<img alt="" src="https://secure.bomb5mild.com/193737.png" style="display:none;">

Turbonomic Blog

Controlling Antivirus Storms in Your VDI Environment

Posted by Matt Ray on Nov 14, 2016 9:28:16 AM

Anybody with experience managing antivirus scans, updates, boot storms, or any other of a handful of resource intensive tasks in a VDI environment knows that maintaining performance during these intensive tasks can be a daunting if not impossible. The severe degradation to service during an antivirus storm is enough to kill worker productivity, and in some cases even prevents companies from fully rolling out VDI solutions.

As a Gartner blog post points out, although shared storage has seen as the primary culprit when experiencing degraded VDI performance “removing” the storage bottleneck through all-flash arrays, hyper-converged (scaled-out) systems or other solutions does not solve many performance issues.  As Mark Lockwood from Gartner mentions, “the hurdle of ‘slow storage’ was so large and so overwhelming for VDI deployment that it was functionally impossible to see if there were other bottlenecks in the system”.  With a new storage solution in place “mass events, such as antivirus scans and updates, inventory scans and software distribution have all the IOPS they can handle so they begin competing for other parts of the share infrastructure: network, CPU and memory”.

In a previous post I described our VDI Management capabilities and how it helps address these challenges. Let’s take closer look into the ways that these challenges are addressed by administrators today, and how Turbonomic acts in some of the world’s most successful VDI deployments.

Antivirus Scans

For starters we will look at antivirus scans and updates in a VDI environment. Antivirus scans in VDI commonly cripple compute and storage resources so much so that the term antivirus storms has been coined specifically to describe the problem. Updating virus definitions or machine scans have a massive impact when they are kicked off on hundreds or even thousands of VMs at one time. The most common method for protecting against these “antivirus storms” is to use either a staggered or random approach to scanning in hopes that it solves the problem.

In a staggered approach a set of VMs would be scheduled to execute a scan, when that set is over the next set would go off. This method requires manually creating groups of VMs and setting up the action execution orders. The problem with this approach, beyond the amount of time it takes to set everything up, is that it does not take into account the utilization of resources within the environment, but instead it tries to limit the impact of the virus scan. Depending on the time of day that this task is being executed it could still cause crippling effects to the environment. It is also nearly impossible to identify where all of the scheduled VMs are on the physical infrastructure in a dynamic environment. This method has proven ineffective time and time again leading many VDI administrators to move to a random approach.

In a random approach virus scans are set to execute at a random time throughout the day. The effect is that only a small set of VMs will execute virus scans at the same time hopefully eliminating the impact that antivirus has on the environment. This approach still puts a significant burden on the infrastructure, and can still cripple performance when virus scans kick-off because this methodology still does not take into account the demand for resources from other applications or utilization of resources within the infrastructure.

Antivirus Scans & Turbonomic

Turbonomic is the only solution that is able to marry application demand with infrastructure supply in order to maintain performance of VDI environments during I/O intensive tasks like antivirus storms. Because Turbonomic understands how an application maps back through the VM, datastore, disk array, and storage controller, and the associated demand from resources on each one of these entities Turbonomic is able to give intelligent decisions on which VMs can run antivirus scans and when in order to maintain performance of the entire environment. This system eliminates performance issues due to antivirus (or any other I/O intensive task), and helps organizations to gain end user acceptance while scaling VDI environments.


To achieve this goal Turbonomic integrates with a configuration manager such as SCOrch, Puppet, Chef, or MSCCM (or any other configuration manager with an open API) in order to tell VMs when it is appropriate to kick off a specified action, in our example antivirus scan. Because, VMTurbo understands where the VM exists within the environment (on physical machine, datastore, and storage array), and the utilization of all of these components we are able to provide the go-ahead to kick off an action only when the infrastructure is capable of maintaining performance. This allows Turbonomic to act as the tollgate for kicking off these actions in order to maintain performance in VDI environments.

Turbonomic helps hundreds of customers to better manage VDI environments by offering a more effective way to assure performance. Customers that utilize Turbonomic are able to gain end-user acceptance easier, expand deployments faster, reduce the amount of time spent managing the environment, and achieve higher ROIs on VDI deployments.

Topics: Virtualization

Subscribe Here!

Recent Posts

Posts by Tag

See all