Trend Deep Security Manager and Windows XP Guests

 

I’ve been putting together a Trend Micro DSM implementation. DSM connects to appliances on each ESX host, which communicate through vShield endpoints on the VM guests, to provide “agentless” anti-virus/malware ( I guess we arent supposed to count the vShield endpoint install). It’s a pretty nifty system in that you can really lighten the load that comes from running anti-virus/malware for your VDI environments, by moving the AV scan load from the individual guests to the host directly.

One thing that is not clearly called out and, of course, turns out to be crucial, is the SCSI compatibility at the endpoint. Since a lot of view deployments are still Windows XP based (usually 32 bit), don’t get caught in the trap of building up a perfect slimmed down, disk aligned gorgeous image, and then realizing you need to change the SCSI driver. Trend Micro DSM currently only supports LSI Logic SCSI drivers and VMWare Para-virtualized, not Buslogic and not IDE drivers. By default with ESX 4.1, Win XP 32bit gets IDE disks and Buslogic SCSI drivers if any SCSI device is added. Changing a SCSI driver, while doable in some circumstances, is never fun and usually ends in a rebuild of the OS.

Use a SCSI disk for your XP View parent image and make sure the driver is LSI Logic Parallel. Otherwise your carefully crafted DSM environment will report all of it’s subsystems and appliances working perfectly, and your endpoint will show a “Filter Driver Offline” error.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s