lolloj - Fotolia

Do I need antivirus for VDI deployments?

Virtual desktop environments aren't immune to viruses and malware, so it's important to have an antivirus tool and strategy in place before your deployment gets infected.

Deploying VDI should change your antivirus strategy, but it won't eliminate the need for AV. New viruses are just as effective on virtual desktops as they are on physical ones.

Antivirus for virtual desktop environments can be a source of frustration. The battle against viruses is one where success often comes at the cost of desktop and server performance.

When you deploy VDI, you may wrestle with the decision about whether or not to deploy AV on virtual machines (VMs). It's tempting to think that because you can wipe and recompose the VMs, you don't need antivirus, but that couldn't be further from the truth.

How to integrate antivirus with your VDI deployment

First, consider your response plan. When you suspect an infection on physical desktops, you probably run a scanning process that is time-consuming for you and disruptive for users. With virtual desktops, the response plan should include immediately re-homing the VM to a dead-end virtual network, if you want to isolate and identify the virus. If you don't want to ID the virus, simply delete the VM and reassign the user.

Don't let the VM live on your production LAN any longer than it must, and help users get back to work as soon as you can. The better your profile abstraction strategy, the easier it is to deal with viruses; using non-persistent desktops makes virus response simpler.

Secondly, consider using different antivirus tools for your VDI deployment. Never install AV on the VMs themselves, and look for tools that scan inline as I/O occurs on the VM. This gives you the benefits of AV without adverse effects on performance.

Still don't think that's enough? Me neither. Beef up the perimeter of the network, and focus on multiple layers of protection with disparate scanning engines. These aren't new strategies, but preparing for AV in a VDI deployment lets you revisit and reinforce strategies that may have fallen by the wayside.

Dig Deeper on Virtual and remote desktop strategies