McAfee MOVE AntiVirus for VDI

I was talking to Roly from MPA last week and he mentioned McAfee’s MOVE AntiVirus which is designed for VDI environments. The key point which grabbed my interest is that the scanning is done by an appliance on each virtualisation host, not within each desktop VM (although a light-weight agent is installed within each VM). McAfee call this “hypervisor-native detection”.
I consider antivirus to be a necessary evil along the lines of paying taxes; you’re tempted not too, you know you could be so much better off….. but if you are found out the consequences could be massive and include a public execution. Well, maybe I’m exaggerating, but you get the point. I have seen antivirus cause numerous issues in XenApp farms and one of my standard practices is to ensure the antivirus configuration meets Microsoft and Citrix best practices (Symantec also provide a good best practise whitepaper). In a large XenApp 6 project last year we did not install antivirus on the XenApp servers as it we determined sufficient risk mitigation was provided by:

  • file server, e-mail and client device antivirus scanning
  • web filtering
  • read-only images delivered via Citrix Provisioning Server
  • AppSense’s Application Manager restricting what users can execute and from where.
But for the most part, antivirus is NOT optional! McAfee’s MOVE product is designed for VDI environments with VMware View/VMware vSphere and Citrix XenDesktop/Citrix XenServer supported and promises to greatly improve VDI scalability. The big question is whether offloading the virus detection from the VM to a virtual appliance will really improve performance. My gut feeling is that performance and scalability will increase. But by how much? I see the product has been out for 9 months or so now so I am keen to hear from anyone who has tested or deployed MOVE.

3 Comments

  1. David says:
    May 17, 2011 at 10:54 am

    Hi Jason

    Do you know if there are any limitations with the product? I.E. is it vmotion aware for the guests it scans, are there limitations to the number of VM’s it can scan per host (assuming it is an appliance deployed per host).

    I know there are similar limitations with other products that offload AV.

    Cheers
    David

  2. Jason Poyner says:
    May 18, 2011 at 12:30 am

    Hi David, I just received the below information from Mark Micklefield who is MPA’s McAfee expert:

    Q. Do you know if there are any limitations with the product?
    A. McAfee MOVE fully supports VMotion and will track VDI clients as they migrate and continue to provide their AV scanning services. A single McAfee MOVE virtual AV appliance will provide scanning services for up to a maximum of 200 VDI clients as long as it is provisioned with the right level of resources. The solution is very scalable so additional virtual MOVE appliances are added to the VDI client farm as the client numbers increase in the ratio of 1 appliance to every 200 clients.

    Best Regards
    Mark Micklefield

  3. Anonymous says:
    November 2, 2011 at 12:26 pm

    How does their tool compare to Trends technology ?

Leave a Reply

Contact Deptive

Location
Deptive - Commercial Bay
11-19 Customs Street West St
Commercial Bay Tower, Level 17, Room 1715
Auckland 1010

Contact Details

0800 000 141

Postal Address
PO Box 34797,
Birkenhead, Auckland 0746