VMware View Antivirus Protection
How to protect virtual machines? Do I need to put a separate copy of antivirus software inside each VM? How to reduce the load on the hypervisor? I am sure that these and many similar questions have been visited (and visited) by those who implement virtual solutions in general, and VDI solutions in particular. Let's try to figure it out!
The standard architecture of most antivirus software is a kind of inverted pyramid (figure below).
The simplest solution is to transfer this scenario to a virtual environment, i.e. install a copy of client anti-virus software on each VM. For servers, this is probably a normal solution, but for VDI this will lead to a more efficient load on virtualization servers and an increase in parasitic traffic when updating anti-virus databases. What to do? And here, as they say, options are possible. So:
1. Dedicated VMs (Dedicated)
2. Floating VM (Floating)
Let's start from the end - when using floating VMs, you can never use antivirus software inside VDI (except, of course, server protection). After all, you can always delete and re-create the entire pool of VMs. Moreover, it is possible at the end of a user session to recreate the VM each time. This, of course, is not an ideal solution, but it works well.
With regard to dedicated machines, you can go the way described above and generally refuse anti-virus software, but it is better to do it differently - use software that supports the VMware VMsafe API, for example, Trend Micro Deep Security 7.5. At the moment, to my knowledge, this is the only antivirus software that supports the VMware API. What do we get?
Everything is extremely simple - instead of loading each protected VM separately, a dedicated VM is installed, which with the help of the API “remotely” scans the protected VMs at the hypervisor level, is absolutely transparent for the guest OS. Thus, the load is removed from the protected VM.
If you go the classic way, for the selected VM antivirus software agent is embedded in the template (or “golden image”) or installed when the VM is deployed.
In any case, do not forget that the best protection is prevention! :)
The standard architecture of most antivirus software is a kind of inverted pyramid (figure below).
The simplest solution is to transfer this scenario to a virtual environment, i.e. install a copy of client anti-virus software on each VM. For servers, this is probably a normal solution, but for VDI this will lead to a more efficient load on virtualization servers and an increase in parasitic traffic when updating anti-virus databases. What to do? And here, as they say, options are possible. So:
1. Dedicated VMs (Dedicated)
2. Floating VM (Floating)
Let's start from the end - when using floating VMs, you can never use antivirus software inside VDI (except, of course, server protection). After all, you can always delete and re-create the entire pool of VMs. Moreover, it is possible at the end of a user session to recreate the VM each time. This, of course, is not an ideal solution, but it works well.
With regard to dedicated machines, you can go the way described above and generally refuse anti-virus software, but it is better to do it differently - use software that supports the VMware VMsafe API, for example, Trend Micro Deep Security 7.5. At the moment, to my knowledge, this is the only antivirus software that supports the VMware API. What do we get?
Everything is extremely simple - instead of loading each protected VM separately, a dedicated VM is installed, which with the help of the API “remotely” scans the protected VMs at the hypervisor level, is absolutely transparent for the guest OS. Thus, the load is removed from the protected VM.
If you go the classic way, for the selected VM antivirus software agent is embedded in the template (or “golden image”) or installed when the VM is deployed.
In any case, do not forget that the best protection is prevention! :)
')
Source: https://habr.com/ru/post/108432/
All Articles