Hello,
In your case, you use the content randomizer in the client communication settings to randomize definition and signature delivery. Based on client density we have found the following to be a pretty decent guideline based on a 1 hour client pull based heartbeat:
a. 25-30 VDI instances per host – 2 hour randomization
b. 30-50 VDI instances per host – 3 hour randomization
c. 50-75 VDI Instances per host – 4 hour randomization
d. 75-100 VDI Instances per host – 6 hour randomization
e. 100-150 VDI instances per host – 8-12 Hour Randomization based on disk type start with 12 and work backwards until the customer is comfortable with the IOPS level.
It should be noted that this is NOT randomization using the settings within the Live Update Policy. Using randomization within the LU policy has shown to be much more CPU and disk intensive. Best performance has been having clients pull content from the SEPM. And common sense says no VDI should be a GUP (Group Update Provider).
Check the White Paper for best-practise configuration.
Secondly, Shared Insight Cache is a stand alone server that enables clients to share scan results. This allows clients to skip scanning files that have already been scanned by another client.
Check these Articles:
Tips for reducing the impact of SEP in VDI infrastructures
https://www-secure.symantec.com/connect/blogs/tips-reducing-impact-sep-vdi-infrastructures
Best practices for virtualization with Symantec Endpoint Protection 12.1, 12.1 RU1, and 12.1 RU1 MP1
http://www.symantec.com/docs/TECH173650
Symantec Endpoint Protection 12.1 & Virtualization
http://www.symantec.com/docs/TECH194383
Hope that helps!!