Throughout the internet age, security and Antivirus (AV)/Malware protection has been a topic of conversation.   Every major AV provider has their own solution for managing antivirus with a client/server model.  In a physical environment this has been the preferred method of protection for as long as I can remember.  Once we started virtualizing our servers, this was the only option available, so administrators continued to install AV clients on each VM (desktop or server) connecting back to an AV server.  

While mixing the old (client/server model) with the new (virtualization) has been the standard, VMware took the opportunity to address the following and make things better:

• AV Footprint- every virtual machine has a footprint of the Antivirus software installed on it.  Multiply that by every virtual machine you have and it comes up to quite a bit of drive space.  And where do the virtual machines sit?  On the network storage which usually has very expensive hard drives.
• Memory Consumption- every virtual machine has Antivirus software running in its memory.  Again, multiply that by every virtual machine on the host and you are using valuable memory resources.
• Virus Remediation- once your Antivirus client recognizes a virus, it has already made it to your virtual machine.  Now you have to count on your antivirus software to quarantine the virus or scan and clean the whole virtual machine.
• AV Storms- the most over-looked part of AV clients installed on virtual machines are the IOPs that are consumed for passive scanning, scheduled scanning, and worse, in the event of a virus outbreak, all the virtual machines doing an active scan at the same time across the same set of logical drives during business hours. Commonly known as an antivirus storm and essentially crippling your hardware infrastructure from the resources being used.

Proactive Responsiveness on your Behalf
VMware has worked with our partner ecosystem to bring about a new approach that is more efficient, taking the virtualization environment into consideration.  Now Instead of installing an antivirus client on every virtual machine, VMware has developed vShield Endpoint allowing you to offload antivirus and anti-malware functions from individual virtual machines to a centralized secure virtual appliance. At this time Bit Defender, Kaspersky, McAfee, and Trend Micro have all been certified to work with vShield Endpoint.

How it works
vShield Endpoint installs thin drivers in the VMware tools already installed on the virtual machine which point to the centralized secure VM, building a connection between the appliance and the secure VM . Once this has been done, all traffic is checked centrally before it reaches the virtual machine.

Resolution
As mentioned above, virtualization has created some opportunity for improving the “old” way of doing things and VMware has taken advantage of this opportunity by delivering a solution that:

• Centralizes AV in the virtual environment and using less space on your SAN. 
• Uses less memory as a single secure virtual appliance, instead running on every virtual machine.  
• Runs more efficiently as a single scan across your network storage, instead of several scans at one time. 
• Detects viruses/malware before they reach your virtual machines.

We now gain a proactive, efficient and cost effective solution to antivirus\malware in the virtual world.

Please go to our webpage for vShield Endpoint or contact your partner to find out more.  I’m very excited about vShield Endpoint, and recommend it to my customers and Partners.

How are you doing AV in your environment today and how do you see vShield helping out?  Let me know if you have questions about vShield in the comments below.

- Jeremy

Get to know Jeremy – Read 10 Questions With… Jeremy Hall