Antivirus for VMware

steinooo · 15 Dec 2010 at 09:29

Hi all,

I seem to remember some chatter about VMsafe which was meant to be a technique by which antivirus vendors could develop an AV "plug in" for ESX hosts which escaped the need to install AV into each guest VM.

Has anyone here tried anything like this? What do you do about anti virus in your VMware infrastructure?

thanks

Nikumba · 15 Dec 2010 at 10:21

We run AV on the VM's

Since VMWare is now moving over toe ESXi hypervisor there is little point in having AV on the host, in fact I am not sure you could

Kimbie

steinooo · 15 Dec 2010 at 10:27

I'm not sure I follow sorry, how will ESXi hypervisor affect what I'm on about which is virus scanning on the host level (a level higher than the VMs)

NiCkNaMe · 15 Dec 2010 at 10:40

Give Trend Micro a call. They were working on a similar solution with regards to distributed AV, negating the need to install a client in each guest.

For the moment we are using a client in each guest, but would consider/investigate the above if time allowed!

m4cc45 · 16 Dec 2010 at 13:39

steinooo said:
I'm not sure I follow sorry, how will ESXi hypervisor affect what I'm on about which is virus scanning on the host level (a level higher than the VMs)

Simply because you will have no direct mechanism to interact with the VMFS datastores as you did with the Service Console.

What you're suggesting at first sounds interesting but you are solely reliant upon one AV and should that be disabled then you'd be in a world of hurt - it would also be hard to tell if it was running in the Service Console without manually checking or having an e-mail alert setup, etc.

I understand what you're after but would never recommend this cause of action. There's far to many things that could go wrong and having your eggs in one basket is to much risk.

M.

Roland0 · 16 Dec 2010 at 16:18

m4cc45 said:
There's far to many things that could go wrong and having your eggs in one basket is to much risk.

Just think, if they push out some dodgy update, and K.O. all your VM hosts, you would be in a world of trouble, well, at least someone would be!

J1nxy · 19 Dec 2010 at 16:43

Have a look at vShield which has superseded the VMsafe approach. It has a number of points of defence which integrate with the console, providing a firewall approach and a security VM which runs the AV for the VMs on the host. This will prove very useful for VDI deployments where you don't want to have the overhead for each VM inherent with AV. Its not there yet as a product but its a good starter for 10 for where they need to go.

This is not to defend the host, but the VMs running on it.