VMware Horizon

What’s New with Antivirus Solutions for VMware Horizon View Virtual Desktops?

By Ravi Kumar, Senior Product Manager, Security, End-User Computing, VMware

This year’s RSA conference was much larger and more exciting than the previous shows. The three main focus areas were cyber-espionage, Big Data and mobile device security. The VMware Horizon Suite addresses a number of concerns about application and data security and accelerates compliance with industry standards.

Another topic of interest to a number of VMware customers was endpoint security. As you know, a couple of years ago we introduced the vShield Endpoint product. With vSphere 5.1, vShield Endpoint is included in the base platform.

The vShield Endpoint solution provides programmable interfaces that enable partners to streamline and accelerate antivirus solutions for Horizon View virtual desktops. It utilizes the unique introspection capabilities of the vSphere platform to provide comprehensive and efficient access to security controls, while obviating the need for security agents in each virtual machine. Many security vendors integrate with vShield Endpoint to deliver broader solutions such as comprehensive antimalware protection, Security Information and Event Management (SIEM), and Data Leak Protection (DLP). The complete list of partner solutions is available in VMware Integrated Partner Solutions for Networking and Security.

We are seeing widespread adoption of these partner solutions in Horizon View virtual desktop deployments.

The benefits of vShield Endpoint to Horizon View virtual desktop deployments are

  • It improves consolidation ratios by eliminating antivirus agents from individual virtual desktops
  • It streamlines antivirus deployment and monitoring in virtual desktop environments. The secure virtual appliance, unlike a guest virtual machine, does not go offline, so it can continuously update AV signatures, providing uninterrupted protection to virtual desktops. Also new virtual desktops are immediately protected with the most current AV signatures when the desktops come online.
  • It improves security and reduces the surface area of attack by eliminating AV agents in each desktop.

How does VMware vShield Endpoint work in virtual desktop solutions?

Our security partners provide a hardened, tamper-proof virtual appliance that integrates with vShield Endpoint to access the secure hypervisor introspection capabilities of vSphere to perform file, memory and process scanning. The vShield Endpoint solution monitors virtual desktop events and notifies the antivirus engine, which scans and returns a disposition. It also supports scheduled full and partial file scans initiated by the antivirus engine in the virtual appliance. When remediation is necessary, administrators can specify which actions to take, and vShield Endpoint manages any action within the affected virtual desktop.

This solution also improves the performance of virtual desktop solutions by offloading AV scanning activities to a secure central virtual appliance with stored signatures and intelligent caching of results. Reports from our partners provide more details on the performance gains; search the Tolly site for some of these reports.

Since the release of this vShield Endpoint solution, a number of customers have successfully deployed it with their Horizon View virtual desktop implementations. For example, see Trend Micro and VMware Virtualization, and click Snapshot (pdf) next to any customer quote to get more details.