Sophos Authentication for Thin Client Enables transparent authentication for users in Citrix or Terminal Services environment whereby network credentials can be used to authenticate and a user has to sign in only once to access network resources. You can deploy the XG Firewall virtual appliance on Citrix XenApp platform.
- Provisioning Services
Sophos Citrix Free
Symptoms or Error
Sophos xg 85. Servers and targets may experience one or more of the following symptoms if antivirus software is not properly tuned for your Provisioning Services (PVS) environment:
Target Device or Server appears sluggish or generally slower than normal.
Prolonged, excessive CPU or memory utilization.
Significant change in the Write Cache Disk I/O Performance. For example, when using Perfmon, the percentage of disk write time or disk write queue length increases significantly.
Target device software indicates excessive retries in its console.
In the console, Inventory shows that the replication status is incorrect for a vDisk.
A target device fails to boot to the vDisk, however, it boots to the local disk and displays a red X on the client status tray.
During boot, target device performance remains poor for a short time while antivirus definitions are updated.
Symptoms may vary greatly and are not limited to this brief list.
Limit Antivirus definition updates to only the Master Target Device or Update Target Device. Create a plan to upgrade the vDisk periodically using manual or Automatic vDisk updates. This can significantly reduce network bandwidth and overall performance. Avoid scanning the vDisk Write Cache file and streaming disk IO that makes up the operating system for a given Target. Disk IO that has been altered, tampered, or corrupted should cause an application or operating system to fail immediately.Avoid scanning the following process and system drivers on PVS 7.x Target Devices:
- BNDevice.exe: handles client functions, licensing, etc
- BNIstack6.sys: IO protocol driver UDP port 6911-6930
- CNicTeam.sys: network NIC teaming, if being used
- CFsDep2.sys: file system minifilter
- CVhdMp.sys: storage miniport driver
- Streamprocess.exe: Streaming engine UDP port 6901-6910
- Streamservice.exe: Service manager for streaming services
- Soapserver.exe: handles Database connectivity and AD authentication
- Inventory.exe: vDisk Inventory UDP port 6895
- MgmtDaemon.exe: Inter-server communication UDP port 6898
- Notifier.exe: Inter-server communication UDP port 6903
- BNTFTP.exe: TFTP service delivers bootstrap UDP port 69
- PVSTSB.exe: Two Stage Boot delivers bootstrap UDP port 6969
- BNPXE.exe: PXE service Broadcast Protocol
- CdfSvc.exe: Citrix Diagnostic Facility COM Server
Avoid scanning the vDisk Write Cache file on either the target or server side; the write cache file names for target local disk cache are .vdiskcache or vdiskdif.vhdx
1. In general, most antivirus product defaults are configured to scan all files IO andor processes on a disk. Like an operating system that runs locally to its hardware, all PVS streaming IO operations are subject to real-time scanning until specified otherwise. If an antivirus program scans the continuously active data stream that consists of the operating system, then this impedes the normal operation of PVS by causing disk IO delays and read-write failures, HA problems, and so on. In extreme cases, the PVS target device and server can consume more resources than necessary or become inactive.
2. When a virtual disk is running in standard image mode or Read-Only mode, AV application and virus definition updates should be avoided. This is a common scenario that causes serious degradation when target devices are restarted in mass and immediately perform an update, often causing IO bottlenecks and slow server response times. Windows Updates can have this same effect and should be disabled in Read-Only mode. Update the Read-Write image with the latest definitions and perform a full scan before switching vdisk modes back to Read-Only.
Sophos Citrix Pvs
When installing or upgrading antivirus client software or any other software that alters the target’s network stack, PVS 7.x. requires that you first uninstall the PVS Client Software and reinstall it last, the target software should be the last thing that gets installed prior to re-imaging. The PVS software becomes unusable if another software product alters or interferes with the target's BNistack.sys. Windows Updates can have this affect and may require a reverse image to be performed prior to installation. Antivirus software varies from vendor to vendor. Check with your antivirus software vendor for specific instructions on configuring scanning exceptions. Citrix recommends that you test antivirus client software and its configuration prior to placing it into a provisioned environment. Obtaining a performance baseline early may help prove useful in the event future performance troubleshooting.
Citrix CVAD AV Guide - https://docs.citrix.com/en-us/tech-zone/build/tech-papers/antivirus-best-practices.html
- user profile management
symptoms or error
logon to vdas is extremely slow when citrix upm is enabled. when disabling the citrix upm service the logon process is normal. sophos av 10.x is installed on the vdas.
after uninstalling sophos av from the vda the logon process is normal. the recommendation from sophos av is to implement the following registry key:path: hkey_local_machinesoftwarewow6432nodesophossavserviceapplication
also implement the citrix av exclusions recommended at citrix blogs - citrix recommended antivirus exclusions .
if issue persists then customer should engage sophos av support to have assistance.
the issue is not related to citrix. the cause of the issue is related to sophos av which is installed on the vda as they added an update in version 10.7.6 sophos av software release that does asynchronous scanning (just-in-time scanning) in addition to the regular scanning. citrix implementations do not play nice with this setting, and as a result it causes numerous problems.>