Hi Giddyup
I want to respond to the original query, and have not taken other comments into account, I have added my comments in bold.
Firstly Deep Security is on version 9 (as I am sure you are aware) and it is a lot more refined product since the 7.5 days, I would look to move to this version asap.
Our organization is currently using Deep Security 7.5 and officescan 10 for virus protection for virtual and physical endpoints. We have 130 virtual Windows 7 desktops and around 55 virtual Windows 2008 servers using deep security and 20-30 desktops/servers using officescan. This setup was deployed by a previous admin of the company.
I see the benifit's of deep security by scanning at the hypervisor and offloading the scanning to the DSVA. But would and environment our size be Ok leveraging OfficeScan (which currently is running on a hand full of virtual servers)?
It depends how you look at it - you get a similar level of protection as the products uses essentially the same scan engines an pattern files so both Officescan and Deep Security should be aware of the same threats at the same time. A basic DSVA requires 2GB Ram and 20GB HDD, the pattern file for OSCE is aprox 100mb + installation space etc - this soon mounts up and dwarfs the requirements of a DSVA.
Here's what I don't like about deep security. Were a small shop and there are a lot of moving parts to consider while upgrading to Deep Security 8. Having to upgrade vShield manger, vShield endpoint, vShield endpoint guest drivers, vCenter 5, Deep security Manager, Deep security Filter driver, Deep Security Virtual Appliance, Deep security Agent and finally Deep Security Relay in one maintenance window.
The devil is in the detail - as long as the environment is ready and you have the pre-requisites met then you are fine - I did an install this week on 4 ESXI hosts with aprox 50 Vms in less + config in less than a day as the end user got the environment ready for the install - the version 9 guides are a lot better as well, the previous documentation is far to complicated.
I see this not being as much of a problem in larger orginization's where they have storage teams, server teams, application teams, etc.. but for a one man show, not so much.
You don't need all of these people / teams, get straight in your mind what to do and when and you will be fine, don't point and click and hope for the best, plan and you will be ok.
Is anyone out there running Trend OfficeScan in an environment our size?
There are many users smaller than you using OSCE and Deep Security - it's your choice.
Or any other feedback from folks that use or did use deep security and have since changed to a different anti virus platform.
I install both environments, both are straightforward to install and manage as long as you plan. Don't forget if you use Deep Security you can get rid of Officescan and have agentless AV on the ESXI hosts and agent-based AV on the endpoints. With the Deep Security you have CPU licenses as well so not matter what the number of VMs, you do not have to buy additional licenses.
Hope this helps