Trend Deep Security Manager and Windows XP Guests


I’ve been putting together a Trend Micro DSM implementation. DSM connects to appliances on each ESX host, which communicate through vShield endpoints on the VM guests, to provide “agentless” anti-virus/malware ( I guess we arent supposed to count the vShield endpoint install). It’s a pretty nifty system in that you can really lighten the load that comes from running anti-virus/malware for your VDI environments, by moving the AV scan load from the individual guests to the host directly.

One thing that is not clearly called out and, of course, turns out to be crucial, is the SCSI compatibility at the endpoint. Since a lot of view deployments are still Windows XP based (usually 32 bit), don’t get caught in the trap of building up a perfect slimmed down, disk aligned gorgeous image, and then realizing you need to change the SCSI driver. Trend Micro DSM currently only supports LSI Logic SCSI drivers and VMWare Para-virtualized, not Buslogic and not IDE drivers. By default with ESX 4.1, Win XP 32bit gets IDE disks and Buslogic SCSI drivers if any SCSI device is added. Changing a SCSI driver, while doable in some circumstances, is never fun and usually ends in a rebuild of the OS.

Use a SCSI disk for your XP View parent image and make sure the driver is LSI Logic Parallel. Otherwise your carefully crafted DSM environment will report all of it’s subsystems and appliances working perfectly, and your endpoint will show a “Filter Driver Offline” error.