Sven Huisman, technical consultant at PQR, Dennis Geerlings, Consultant at Login VSI, Jeroen van de Kamp, Enterprise Architect and CTO at Login Consultants and Ruben Spruijt, Technology Officer at PQR just announced a new paper titled: Project VRC: Phase V Antivirus impact and best practices on VDI. The paper which contains 80 pages gives some valuable insight on the impact of using Antivirus solutions in a Virtual Desktop Infrastructure (VDI) environment.
The tests were conducted using the following products: Microsoft System Center Endpoint Protection (ForeFront), McAfee Enterprise, Move Multiplatform, Move Agentless and Symantec Endpoint protection.
The paper answers the following questions:
- What is the performance/capacity impact of the most well-known AV solutions when used in a VDI environment?
- How do AV solutions designed for virtual environments with so called “off-loading” architectures compare with conventional solutions from a performance perspective?
- How does the disk IO impact compare with the different AV solutions, conventional and off-loading architectures?
- What is the performance impact in stateless desktop environments in comparison to stateful desktops?
- What possibilities are there for performance tuning and how does this affect the overall impact on performance impact?
Testing AV solutions proved to be more complex and more unpredictable than originally expected. It became very clear that most AV solutions were designed for typical Desktop and Laptop environments, not for (stateless) hosted virtual desktop environments. There is an important lesson to be learned here: the impact of antivirus is considerable, and it’s vitally important to review and test this before rolling out an AV solution in a VDI environment. This is confirmed in the large majority of real-world VDI deployments, time and again.
When comparing various AV solutions, the conventional Microsoft System Center EndPoint Protection (SCEP) previously known as Forefront, seems to have the least performance impact, but only after performing a full pre-scan of the master image before deployment of the desktop VM’s. This is a huge difference to ForeFront tests done without pre-scan of the master image (in those tests, without pre-scan, the performance impact was dramatically high).