Managing the DLP Agent in a VDI environment

book

Article ID: 206132

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent

Issue/Introduction

  • You want to deploy the DLP agent to a Virtual Desktop Infrastructure (VDI) consisting of non-persistent machines
  • You want to know if any special steps are required on the DLP agent to ensure compatibility.

Environment

Release : 15.x

Component : DLP Agent

Resolution

DLP supports VDI platforms (whether persistent or non-persistent) without any modifications on the DLP agent side. However, implementing non-persistent VDI presents some challenges from the administration side in the Enforce console:

  • Hostnames of the non-persistent VDI cannot be duplicates. This is because the DLP agent is registered using hostname and IP, so the master image that contains the agent needs to have a unique hostname each time it is deployed as a non-persistent VDI workstation
  • If a hostname is no longer in use, the DLP administrator should periodically remove inactive VDI hosts from the system.  There is no "workaround" or automated process in DLP to delete non-persistent VDI hostnames once they are registered.  It may, however, be feasible to just keep them offline in the console depending on the number of machines in this state and your reporting needs
  • To assist in identifying VDI machines, you could create a custom set of agent attributes, agent configuration and/or agent group and add the non-persistent VDI machines to those