Antivirus management issues in physical-to-virtual migrations - SearchServerVirtualization Blog
Home > IT Blogs > SearchServerVirtualization Blog > Antivirus management issues in physical-to-virtual migrations
« VMware VDI no bargain, analyst says
Upgrades, virtualization, and a tantalizing glimpse of the future »
» VIEW ALL POSTS Feb 21 2008   9:34AM GMT

Antivirus management issues in physical-to-virtual migrations



Posted by: Rick Vanover
Virtualization, Servers, P2V

I am well into my company’s physical to virtualization (P2V) migration for most general purpose server systems, and it’s been pretty successful. But as our environment grew, we experienced a problem involving our virtual systems and our antivirus management system. In this blog post, I’ll explain the problem and tell you the solution so you can avoid a similar situation.

For most server systems, regardless of whether they are physical or virtual, maintaining a centrally managed antivirus package is a good strategy. This strategy includes regular definition updates, engine updates, policies for exclusions and scheduled full scans.

Let’s talk about the scheduled full scan. Historically, we regularly ran a full antivirus scan of the local file system on both the physical and virtual servers during off hours. This became a problem as the virtual environment became more populated.

We use the vkernel capacity analyzer and chargeback virtual appliance to monitor the performance of our virtual environment. What I noticed is that during the off time, we had an incredible spike in CPU utilization across all hosts and virtual machines. This spike was about 300% of our average CPU use for about two hours. We initially wanted to blame it on the full backup that happens close to this timeframe, but closer investigation led us elsewhere.

We had noticed that the CPU spike occurred on guest systems that are in isolated networks for stage-configure or isolation test roles. With the isolated systems, it was determined that the spike would not be caused by the full backup, as the the isolated systems were not able to communicate with the backup mechanism.

Avoiding the CPU spike

Once we determined that the scheduled full antivirus scan on the local file system was the culprit, we decided that a staggered set of full scans were required to avoid this massive spike. On physical systems with local processing, this is not a big issue, as they are generally idle. But applied to the virtual environment, this may cause unnecessary virtual machine migrations or performance alerts. So, in your migration strategies, be sure to consider any centrally scheduled activity like this and how it may affect your entire infrastructure — both physical and virtual.

AddThis Social Bookmark Button     Comment     RSS Feed     Email a friend

Comment on this Post


You must be logged-in to post a comment. Log-in/Register

Chandler777  |   Apr 20 2009   3:33PM GMT

Protect your PC.
Are you searching for antispyware at an affordable price? Then look no further. I have the perfect solution for you. I have found a scan that works as well as Norton and other scans that are more expensive. If you are interested in learning more then you can go to <a href="http://www.Search-and-destroy.com" title="http://www.Search-and-destroy.com" target="_blank">http://www.Search-and-destroy.com</a> and see for yourself what the antispyware solution from Search-and-destroy has to offer. I’m sure that you will be very happy with Search-and-destroy Antispyware because I was and I have tried many different types of scans in the past. It’s a wonderful solution to that will help protect your PC.


 
Visit Server Virtualization Home |   Server Virtualization News  |  Server Virtualization White Papers  |  Server Virtualization Videos  |  Server Virtualization Resources