A few months ago we started getting storage latency alarms coming from vCenter. This would happen every day around 6am, and as we scaled our production environment this became worse and worse. I think the record latency was 19,000ms (no joke…. 19 seconds of storage latency). Now one would immediately think, “Well that’s what you get for using scheduled scanning”…. Hold your horses partner, this has nothing to do with scanning.
We soon learned that SEPM was pushing virus definition updates to our linked clones all at the same time. Obviously, the disk could not keep up with the demand. Many could argue that we should be looking at vShield with TrendMicro. However, when you’re part of an organization with 70,000+ endpoints (non-VDI), changing your antivirus vendor is not a decision you should take lightly. We took the position of, “Hey, Symantec is an industry leader in endpoint protection, they ‘have’ to have a solution!”.
They are “getting there”… Last March, they officially announced that Symantec Endpoint Protection adds vShield Integration & Increases Security Effectiveness. However, this does nothing for your environment in regards to virus definition updates. As a matter of fact, as far as I can tell, the only thing this version does is offload your active scanning from the VM. What about organizations that do not use active scanning, rather use real-time scanning?
If you’re rolling out VDI and you’re seeing extra storage demand due to definition updates, here’s a solution that I believe works well.