After you configure the golden image, tune
and test the policy using the following workflow.
Fine-tune the exploit and malware protection policies
for your VDI.
If your organization supports a mixed environment of VDI
and non-VDI instances, you can apply the Condition for
VDI Machine to each rule that applies to only the VDI
instances. For example, you can configure Traps to:
Use the golden image to spawn a small pool of persistent
sessions (2 or 3). Deploy the sessions in a production environment
and imitate the expected day-to-day user behavior, such as browsing,
development, and dedicated application usage).
Gather additional information during this period to further
optimize the default session policy and test any special restrictions
applied to the non-persistent sessions. Typically, clients deployed
in persistent mode enable better forensics collection than clients
deployed in non-persistent mode.
Resolve any stability issues on the test machine and
on the test VDI pool that were caused by the exploit or malware
protection policies.
After the VDI server spawns a session from the golden
image and connects to the ESM Server, disconnect the golden image.
Then revise the VDI policy so that WildFire integration is enabled,
EPM Injection is set according to the configuration tested on the
golden image, heartbeat and reporting settings use longer intervals
(60 minutes is recommended), and memory dumps are sent automatically.
Traps will replace the initial golden image with the revised
VDI policy. Changing the VDI policy affects all spawned session
on the next restart.
Recompile the golden image.
Restart the image.
Verify that the image can connect to the ESM Server.
Shut down the image and then recompile it.
Log into the ESM Console and verify the health of the
VDI instances on the MonitorAgentHealth page.
If your organization uses a mixed environment, you can filter the
machine Type column to show only VDI instances. The ESM Console should
display the status of the VDI instances as connected.
