Shulou(Shulou.com)06/01 Report--

Virtualization giant Citrix recently published a thoughtful article entitled "Endpoint Security and Antivirus Best practices" in the "Technical papers" section of the Citrix technology zone, outlining a point-by-point introduction to working with security vendors to buy the right anti-malware tools to protect virtual machines, applications, and desktops. Citrix focuses on four challenging areas.

I. Agent registration

Second, signature update

Third, performance optimization

IV. Anti-virus exclusion

The blog describes Bitdefender's full compliance with Citrix best practices guidelines, covering GravityZone virtualization security, which provides security for next-generation infrastructure, including software-defined data centers, super-converged infrastructures, and hybrid clouds.

1. Protect non-persistent workloads

"is antivirus on virtual data centers and VDI desktops different from antivirus on fixed and persistent VM endpoints?"

Protecting non-persistent workloads, such as the fast-emerging VDI desktop, brings many choices. In these short workloads, the computer is usually uniquely identified by the GUID generated during the installation of the security tool, and takes up license, while the machine still leaves a record in the console after destruction.

Enterprise software needs centralized management for real-time granular deployment operations, security policy configuration, and event reporting. GravityZone is designed for virtualization. It is delivered as a virtual appliance, integrated with infrastructure management tools, and operates seamlessly using the virtualized infrastructure, which is monitored in real time. GravityZone virtualization security is integrated with infrastructure as a service (IaaS) management tools, including vCenter Server,Citrix Hypervisor,Nutanix Prism,AWS and Azure, so that inventory can be replicated in real time and a comprehensive understanding of environmental changes. Whenever a virtual machine is created, moved, or deleted from the inventory, Bitdefender GravityZone Virtualization Security is updated immediately, automatically cleaning up the destroyed virtual machine and automatically reclaiming the license.

two。 Performance of old antivirus software

"when our old antivirus software starts to scan, the infrastructure will be very stuck."

Older antivirus solutions in virtualized data centers face long-term challenges, and AV signature updates can significantly degrade performance, reducing data center efficiency and frustrating users. Unoptimized security solutions use decentralized updates, usually large signature files, which must be downloaded and updated regularly (sometimes hourly) and scanned continuously. In a non-persistent environment, this can lead to security challenges (opportunity window) and a large amount of network traffic (reset signatures at startup).

GravityZone Virtualization Security scan uninstall solves these problems. The secure virtual appliance (SVA) handles all updates so that each VDI client requires fewer updates. Move a large amount of CPU, memory, and disk activity footprint to SVA to enable virtual data center environments to achieve higher VM-to-host density and excellent VDI performance.

How to correctly build Windows Virtual Desktop (VDI) experience cheat sheet

3. Turn to "no agent protection"

"can agentless protection solve all my virtual data center performance and density problems?"

Not long ago, security administrators (and security vendors) placed hopes on "agentless" security to solve the performance problems of their virtual data centers, where performance and density were the main issues. But in fact, all agentless VM relies on a security appliance, and unknown files are fully transferred between each VM and the security server, resulting in higher latency and slower performance. As shown in the table below, non-agent protection and light agent protection have their own characteristics.

No agent protection, light agent protection.

Each host needs 1 SVA across hosts, and every 200 VM requires 1 SVA

Scan through platform driver directed to secure server scan from Bitdefender driver processing to secure server scan

Transfer the complete file to SVA for analysis only the special parts of the file are transferred to SVA

Unable to achieve high availability built-in high availability and load balancing

Bitdefender supports VMware,Citrix, KVM has no agent protection, and Bitdefender light agent protection supports all virtualization platforms on the market.

4. Security optimization for large-scale deployment

"I will expand existing AV solutions to accommodate the rapid growth of virtual data center deployments."

In large deployments, security optimization remains an ongoing challenge. Traditional security agents are not suitable for single mirror management, and the lack of centralized scanning and intelligent sharing reduces efficiency.

Bitdefender overcomes these scale problems through two-tier caching technology. GravityZone virtualization security caching takes place on both VM and SVA. The cache also has two components: a pre-trained cache and a self-learning cache. With this efficient design, the SVA is checked only once, even if the file is present on multiple VM, thus avoiding redundant scanning, thus greatly reducing the CPU,RAM,IO and network load in the data center or any defined VM cluster.

5. Resolve performance issu

"if there are no other changes and users are complaining about performance, check the antivirus software first."

Administrators of virtual data centers face a core challenge when trying to troubleshoot performance problems and determine their root causes. Because there are so many moving parts and multiple suppliers are involved, it is difficult to locate.

GravityZone SVE provides a single point of centralized configuration for all servers, desktops and cloud virtual machines. It pushes security policies to endpoints in real time and provides a remote troubleshooting interface.

6. Lack of intelligent scan exclusion

"our old antivirus software causes too much delay because it always scans the same files between cloned systems."

The final challenge for virtual data center administrators is the lack of intelligent scan exclusion, especially in VDI desktops and server "clones", where intelligent scanning excludes thousands of pre-installed operating systems and application files that are the same across VM instances. Since the inventory installation of Windows 10 typically contains more than a million different files (even before any applications are loaded), why scan for "known good" files?

Regular AV tools use two common methods to scan for exclusions in a virtual data center: there is no default exclusion for virtualized environments, or an exclusion policy is used for all VM workloads. Neither solution is ideal. GravityZone SVE includes a flexible scan exclusion model and default scan exclusion to quickly and reliably improve performance within your VM assets, or administrators can implement custom exclusions based on the recommendations of their specific virtualization infrastructure providers, and Bitdefender built-in exclusions include:

Citrix Virtual Apps and Desktops exclusions recommended by Citrix

VMware Horizon exclusion recommended by VMware

Windows server and desktop exclusions recommended by Microsoft

Acropolis and Prism exclusion items recommended by Nutanix

Conclusion

Hierarchical next-generation security is necessary, especially in virtual data centers, where security cannot be protected at the expense of VM efficiency, density, or performance. Organizations should choose security solutions designed specifically for virtualization and the cloud, because traditional anti-malware security introduces too much latency, preventing users from using host resources. reduce the integration rate and increase the cost of the "mass" agent user experience. The integration of real-time security and infrastructure management tools is critical for easy deployment, maintaining real-time VM inventories, promoting security automation, and ensuring compliance in non-persistent environments.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.