Tune and Test the VDI Policy
After you configure the golden image, tune and test the policy using the following workflow.
- Fine-tune the exploit and malware protection policies
for your VDI.If your organization supports a mixed environment of VDI and non-VDI instances, you can apply the Condition for VDI Machine to each rule that applies to only the VDI instances. For example, you can configure Traps to:
- Use the golden image to spawn a small pool of persistent sessions (2 or 3). Deploy the sessions in a production environment and imitate the expected day-to-day user behavior, such as browsing, development, and dedicated application usage).
- Gather additional information during this period to further optimize the default session policy and test any special restrictions applied to the non-persistent sessions. Typically, clients deployed in persistent mode enable better forensics collection than clients deployed in non-persistent mode.
- Resolve any stability issues on the test machine and on the test VDI pool that were caused by the exploit or malware protection policies.
- After the VDI server spawns a session from the golden
image and connects to the ESM Server, disconnect the golden image.
Then revise the VDI policy so that WildFire integration is enabled,
EPM Injection is set according to the configuration tested on the
golden image, heartbeat and reporting settings use longer intervals
(60 minutes is recommended), and memory dumps are sent automatically.Traps will replace the initial golden image with the revised VDI policy. Changing the VDI policy affects all spawned session on the next restart.
- Recompile the golden image.
- Restart the image.
- Verify that the image can connect to the ESM Server.
- Shut down the image and then recompile it.
- Log into the ESM Console and verify the health of the VDI instances on the MonitorAgentHealth page. If your organization uses a mixed environment, you can filter the machine Type column to show only VDI instances. The ESM Console should display the status of the VDI instances as connected.
VDI Installation Considerations
VDI Installation Considerations Optimize the default session policy on the VDI test pool to assure stable session spawning when the VDI is recompiled. Every new ...
Set Up a Non-Persistent VDI
Set Up a Non-Persistent VDI To set up a non-persistent virtual machine, you must configure a template policy known as a golden image. The settings ...
Configure the Golden Image for Non-Persistent VDI
Configure the Golden Image for Non-Persistent VDI To avoid starting your VDI with a cache of unknown executable files, you can use the Traps VDI ...
VDI Modes A VDI environment can run in the following modes: Non-Persistent VDI Mode Persistent VDI Mode Non-Persistent VDI Mode In non-persistent VDI mode, each ...
Configure Storage for a VDI
Configure Storage for a VDI With a persistent VDI, each user runs a desktop session independently. The settings for users are typically saved to the ...
Upgrade to Traps 4.2
Upgrade to Traps 4.2 The Traps™ 4.2 release comprises the Endpoint Security Manager (ESM) Server, the ESM Console, and the Traps agent. Use the following ...
Traps VDI Tool CLI
Traps VDI Tool CLI The Traps VDI Tool requests verdicts for all the PE files detected on the golden image and outputs the verdicts to ...
Set Up Traps in a VDI Environment
Set Up Traps in a VDI Environment Use the following workflow to set up Traps in a VDI environment. Review the installation considerations and prerequisites ...
Traps Agent 4.2 for Windows
To uninstall, use, and upgrade the Traps agent 4.2 on Windows endpoints, see the references in this topic. ...