VMware View Antivirus Protection
How to protect virtual machines? Do I need to install a separate copy of anti-virus software inside each VM? How to reduce the load on the hypervisor? I am sure that these and many similar questions were visited (and visited) by those who implement virtual solutions in general, and VDI solutions in particular. Let's try to figure it out!
The standard architecture of most anti-virus software is a kind of inverted pyramid (figure below).
The simplest solution is to transfer this script to a virtual environment, i.e. install a copy of client antivirus software on each VM. For servers, this is perhaps the normal solution, but for VDI it will lead to an overload on virtualization servers and increase spurious traffic when updating anti-virus databases. What to do? And here, as they say, options are possible. So:
1. Dedicated VMs (Dedicated)
2. Floating VMs (Floating)
Let's start from the end - when using floating VMs, you can generally not use anti-virus software inside VDI (with the exception of server protection, of course). After all, you can always delete and recreate the entire VM pool. Moreover, it is possible to recreate a VM each time a user session ends. This, of course, is not an ideal solution, but it works.
As regards dedicated machines, you can follow the path described above and opt out of antivirus software in general, but it’s better to do it differently — use software that supports the VMware VMsafe API, for example, Trend Micro Deep Security 7.5. At the moment, according to my information, this is the only antivirus software that supports the VMware API. What do we get?
Everything is extremely simple - instead of loading each protected VM separately, a dedicated VM is installed, which, using the API, “remotely” scans protected VMs at the hypervisor level, is absolutely transparent to the guest OS. Thus, the load is removed from the protected VMs.
If you go the classical way, then for the selected VMs, the antivirus agent is embedded in the template (or the "golden image") or installed when the VM is deployed.
In any case, do not forget that the best protection is prevention! :)
The standard architecture of most anti-virus software is a kind of inverted pyramid (figure below).
The simplest solution is to transfer this script to a virtual environment, i.e. install a copy of client antivirus software on each VM. For servers, this is perhaps the normal solution, but for VDI it will lead to an overload on virtualization servers and increase spurious traffic when updating anti-virus databases. What to do? And here, as they say, options are possible. So:
1. Dedicated VMs (Dedicated)
2. Floating VMs (Floating)
Let's start from the end - when using floating VMs, you can generally not use anti-virus software inside VDI (with the exception of server protection, of course). After all, you can always delete and recreate the entire VM pool. Moreover, it is possible to recreate a VM each time a user session ends. This, of course, is not an ideal solution, but it works.
As regards dedicated machines, you can follow the path described above and opt out of antivirus software in general, but it’s better to do it differently — use software that supports the VMware VMsafe API, for example, Trend Micro Deep Security 7.5. At the moment, according to my information, this is the only antivirus software that supports the VMware API. What do we get?
Everything is extremely simple - instead of loading each protected VM separately, a dedicated VM is installed, which, using the API, “remotely” scans protected VMs at the hypervisor level, is absolutely transparent to the guest OS. Thus, the load is removed from the protected VMs.
If you go the classical way, then for the selected VMs, the antivirus agent is embedded in the template (or the "golden image") or installed when the VM is deployed.
In any case, do not forget that the best protection is prevention! :)