Four months ago we developed the concept of virtualstorm (www.virtualstorm.org). Virtualstorm is all about extreme virtualization to lower costs, decrease management and reduce end-user problems as much as we can. In our discussions with our customers we hear that security is one of the most important issues. So we had to implement the best antivirus solution that we could find.
Why Is the Choice of the Antivirus Program So Important for Virtualstorm?
Virtualstorm is an extreme VDI solution. All the images that users will access will be located on a storage area network. They are all very close to each other. All these images have a program named DVS4VDI that enables these images to use Symantec Workspace Virtualization on a centralized repository. Up to 10,000 users will share this one and only hard disk where all of the applications reside. For this technology we do not use a network interface card. DVS4VDI contains a Disk I/O protocol that enables the repository for the user.
After the user logs on, the applications are activated by reading the Active Directory permissions for each user. The users profiles are not inside the image but are redirected with a profile management technology so that all the users will use the profile on the network. When one of the user images becomes infected with a virus, that virus can spread very quickly, thus compromising the entire network.
To get the best solutions we analyzed several antivirus programs. In a closed environment, we contaminated one of the images to see how quickly it would spread around. This was very important for us. We cannot afford for our users to be unable to work due to a virus contamination.
Also Important Is Patch Management
The strength of VirtualStorm is the power of one--one image for everybody. Each user gets a complete copy of the master image every time they logon. When the user logs off the image is simply deleted. You can imagine that if the master image becomes contaminated, all our users will also be infected.
To prevent such critical damage, our master image gets a special treatment. It is updated and then tested before we set it to live for the users. All the copies should be able to update themselves because users use one and the same image for about a week. Only at logoff they will get a new image. When they disconnect they will reuse their image.
In our quest we implemented four antivirus solutions:
- Symantec Endpoint Protection
- Trend micro
- Gdata
- McAfee
All four are pretty good, and we had to search to see what is the best one. So we had some questions:
- How fast does it find a virus?
- Does it have registry control?
- Does it have DLL control?
- What does it do when an image is contaminated?
The Result
Most of the antivirus suites are good, but we decided to use Symantec as the product in our Virtualstorm concept. Symantec endpoint protection gave us an answer to the most important question: When an image is infected, will the image try to infect other computers? This is unwanted behavior and Symantec Endpoint Protection gave us some good tools to stop this. The contaminated image is separated form the other images by placing it in a different subnet. In this way, the machine will not be able to contaminate other machines.
The second very important feature was that we searched for a solution that could recognize the disk I/O protocol we used so that we were able to control the centralized repository. You can imagine that if one computer can infect the repository that all the computers are infected instantly. Symantec Endpoint Protection is the only antivirus solution that was able to see this behavior and it monitored the connection.
Then we also saw some very good benefits that we were not looking for but it will help us in achieving our goal. Symantec Endpoint Protection is able to control USB devices. And we could determine those users are able to read and write or not on the USB disk or USB drive.
Before the use of Symantec Endpoint Protection we were only able to give USB support or deny it. We had no control on what USB devices were connected. Now we can determine that USB printers and USB phones can be attached and that USB sticks cannot be attached. Now users can charge their USB-connected telephone, synchronize the agenda and email, but cannot download files and place them on a MMC card.
This and some other small benefits are making Symantec Endpoint protection a winner in the portfolio for Virtualstorm. We recommend it for all the customers and it is very easy for us to explain to them why they have to choose for this solution.
Virtualstorm and Symantec Endpoint Protection: A strong defense in costs, management and antivirus defense.