The Riverbed Blog (testing)

A blog in search of a tagline

Optimizing Anti-Virus Updates with Riverbed

Posted by bobegilbert on August 10, 2011

Implementing an anti-virus platform can be a strain on your network when the PCs you are aiming to protect require frequent virus definition updates from a central location.  Riverbed's Steelhead family of WAN optimization products performs well when it comes to minimizing the impact that anti-virus software has on your wide area network.  Steelhead can dramatically reduce the amount of data traversing your WAN for the initial anti-virus deployment as well as the frequent follow-on updates that take place.

Thanks to Riverbed Channel SE Emmanual Forgues, below are the results from deploying Riverbed in an environment where Kapersky ant-virus is configured.

The setup is pretty straightforward and involves a branch office connecting to a datacenter over a 2Mbps WAN link with 80ms RTT latency.  

1
 
The first test is the initial deployment of the Kapersky anti-virus platform from the server in the datacenter to the workstation in the branch office. 

2

As you can see from the above Steelhead appliance report, 43% of the traffic for the initial anti-virus deployment was eliminated from the WAN.  This is essentially the effect of applying on-the-fly LZ compression to the data.

The next step is to attempt the same deployment now that the Steelhead appliances have seen the data.

4
 
  5

  The result is 96% data reduction!  The next test is to attempt an anti-virus update for the first time.

7
  8

27% data reduction on the first pass.  Now let's try another update.

10

60% data reduction or only 98.3MB was transferred over the WAN out of 47.7MB of possible data.  To summarize, both anti-virus deployments and follow on definition updates can be receive a tremendous amount of optimization by Riverbed.

This was a test using Kapersky Anti-Virus.  Riverbed customers are seeing similar results with other products such as McAfeee and Symantec. Regardless of your anti-vrisu platform, Riverbed can be an essential part of your anti-virus deployment strategy. 

 

Advertisements

5 Responses to “Optimizing Anti-Virus Updates with Riverbed”

  1. larry chaffin said

    Very cool blog, now if we could do this with Symantec and the SEP products people would be really happy. Not a Riverbed problem but a Symantec problem to fix so any wan acceleration can be used.

  2. and the sooner the updates are distributed to the clients the more secure the environment!

  3. We run Kaspersky AV inhouse and don’t see any optimisation being done for our KAV traffic. It looks like the agent traffic is SSL encrypted and the Riverbed’s couldn’t do anything useful with it. There’s a short thread on the Riverbed Support Forums about this (search Kaspersky SSL). So the question is, what was Emmanual’s Kaspersky and Steelhead configurations in order to get these results?

  4. Bob Gilbert said

    Hi Steve,
    Kaspersky encryption and compression was disabled for this test. SSL encryption was then enabled between the Steelhead to protect the WAN traffic.

  5. the traffic between the Administration Kit and the update server on internet are not encrypted, only the updates inside the network : between Administration Kit and the workstations/servers.
    You have to use AdminKit and modifying the strategy of your agent.in the properties disabling :
    – SSL to use the port 14000 instead of 13000
    – compression
    right button on the network Agent (or in the policy) as on the following picture :
    http://www.forgues.eu/riverbed/kasperky-Strategies.tiff
    Let me know

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: