If you are planning to implement SEP11 on a non-persistent VDI, you will face some challenges with duplicated SEP entries in SEP Manager, and outdated definitions and repeated download of definitions after restarting VDI. You will find many Symantec's KBs mentioning best practice, workarounds and tips on how to handle SEP on virtualized enviroment and "VDI". But these KBs don't really provide a root solution.
With a help from VDI expert, we ended up with a solution that will save us a lot of efforts to mange the VDI environment. All what was need is the addition of another persisten drive, small on size (around 1GB) to handle all non-persistent issues. The steps are as follows:
- Make sure there is additional presistent drive in the image, eg. D.
- Create the following symbolic links with “MKLINK /J” from command prompt:
o “C:\Program Files\Common Files\Symantec Shared” -> “D:\Program Files\Common Files\Symantec Shared”
o “C:\Program Files (x86)\Common Files\Symantec Shared” -> “D:\Program Files (x86)\Common Files\Symantec Shared”
o “C:\Program Files (x86)\Symantec” -> “D:\Program Files (x86)\Symantec”
- Install Symantec Endpoint Protection client.
- Move "C:\ProgramData\Symantec" directory and its contents to "D:\ProgamData\Symantec", and create a symbolic link between both directories.
- Delete "HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink\HardwareID" value.
- Delete "C:\Program Files (x86)\Common Files\Symantec Shared\HWID\sephwid.xml". The first time that a new virtual desktop startup, SEP will create a unique new sephwid.xml. This file will be persistent, because is located in write cache disk (D). Every time the same virtual desktop startup, SEP read sephwid.xml file from write cache disk (D) and set the value for HardwareID registry key. This value is always the same for this virtual machine.
- Created local scripts to export (at shutdown) and import (at startup) definitions registry keys, to preserve them and ensure that SEP point to the last downloaded definitions (for NTP and PTP definitions only):
o HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\SyKnAppS
o HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\Content\IPS
Now, you can follow Symantec's KBs for SEP performance on VDI, summarized in:
- No scheduled scan
- No startup scan
- No active scan
- Don't allow users to run on-demand scan
- Increase heartbeat and download randomization
What I couldn't find answer for, wherether NTP components affect the streaming perfomance of VDI...!!!