The packaging machine should use a snapshot that is known to be virus free but also has no antivirus software installed. The presence of antivirus software can interfere with the proper creation of a package or AppStack. You can make sure it is virus free by installing the required operating system and base software programs without it being on the network and taking the snapshot. Alternatively, you can install antivirus software to it, scan it, uninstall the antivirus software, and take the snapshot.
If possible, disconnect the provisioning machine from the network when creating a package or AppStack. VMware Dynamic Environment Manager delivers personalization and centrally managed policy configurations across virtual, physical, and cloud-based Windows desktop environments. Dynamic Environment Manager allows IT to control which settings users are allowed to personalize, and also maps environmental settings such as networks and location-specific printers.
Additionally, in nonpersistent desktop pools that have a clean golden image, you can exclude these Dynamic Environment Manager executables from real-time scans because they are known to be virus free:. VMware ThinApp is a virtualization technology that isolates and encapsulates pre-installed applications. Virtualized applications are isolated from all other applications as well as from the underlying operating system.
These packages can run on virtual or physical desktops, stream from a file share, or be placed on App Volumes 4 packages or App Volumes 2. This section lists third-party antivirus software vendors and a Microsoft guide. Antivirus Software Vendors. Note : VMware does not endorse or recommend any particular third-party antivirus software vendor, nor is this list meant to be exhaustive. This message will close in seconds. You are about to be redirected to the central VMware login page.
Areas of Consideration When looking at adjustments to all-inclusive antivirus scanning to increase performance, there are several areas to consider. Virtual Machines There are several general considerations to take into account with virtual machines. Set real-time scanning to scan local drives only. Important : If you are using antivirus solutions to monitor all other remote locations that host file shares, user profiles, redirected folders, and remote peripherals, there is no need for end-user desktops to also be scanning these locations.
Always run a virus scan on golden images before putting them into production. Use nonpersistent desktops. This mitigates risk by ensuring each user session is refreshed to a known clean state on logout. Turn off scan on read for nonpersistent desktop pools. Important : This assumes that the golden image has already been scanned and is known to be virus free.
It also does not mean to turn off real-time scanning. Scan on write should still be enabled. Important : Seek guidance from your security team or antivirus vendor if you are unsure what is unnecessary.
Turn off heuristic scanning on nonpersistent virtual machines VMs. Make frequent software updates to your golden images as needed. This ensures that if an end user needs their desktop refreshed or recomposed in order to clean a virus, they will lose as little software as possible.
Turn off auto-updates of antivirus software for nonpersistent desktop pools. Important : This actually applies to any installed software, not just antivirus software, as updates made during use of a nonpersistent desktop will be lost on logout and refresh anyway. Ensure that you keep golden images regularly updated with new antivirus software versions and signature files.
Because this type of disk is persistent, a refresh or recompose operation will not remove any viruses. Exclude low-risk files and folders from real-time scans on single-user View virtual machines or RDSH machines. Services Review the Microsoft support article, Virus scanning recommendations for Enterprise computers that are running currently supported versions of Windows , for general guidance on service exclusions. Also, the traditionnal AV software requires that each desktop has a unique SID, you can see that there is a workaround on how to re-mediate that in the paper.
If the antivirus software you choose for your environment is not integrated with vShield, and the software needs a local SID to generate its own GUID for each endpoint, or if for any other reason you need a unique local SID for your linked clone desktops, you can use a workaround to avoid running Sysprep.
For protection of virtual machines in a View virtual desktop environment, VMware recommends the vShield Endpoint solution offered by VMware partners. VMware partners who have integrated their antivirus solutions with vShield Endpoint are:. Nearly every enterprise deploys antivirus software on every desktop. As services such as security, mobility, access control, and line-of-business applications are all rolled up into the datacenter or cloud, antivirus practices need to be rolled up as well.
Connect on: Facebook. Feel free to network via Twitter vladan. You can download it here. VMware Workstation and other IT tutorials. Free IT tools.
0コメント