures

http://www.symantec.com/docs/HOWTO81133

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Rafeeq's picture
check this as well Best practices for virtualization with Symantec Endpoint Protection 12.1, 12.1 RU1, and 12.1 RU1 MP1
Mithun Sanghavi's picture

Hello,

It is based on the concurrent active number of VDI images.  At any given time the current number of active systems is how many they need to be licensed for.  If during peak times they exceed the number of licenses they purchased then they have breached the license agreement.

NOTE: Online non-persistent clients count toward the number of deployed licenses; offline non-persistent clients do not.

Check these Articles:

Symantec Endpoint Protection 12.1 - Non-persistent Virtualization Best Practices

http://www.symantec.com/docs/TECH180229

Setting up the base image for non-persistent guest virtual machines in virtual desktop infrastructures

http://www.symantec.com/docs/HOWTO81120

Configuring a separate purge interval for offline non-persistent VDI clients

http://www.symantec.com/docs/HOWTO81115

Also, check this Thread with similar issue:

https://www-secure.symantec.com/connect/forums/licensing-sep-non-persistent-vdi-guests

https://www-secure.symantec.com/connect/forums/sep-and-vshield-integration

https://www-secure.symantec.com/connect/forums/sep-virtual-desktop

https://www-secure.symantec.com/connect/forums/sep-definition-updates-vdis

Hope that helps!!

Mithun Sanghavi
Associate Security Architect

MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

ed16's picture

On this page:

http://www.symantec.com/business/support/index?page=content&id=HOWTO81115

it states:

"On the Edit Domain Properties > General tab, check the Delete non-persistent VDI clients that have not connected for specified time checkbox and change the days value to the desired number."

I don't have that option.  The option that I have is:

"Delete clients that have not connect for a specified time. ___ days."

If I change that, it will impact all clients, not just the VDI clients.

Brɨan's picture

Are you on 12.1 RU2 or higher. This is when that option was added.

Yes, it would affect all clients than.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.