Virtural Environment Deployment

Userlevel 5
As a: Admin managing a Virtural Desktop Infastructure enviromnet.

I wish: I could deploy Webroot to the master image.

So that: I can more easily manage my endpoints. I don't have to clear out duplicate machines from my console every day/week. I have threat history for my virutial machines.

Virtual Desktop Infrastructure (VDI) environments provision a machine from a master image every time it is booted. Any changes that are made to the machine are lost during this session. This produces hole in the management of Webroot. The only way to get Webroot protecting these machines is to have them install Webroot on boot of the machine be it though group policy or some other management utility.

First, every time the machine boots we are doing a learning scan of the machine. Second, we get multiple instances of the machine in the console every time the machine is booted; which causes the admin to go through the console and deactivate machines that have not been seen recently.

Install Webroot on boot of the VM. Current deployment switches (-uniquedeivce or -clone) do not fix this. Admins can use the /group= deployment to force these machines into a group so that clearing out the extra instance is easier. More info on deployment can be found in the Deployment Document.

Actual Result
Currently installing Webroot on a VDI environment can only be done on boot of the machine. This causes a new instance of a machine in console every time a VDI machine boots.

Expected Result
Webroot should be deployable to the master image. And when booting a machine from that image Webroot should grab unique information about that machine instance in VDI to link it to a single instance in the console.

Proposed Fix
I believe the best way to tackle this is to create an install switch for VDI deployment. You would install to the master image with this switch. Then on every boot of the VM Webroot generates its Device MID and Instance MID information off of the combination of the Microsoft SID and hostname. I believe the SID is the same since the VDI loads the master image, then if we generate those MIDs based off the hostnames being booted from that image, every time it boots the MIDs will be the same. And the agent will report to the same instance in the console every time that VM boots from that master image.

21 replies

Having the ability to install Webroot on our master images would be beneficial to those of us who are deploying virtual desktops.
We are a Citrix customer and use Provisioning Services.  The same virtual disk serves as the base for mutliple virtual desktops that are assigned to our users as they logon.  Currently we are installing Webroot at login as described by JohnnyS above, with one exception.  We do not have to continuously clean extra instances within the Webroot administrative console.
Userlevel 7
This is an excellent idea @!

You have my vote sir.
Userlevel 5
Hello, I have done research on the topic and have a utility to gather machine information to generate identifiers. This is a proof of concept to anyone interested in assisting provide some data that has this type of environment please private message me. Thank you
Userlevel 1
It sounds like the MSI install type tag isn't modified. I've had this problem and what you have to do is use the tag -uniquedevice. By default the msi is -null or -clone. If it is clone this will cause the mass duplication or cause clashes in the virtual enviornment.
Edit the MSI (i use Orca), under proerty then 'CMDLINE; put -uniquedevice and that should solve your issue :)
Kind Regards,
Adam Hartley
Software Sales Engineer at ISDG Ltd - Webroot UK Distributor
Userlevel 5
Really we want a solution for non-persistent enviroment to be able to deploy to the master image. And in persistent enviroment to be able to uniquely identify the machine and -uniquedevice (sounds like it should) but doesn't cut it.
Userlevel 1
It's really stange that -uniquedevice isn't working for you. We have massive resellers and MSP's here in the UK who use master VDI images using it and it works fine.
Strange that its not working as you want. Good luck with this request though. Would really be useful.
AdamHartley, do you by chance have information regarding Citrix vs. VMware VDI deployments and/or versions for those resellers?
Userlevel 1
Resellers don't usually do deployment and leave it to the end customer to do and 'figure out'. Most of our MSP's use Citrix but that's because Citrix has the UK VDI market on locked down if I'm completely honest.
Currently I'm dealing with MSP's deploying or maintaining using XenDesktop v5 or Xen Server 5.5 or ESX/ESXi 5.5/vspehere 5.5 currently. Sometimes they are using older versions depending of their customers enviornments and their budgets to upgrade but doesn't make any different to how I train them or assist them in deployment. Had one of our MSP's use a v3 citrix client on an ancient server fromthe pre dual core server era.
Some prefer locked down Citrix Xen desktop master/Golden images whilst others like to use GPO or LDAP using AD pulls.
If you want more specifics do PM me as I don't want to take away the point of the OP and we can talk more indepth :)
Kind Regards,
Adam Hartley
Software Sales Engineer at ISDG Ltd - Webroot UK Distributor
Versioning could account for some of the issue; we've uncovered this using XenDesktop 7.6 running on ESXi 5.5.
Userlevel 1
Definitely makes sense considering Webroot only supports currently: - Citrix XenDesktop 5; XenServer 5.6 and older; XenApp 6.5 and older
Any news? I search for av solution for 4000 VDI (xendesktop7.6). I found Mcafee and trendMicro.
Does Webroot have a full support and not duplicate machine accounts on console?
Any news ? We still don´t run webroot on our citrix servers on some customers that are running the image infrastructure bacause of this issue. Would be great to be able to!
Userlevel 7
Badge +56
I haven't heard anything new on this, but I'll double-check.
How is this issue progressing as we currently have the same issue with WebRoot and Virtural Environment Deployment. We are constantly having to delete the replicated machines over and over in the WR Admin console. 
Userlevel 7
Badge +35
Thank you for your suggestion.  We've evaluated this idea and added it to the backlog.
Userlevel 1
Badge +7
Any news on this? Windows Virtual desktop is a non-persistent vdi solution that is about to really take off.
Userlevel 1
Badge +7

hi, anything?

Badge +5

This is a great idea. Any news on this?

Userlevel 1
Badge +7

Hello, any movement on this? This isnt complete. 

Userlevel 1
Badge +7


Are there any developments for fixing this issue?

We are at a turningpoint where we have to decide what Endpoint solution will be the default for our organisation and our customers.

Fixing this will make the choice much easier.