Since the release of vSphere 4.1 a new API for security is available called EPSEC (End Point Security). Together with the already existing VMSafe API security vendors can make security products designed for virtualized worlds.
You might ask, why do security products need a special virtualization approach? Well of course you do not have to, but certain things will not perform so well. Especially if you talk about desktop virtualization. Imagine running 50+ desktop VMs on a single server and all the virus scanners inside those operating systems decide to do their daily scan at the same time. So Trend and Symantec already have ‘random’ start features in their products to prevent this kind of behavior. But can it be done even more efficient?
Yes! by using this new EPSec API. It allows security vendors to build anti virus/malware solutions in a single virtual appliance that can protect all VMs running on a single server, with NO AGENTS installed inside the VMs it self. Trend Micro is the first to have this to market with their currently available DeepSecurity 7.5 product. Symantec and McAfee will hopefully follow soon as well.
To proof that this new way of implementing AV protection is working efficiently, trend asked the Tolly group to research/benchmark this, and what a results did they found! The ‘old school’ scenario consumed 1.7 to 8.5 times more resources. This resulted in 29% to 275% improved workload density!
Especially if you are currently running a VDI environment or planning soon to implement one, I would highly recommend you read the tolly report and plan your Anti Virus/Malware strategy accordingly.
by Richard Garsthagen