Tune and Test the VDI Policy
After you configure the golden image, tune and test the policy using the following workflow.
- Fine-tune the exploit and malware protection policies
for your VDI.If your organization supports a mixed environment of VDI and non-VDI instances, you can apply the Condition for VDI Machine to each rule that applies to only the VDI instances. For example, you can configure Traps to:
- Use the golden image to spawn a small pool of persistent sessions (2 or 3). Deploy the sessions in a production environment and imitate the expected day-to-day user behavior, such as browsing, development, and dedicated application usage).
- Gather additional information during this period to further optimize the default session policy and test any special restrictions applied to the non-persistent sessions. Typically, clients deployed in persistent mode enable better forensics collection than clients deployed in non-persistent mode.
- Resolve any stability issues on the test machine and on the test VDI pool that were caused by the exploit or malware protection policies.
- After the VDI server spawns a session from the golden
image and connects to the ESM Server, disconnect the golden image.
Then revise the VDI policy so that WildFire integration is enabled,
EPM Injection is set according to the configuration tested on the
golden image, heartbeat and reporting settings use longer intervals
(60 minutes is recommended), and memory dumps are sent automatically.Traps will replace the initial golden image with the revised VDI policy. Changing the VDI policy affects all spawned session on the next restart.
- Recompile the golden image.
- Restart the image.
- Verify that the image can connect to the ESM Server.
- Shut down the image and then recompile it.
- Log into the ESM Console and verify the health of the VDI instances on the MonitorAgentHealth page. If your organization uses a mixed environment, you can filter the machine Type column to show only VDI instances. The ESM Console should display the status of the VDI instances as connected.
VDI Installation Considerations
VDI Installation Considerations Optimize the default session policy on the VDI test pool to assure stable session spawning when the VDI is recompiled. Every new ...
Set Up Non-Persistent VDI
Set Up Non-Persistent VDI To set up a non-persistent virtual machine, you must configure a template policy known as a golden image. The settings in ...
Configure the Golden Image
Configure the Golden Image for Non-Persistent VDI To avoid starting your VDI with a cache of unknown executable files, use the Traps VDI tool to ...
Non-Persistent VDI Mode
Non-Persistent VDI Mode In non-persistent VDI mode, each session is temporary. When a user accesses a non-persistent virtual desktop and logs out at the end ...
VDI Modes A VDI environment can run in the following modes: Non-Persistent VDI Mode Persistent VDI Mode ...
Configure Traps for a Persistent Storage Scenario
Configure Traps for a Persistent Storage Scenario If utilizing a VDI machine to offload to a local storage area, you need to make additional changes ...
Persistent VDI Mode
Persistent VDI Mode A persistent virtual desktop is a one-to-one mapping of a virtual machine to a user and each virtual desktop stores and operates ...
Changes to Default Behavior
Changes to Default Behavior The following sections describe changes to default behavior in Traps Endpoint Security Manager and Traps agent 4.1: Changes to Default Behavior ...
Upgrade to Traps 4.1
Upgrade to Traps 4.1 The Traps™ 4.1 release comprises the Endpoint Security Manager (ESM) Server, the ESM Console, and the Traps agent. Use the following ...