-
8/2/2019 ZijkosoIC RSP Project VRC AV
1/73
Project Virtual Reality Check
Ruben Spruijt / Jeroen van de Kamp
@PROJECTVRC
#PROJECTVRC
-
8/2/2019 ZijkosoIC RSP Project VRC AV
2/73
Jeroen van de Kamp:[email protected]
@theJeroen
Ruben Spruijt:[email protected]@rspruijt
-
8/2/2019 ZijkosoIC RSP Project VRC AV
3/73
Introduction Project VRC
Deep-Dive into
Impact of App Virtualization in VDI
Comparing HyperVisors for VDI
Comparing AV for VDI
Roadmap
Topics of Today .
-
8/2/2019 ZijkosoIC RSP Project VRC AV
4/73
Whos administering/building VDI? Whos on Windows XP?
Whos on Windows 7?
Whos doing/considering stateful/persistent VDI? Whos
doing/considering stateless/non-persistent VDI?
Who is using AV in VDI statefull?
Who is using AV in VDI stateless? Who does a scheduled/manual
scan during production
hours?
A couple of questions .
-
8/2/2019 ZijkosoIC RSP Project VRC AV
5/73
?
.
-
8/2/2019 ZijkosoIC RSP Project VRC AV
6/73
.
-
8/2/2019 ZijkosoIC RSP Project VRC AV
7/73
Performance
Analysis & ReviewVDI + SBC
.
-
8/2/2019 ZijkosoIC RSP Project VRC AV
8/73
Independent
& Unbiased
.
-
8/2/2019 ZijkosoIC RSP Project VRC AV
9/73
.
-
8/2/2019 ZijkosoIC RSP Project VRC AV
10/73
Unbiased and Independent!
.
-
8/2/2019 ZijkosoIC RSP Project VRC AV
11/73
-
8/2/2019 ZijkosoIC RSP Project VRC AV
12/73
www.VirtualRealityCheck.net
..
-
8/2/2019 ZijkosoIC RSP Project VRC AV
13/73
Phase 1 & 2: SBC
Phase 3: Windows XP & Windows 7
Phase 4: Application Virtualization
Phase 5: Anti-Virus > Planned
So far .
-
8/2/2019 ZijkosoIC RSP Project VRC AV
14/73
Test platform VRCServer Brand/Model HPDL380G6
CPU 2 x Intel Quad core [email protected] Nehalem (16 logical
cpu!)
Memory 96 GB DDR3
Disk 8 x 146Gb, 820.2Gb, dual port 10.000RPM Serial SCSI
RAID level RAID-5 with online spare
RAID controller HP Smart Array P400i, with 512MB and Battery
BackedWrite Cache
NIC NC373i Gigabit Adapters, Broadcom 5708
vSphere 4.1 Update 2 ESXi
.
http://images.google.nl/imgres?imgurl=http://pcwizkidstechtalk.com/images/stories/pcwizkid/intel_logo.jpg&imgrefurl=http://pcwizkidstechtalk.com/index.php/intel-core-2-quad-q8400-cpu-review.html&usg=__C3H8-O47ypMBWvi9l0Gj6Mr-DWI=&h=1816&w=2392&sz=181&hl=nl&start=2&um=1&tbnid=V_fTZCt_MyedyM:&tbnh=114&tbnw=150&prev=/images?q=intel&hl=nl&lr=&sa=N&um=1
-
8/2/2019 ZijkosoIC RSP Project VRC AV
15/73
-
8/2/2019 ZijkosoIC RSP Project VRC AV
16/73
Turn-Key Benchmark for SBC + VDI (hosted)
Considered Industry Standard (driven by Citrix!)
Protocol independent
Standard workloads: light, medium, high &
multimedia
Data randomization
Used by: Citrix, MS, Dell, HP, Cisco, VCE, EMC, Intel, Quest,
Panologic,
Atlantis, Fujitsu, Virsto, Hitachi, Datacore, McAfee, CSC,
FusionIO, Unidesk
Login VSI
-
8/2/2019 ZijkosoIC RSP Project VRC AV
17/73
Single Server
-
8/2/2019 ZijkosoIC RSP Project VRC AV
18/73
Configuration 1
-
8/2/2019 ZijkosoIC RSP Project VRC AV
19/73
Start the test
-
8/2/2019 ZijkosoIC RSP Project VRC AV
20/73
Saturation
-
8/2/2019 ZijkosoIC RSP Project VRC AV
21/73
-
8/2/2019 ZijkosoIC RSP Project VRC AV
22/73
-
8/2/2019 ZijkosoIC RSP Project VRC AV
23/73
-
8/2/2019 ZijkosoIC RSP Project VRC AV
24/73
-
8/2/2019 ZijkosoIC RSP Project VRC AV
25/73
VSI User Simulation workload
Office: Outlook,
Word,
PowerPoint
Excel
PDF printer & Adobe PDF
Internet Explorer (multiple sites + Flash Video)
FreeMind (Java)
-
8/2/2019 ZijkosoIC RSP Project VRC AV
26/73
-
8/2/2019 ZijkosoIC RSP Project VRC AV
27/73
-
8/2/2019 ZijkosoIC RSP Project VRC AV
28/73
-
8/2/2019 ZijkosoIC RSP Project VRC AV
29/73
VDI
Hypervisor
7 7 7 7
ADFile Share Logging
-
8/2/2019 ZijkosoIC RSP Project VRC AV
30/73
Project VRCs goal is to investigate overallperformance impact of
AppVirt in VDI.
Project VRC does not recommend virtualizing the
Microsoft Office suite as an overall best practice.
Please Note .
-
8/2/2019 ZijkosoIC RSP Project VRC AV
31/73
streamed vs. Local installed %
Bug > Fix!
.
-
8/2/2019 ZijkosoIC RSP Project VRC AV
32/73
streamed vs. Local installed % - upd. .
-
8/2/2019 ZijkosoIC RSP Project VRC AV
33/73
Office Locally Installed
Outlook
Word
PowerPoint
Streamed Apps
Excel 2007 PDF Reader
Freemind
Typical Streaming Scenario .
-
8/2/2019 ZijkosoIC RSP Project VRC AV
34/73
Typical Streaming Scenario (%) .
-
8/2/2019 ZijkosoIC RSP Project VRC AV
35/73
-
8/2/2019 ZijkosoIC RSP Project VRC AV
36/73
Phase V: ComparingHypervisors
S h M O it Wi 7
-
8/2/2019 ZijkosoIC RSP Project VRC AV
37/73
vSphere: Memory Overcommit: Win7120VM Pre-Booted
Wi d 7 D i M (SP1)
-
8/2/2019 ZijkosoIC RSP Project VRC AV
38/73
Windows 7 Dynamic Memory (SP1) onHyper-V
-
8/2/2019 ZijkosoIC RSP Project VRC AV
39/73
-
8/2/2019 ZijkosoIC RSP Project VRC AV
40/73
ASLR
-
8/2/2019 ZijkosoIC RSP Project VRC AV
41/73
ASLR:Address Space Layout Randomization
-
8/2/2019 ZijkosoIC RSP Project VRC AV
42/73
Hyper-V R2 sp1: ASLR (%)
-
8/2/2019 ZijkosoIC RSP Project VRC AV
43/73
XenServer 5.6: ASLR (%)
-
8/2/2019 ZijkosoIC RSP Project VRC AV
44/73
-
8/2/2019 ZijkosoIC RSP Project VRC AV
45/73
Win 7 on XS vs ESXi vs Hyper-V (%)
-
8/2/2019 ZijkosoIC RSP Project VRC AV
46/73
Win 7 on XS vs ESXi vs Hyper-V (%)
-
8/2/2019 ZijkosoIC RSP Project VRC AV
47/73
-
8/2/2019 ZijkosoIC RSP Project VRC AV
48/73
VDI & AntiVirus .
-
8/2/2019 ZijkosoIC RSP Project VRC AV
49/73
VIRUSSCANNER: TOTAL I/Os.
-
8/2/2019 ZijkosoIC RSP Project VRC AV
50/73
-
8/2/2019 ZijkosoIC RSP Project VRC AV
51/73
-
8/2/2019 ZijkosoIC RSP Project VRC AV
52/73
Normal VSI results .
-
8/2/2019 ZijkosoIC RSP Project VRC AV
53/73
Default Install ForeFront .. .
-
8/2/2019 ZijkosoIC RSP Project VRC AV
54/73
AV directly installed on the VMs FEP, TM OfficeScan
Manager, agents on the VMs
SEP
Manager, Security VM, agents on the VMs
Deep Security
Move
Protect desktop VMs .
-
8/2/2019 ZijkosoIC RSP Project VRC AV
55/73
-
8/2/2019 ZijkosoIC RSP Project VRC AV
56/73
-
8/2/2019 ZijkosoIC RSP Project VRC AV
57/73
-
8/2/2019 ZijkosoIC RSP Project VRC AV
58/73
Trend Micro Deep Security
Hypervisor
VM 1 VM x
AV AV
Manager
FilterDriver
Deploymentof the agent
vShield
vShieldAppliance
vShield
SVMLinux
-
8/2/2019 ZijkosoIC RSP Project VRC AV
59/73
-
8/2/2019 ZijkosoIC RSP Project VRC AV
60/73
-
8/2/2019 ZijkosoIC RSP Project VRC AV
61/73
-
8/2/2019 ZijkosoIC RSP Project VRC AV
62/73
B li R Ti
-
8/2/2019 ZijkosoIC RSP Project VRC AV
63/73
Baseline Response Time
-
8/2/2019 ZijkosoIC RSP Project VRC AV
64/73
T t l R d IO
-
8/2/2019 ZijkosoIC RSP Project VRC AV
65/73
Total Read IOs
T t l W it IO
-
8/2/2019 ZijkosoIC RSP Project VRC AV
66/73
Total Write IOs
T t l W it IO @ 60 i
-
8/2/2019 ZijkosoIC RSP Project VRC AV
67/73
Total Write IOs @ 60 sessions
C l i
-
8/2/2019 ZijkosoIC RSP Project VRC AV
68/73
Testing AV is complicated
VRC system is balanced: CPU/MEM/DISK IO
AV + Stateless??!!
Image is not fully scanned after resets
AV agents loose registration/connection in central
manager after reboot
Licensing/Certificate issues
CPU impact on boot or Service do not start
Conclusions .
C l i
-
8/2/2019 ZijkosoIC RSP Project VRC AV
69/73
Offloading introduces Response time Latency
Offloading architectures are complicated
Do AV vendors fully understand VDI?
(discussion performance versus functionality)
Availability Best Practices
Conclusions .
Cl i th ht AV
-
8/2/2019 ZijkosoIC RSP Project VRC AV
70/73
What is the impact AV + AV?
Stateful scenario needs also testing
Scheduled/Manual Scan
Need for RAW IO data
Memory Consumption
Logon Process
CPU
Closing thoughts AV .
Roadmap!?!
-
8/2/2019 ZijkosoIC RSP Project VRC AV
71/73
Project VRC 2012 =
Roadmap!?!
More info:
-
8/2/2019 ZijkosoIC RSP Project VRC AV
72/73
www.virtualrealitycheck.net
www.twitter.com/ProjectVRC
www.loginconsultants.com (VSI)
www.pqr.nl
Special thanks to: Sven Huisman (PQR, @svenh)
More info:
-
8/2/2019 ZijkosoIC RSP Project VRC AV
73/73
j kamp@loginconsultants nl
