light bulb

Did You Know?



Virtural Environment Deployment

Status: Reviewed
by Moderator Moderator on ‎04-21-2015 09:08 AM

As a: Admin managing a Virtural Desktop Infastructure enviromnet.

I wish: I could deploy Webroot to the master image.

So that: I can more easily manage my endpoints. I don't have to clear out duplicate machines from my console every day/week. I have threat history for my virutial machines.

Background
Virtual Desktop Infrastructure (VDI) environments provision a machine from a master image every time it is booted. Any changes that are made to the machine are lost during this session. This produces hole in the management of Webroot. The only way to get Webroot protecting these machines is to have them install Webroot on boot of the machine be it though group policy or some other management utility.

Issue
First, every time the machine boots we are doing a learning scan of the machine. Second, we get multiple instances of the machine in the console every time the machine is booted; which causes the admin to go through the console and deactivate machines that have not been seen recently.

Workaround
Install Webroot on boot of the VM. Current deployment switches (-uniquedeivce or -clone) do not fix this. Admins can use the /group= deployment to force these machines into a group so that clearing out the extra instance is easier. More info on deployment can be found in the Deployment Document.

Actual Result
Currently installing Webroot on a VDI environment can only be done on boot of the machine. This causes a new instance of a machine in console every time a VDI machine boots.

Expected Result
Webroot should be deployable to the master image. And when booting a machine from that image Webroot should grab unique information about that machine instance in VDI to link it to a single instance in the console.

Proposed Fix
I believe the best way to tackle this is to create an install switch for VDI deployment. You would install to the master image with this switch. Then on every boot of the VM Webroot generates its Device MID and Instance MID information off of the combination of the Microsoft SID and hostname. I believe the SID is the same since the VDI loads the master image, then if we generate those MIDs based off the hostnames being booted from that image, every time it boots the MIDs will be the same. And the agent will report to the same instance in the console every time that VM boots from that master image.

Status: Reviewed

This is an excellent idea @JohnnyS!

You have my vote sir.

Comments
by Frequent Voice
on ‎04-21-2015 09:23 AM

Having the ability to install Webroot on our master images would be beneficial to those of us who are deploying virtual desktops.

 

We are a Citrix customer and use Provisioning Services.  The same virtual disk serves as the base for mutliple virtual desktops that are assigned to our users as they logon.  Currently we are installing Webroot at login as described by JohnnyS above, with one exception.  We do not have to continuously clean extra instances within the Webroot administrative console.

by Moderator Moderator
on ‎05-19-2015 01:20 PM
Status changed to: Reviewed

This is an excellent idea @JohnnyS!

You have my vote sir.

by Moderator Moderator
on ‎06-02-2015 04:11 PM

Hello, I have done research on the topic and have a utility to gather machine information to generate identifiers. This is a proof of concept to anyone interested in assisting provide some data that has this type of environment please private message me. Thank you

by Frequent Voice
on ‎06-09-2015 06:47 AM

It sounds like the MSI install type tag isn't modified. I've had this problem and what you have to do is use the tag -uniquedevice. By default the msi is -null or -clone. If it is clone this will cause the mass duplication or cause clashes in the virtual enviornment.

 

Edit the MSI (i use Orca), under proerty then 'CMDLINE; put -uniquedevice and that should solve your issue Smiley Happy

 

Kind Regards,

 

Adam Hartley

Software Sales Engineer at ISDG Ltd - Webroot UK Distributor

by Moderator Moderator
on ‎06-10-2015 12:45 PM

Really we want a solution for non-persistent enviroment to be able to deploy to the master image. And in persistent enviroment to be able to uniquely identify the machine and -uniquedevice (sounds like it should) but doesn't cut it.

by Frequent Voice
on ‎06-11-2015 08:44 AM

It's really stange that -uniquedevice isn't working for you. We have massive resellers and MSP's here in the UK who use master VDI images using it and it works fine.

 

Strange that its not working as you want. Good luck with this request though. Would really be useful.

by Frequent Voice
on ‎06-11-2015 09:06 AM

AdamHartley, do you by chance have information regarding Citrix vs. VMware VDI deployments and/or versions for those resellers?

by Frequent Voice
‎06-11-2015 09:26 AM - edited ‎06-11-2015 09:28 AM

Resellers don't usually do deployment and leave it to the end customer to do and 'figure out'. Most of our MSP's use Citrix but that's because Citrix has the UK VDI market on locked down if I'm completely honest.

 

Currently I'm dealing with MSP's deploying or maintaining using XenDesktop v5 or Xen Server 5.5 or ESX/ESXi 5.5/vspehere 5.5 currently. Sometimes they are using older versions depending of their customers enviornments and their budgets to upgrade but doesn't make any different to how I train them or assist them in deployment. Had one of our MSP's use a v3 citrix client on an ancient server fromthe pre dual core server era.

 

Some prefer locked down Citrix Xen desktop master/Golden images whilst others like to use GPO or LDAP using AD pulls.

 

If you want more specifics do PM me as I don't want to take away the point of the OP and we can talk more indepth Smiley Happy

 

Kind Regards,

 

Adam Hartley

Software Sales Engineer at ISDG Ltd - Webroot UK Distributor

by Frequent Voice
on ‎06-11-2015 09:35 AM

Versioning could account for some of the issue; we've uncovered this using XenDesktop 7.6 running on ESXi 5.5.

by Frequent Voice
on ‎06-11-2015 09:50 AM

Definitely makes sense considering Webroot only supports currently: - Citrix XenDesktop 5; XenServer 5.6 and older; XenApp 6.5 and older