Hey guys, how does fleet handle OSQuery agents in a VDI environment? So on 1 servers there is more than 1 installation of OSQuery as it is installed per VDI and the hostname of the server is the host-identifier in OSQuery. Will there be any registration issues or overwrites in the fleet DB for each OSQuery agent on the same host?

In this scenario, osquery would be installed in each VM which should have a unique uuid and hostname…. unless your infrastructure does not sysprep and set unique hostnames for each VM which would potentially cause a lot of other issues in an Active Directory environment (assuming this is Windows/AD)

Hey @sundsta I already tried with the UUID but all the servers had the same UUID as it was based on a golden image and copied over. In this case hostnames are more unique but there are many users on the same host. So this will give issues in the kolide DB? I was hoping that the node ID that kolide gives to each entry would make it unique.

You should sysprep your servers before using them so that they have a unique security identifier (SID). See https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/sysprep--generalize--a-windows-installation

As server preparation is not my department I cannot do anything about the sysprep, but will give this as suggestion. But even if I sysprep each server and they have own UUID the VDI running on that server will have the same UUID, right?

Is the VDI a unique VM for each client or is it a terminal server that many users connect to?

More like terminal server, but each user has its own OSQuery agent.

Why? If you deploy osquery with the user permissions, you can’t monitor a good chunk of the system

Good point. I will check how it is actually deployed. Maybe there is no issue, but wanted to dot my I's and cross my T's before actual implementation.