Your SlideShare is downloading. ×
TrendMicro
TrendMicro
TrendMicro
TrendMicro
TrendMicro
TrendMicro
TrendMicro
TrendMicro
TrendMicro
TrendMicro
TrendMicro
TrendMicro
TrendMicro
TrendMicro
TrendMicro
TrendMicro
TrendMicro
TrendMicro
TrendMicro
TrendMicro
TrendMicro
TrendMicro
TrendMicro
TrendMicro
TrendMicro
TrendMicro
TrendMicro
TrendMicro
TrendMicro
TrendMicro
TrendMicro
TrendMicro
TrendMicro
TrendMicro
TrendMicro
TrendMicro
TrendMicro
TrendMicro
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

TrendMicro

1,994

Published on

Magic Words of VDI Security: …

Magic Words of VDI Security:
“Agentless” and “Aware"

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,994
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
38
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Magic Words of VDI Security: “Agentless” and “Aware” David Girard, Senior Security Advisor – Trend Micro Canada 1 1
  • 2. Virtualization Project ? Desktop Server Cloud Virtual Appliance 10/4/2010 Copyright 2009 Trend Micro Inc. 2 2
  • 3. Security Built for VMware The most comprehensive suite of next-generation virtualization security solutions Desktop Server Cloud Virtual Appliance 10/4/2010 Copyright 2009 Trend Micro Inc. 3 3
  • 4. Security Built for VMware IT Operations Security Compliance Consolidation rates Protect data Ensure Operational efficiencies & applications compliance Flexibility Savings 10/4/2010 Copyright 2009 Trend Micro Inc. 4 4
  • 5. Security Built for VMware Desktop Server Cloud Virtual Appliance 10/4/2010 Copyright 2009 Trend Micro Inc. 5 5
  • 6. Key Issue: Resource Contention High impact : Employee’s arrival or schedule scans 9:00am Scan Typical AV Console If several, or all, VMs start a full anti-malware scan at the same time, the underlying shared hardware will experience extreme load (memory, CPU, I/O), causing a slowdown of all virtual systems on the server. Large pattern file updates require significant memory and can impact, network and storage I/O resources. Classification 10/4/2010 Copyright 2009 Trend Micro Inc. 6 6
  • 7. VDI Security option #1: OfficeScan (First AV optimized for VDI) Trend Micro OfficeScan Protects virtual & physical endpoints • VDI Intelligence with VDI plug-in • Serializes updates and scans per VDI-host • Leverages base-images to further shorten scan times • Smart Scan limit Endpoints pattern updates since it is mostly in the cloud 10/4/2010 Copyright 2009 Trend Micro Inc. 7 7
  • 8. OfficeScan 10.5 has VDI-Intelligence • Detects whether endpoints are physical or virtual – With VMware View • Serializes updates and scans per VDI-host – Controls the number of concurrent scans and updates per VDI host – Maintains availability and performance of the VDI host – Faster than concurrent approach • Leverages Base-Images to further shorten scan times – Pre-scans and white-lists VDI base-images – Prevents duplicate scanning of unchanged files on a VDI host – Further reduces impact on the VDI host Copyright 2009 Trend Micro Inc. 8
  • 9. OfficeScan 10.5 Integrates with vCenter 10/4/2010 Copyright 2009 Trend Micro Inc. 9 9
  • 10. CPU Classification 10/4/2010 Copyright 2009 Trend Micro Inc. 10 10
  • 11. CPU - Analysis • Only 10.5 can support 20+ desktop images with mixed user profile. • With no AV, average CPU utilization while 4 heavy and 16 light user script is running is 33% • With 10.5 with ALL 4 heavy and 16 light user machines scanning, CPU utilization is 41%. Very Impressive. • With powerful machines typically used in VDI environment CPU’s typically are not the breaking point. • With 20 desktop images, 10.5 adds marginal load to CPU where as other solutions can not even get to support baseline number of desktop images • With 10 desktop images, 10.5 adds only 11% CPU overhead compared to baseline (no AV and no scanning) versus Symantec which adds 29% CPU overhead , 10.1 which adds 50% CPU overhead and McAfee which is the worst which adds 83% CPU overhead Classification 10/4/2010 Copyright 2009 Trend Micro Inc. 11 11
  • 12. IOPS (vDisk Utilization) Classification 10/4/2010 Copyright 2009 Trend Micro Inc. 12 12
  • 13. IOPS - Analysis • Only 10.5 can support 20+ desktop images with mixed user profile. • With 10 desktop images, 10.5 has 4.25 IOPS, 10.1 has 10.95 IOPS, Symantec has 9.02 IOPS and McAfee has whopping 22.39 IOPS • Trend Micro Office Scan 10.5 IOPS has small deviation of 0.77 MB/s and 3.66 MB/s only from baseline and mixed 20 user profile • Lets recap why 10.5 is so much better with IOPS • 10.5 Serializes updates and scans per VDI-host • Pre-scans and white-lists VDI base-images • Prevents duplicate scanning of unchanged files on a VDI host Classification 10/4/2010 Copyright 2009 Trend Micro Inc. 13 13
  • 14. IOPS – How many Systems? • A VDI environment sized for 20 desktop images with 4 heavy and 16 light users. • Keep IOPS between 6-8 and see how many desktop images can be supported with each AV deployment (Apples to Apples comparison) • All about return of investment • If you deploy McAfee, you can deploy ONLY 2 desktop images in an environment which supports 20 images without AV • If you deploy Symantec, you can deploy ONLY 4 desktop images in an environment which supports 20 images without AV • If you deploy Trend 10.5, you can deploy ALL 20 desktop images Customers no longer have to choose between Security and Return On Investment Classification 10/4/2010 Copyright 2009 Trend Micro Inc. 14 14
  • 15. Memory Classification 10/4/2010 Copyright 2009 Trend Micro Inc. 15 15
  • 16. Memory - Analysis • Only 10.5 can support 20+ desktop images with mixed user profile. • Automatic Pool of 20 desktop images without AV in Mixed user Profile is consuming around 7.74 GB of Active Memory • Trend Micro Office scan 10.5 is putting an overhead of only 1.32 GB in maximum VDI Density environment. Classification 10/4/2010 Copyright 2009 Trend Micro Inc. 16 16
  • 17. Scan Time with 10.5 VDI Profile Other AV Solution Trend Micro 10.5 Mixed Maximum High Density Approx 1-2 Hours 16 Minutes VDI Pool(4H &16 L) Mixed Low Density VDI Pool Approx. 27- 49 minutes 2 Minutes (1H & 3 L) Classification 10/4/2010 Copyright 2009 Trend Micro Inc. 17 17
  • 18. Scan Time - Analysis • Trend Micro Office scan 10.5 is performing Approx. 15 - 25 times better in Mixed Low Density VDI pool and 4 -8 times better in Mixed Maximum High Density VDI pool. • Trend Micro office scan 10.5 with its Smart Scan and VDI aware capability is consuming remarkably less scan time than other AV solutions. Classification 10/4/2010 Copyright 2009 Trend Micro Inc. 18 18
  • 19. VDI Security option #2: Deep Security Trend Micro Deep Security Protects virtualized endpoints & servers • First agent-less anti-malware solution • Hypervisor-based introspection • Eliminates “AV storms” 10/4/2010 Copyright 2009 Trend Micro Inc. 19 19
  • 20. Security Built for VMware Desktop Server Cloud Virtual Appliance 10/4/2010 Copyright 2009 Trend Micro Inc. 20 20
  • 21. Key Issue: Resource Contention 9:00am Scan Typical AV Console Classification 10/4/2010 Copyright 2009 Trend Micro Inc. 21 21
  • 22. Key Issue: Instant On Gaps Active, with Active Dormant security out-of-date Classification 10/4/2010 Copyright 2009 Trend Micro Inc. 22 22
  • 23. Key Issue: Mixed Trust Level VMs ERP Email Web Test CRM Classification 10/4/2010 Copyright 2009 Trend Micro Inc. 23 23
  • 24. Trend Micro Deep Security IDS / IPS Integrity Log Anti-Virus Firewall Monitoring Inspection Physical Virtual Cloud Desktop/Laptop Core Protection for Virtual Machines or CPVM deliver Agent Less AV for ESX 3.5 and 4.0. Deep Security 7.5 will go deeper with vShield on ESX or ESXi 4.1 10/4/2010 Copyright 2009 Trend Micro Inc. 24 24
  • 25. Co-ordinated Approach • Optimized protection • Operational efficiency Security virtual Security Agent-based appliance VM Security Efficiency Protection Manageability Mobility 10/4/2010 Copyright 2009 Trend Micro Inc. 25 25
  • 26. Security Built for VMware Desktop Server Cloud Virtual Appliance 10/4/2010 Copyright 2009 Trend Micro Inc. 26 26
  • 27. Issue #1: Multi-tenancy Classification 10/4/2010 Copyright 2009 Trend Micro Inc. 27 27
  • 28. Issue #2: Data Access & Governance 10010011 01101100 10/4/2010 Copyright 2009 Trend Micro Inc. 28 28
  • 29. Issue #3: Secure Storage Recycling 10011 10011 01110 01110 00101 00101 10/4/2010 Copyright 2009 Trend Micro Inc. 29 29
  • 30. Trend Micro Cloud Security Solutions Deep Security SecureCloud • Anti-Virus • Encryption • IDS/IPS • Policy-based key management Private & Public • + Virtual Patching • + Web App Protection Cloud Computing Flexibility & Confidence • File Integrity Monitoring • Log Inspection • Firewall 10/4/2010 Copyright 2009 Trend Micro Inc. 30 30
  • 31. Security Built for VMware Desktop Server Cloud Virtual Appliance 10/4/2010 Copyright 2009 Trend Micro Inc. 31 31
  • 32. Virtual Appliances Virtual Appliance Application Operating System Hypervisor Hypervisor Hardware Hardware 10/4/2010 Copyright 2009 Trend Micro Inc. 32 32
  • 33. Virtual Appliance Benefits Virtual Appliance Costs 70% IT Flexibility Per-User Improve Business Cost of Virtual Continuity Appliance A solution that scale over time. Don’t need to buy a bigger physical appliance. Just add more resources. Don’t need to buy an extra box for pre-production environment, just fire a new VM or install on any box that can run CentOS or Red Hat. 10/4/2010 Copyright 2009 Trend Micro Inc. 33 33
  • 34. Trend Micro Security Virtual Appliances Virtual Appliance Web Security Email Security Other Trend Micro Product are offered as a virtual appliance : -Data Loss Prevention Server -Threat Discovery Virtual Appliance (part of Threat Management Services (TMS) 10/4/2010 Copyright 2009 Trend Micro Inc. 34 34
  • 35. Security Built for VMware Deep Security Deep Security Deep Security InterScan Web Security OR AND InterScan Messaging OfficeScan SecureCloud Security Desktop Server Cloud Virtual Appliance* Encryption of the *VMware Certified virtual file system Appliances 10/4/2010 Copyright 2009 Trend Micro Inc. 35 35
  • 36. Security Built for VMware 10/4/2010 Copyright 2009 Trend Micro Inc. 36 36
  • 37. Trend Micro Global leader in Internet content security and threat management. Catalyst for faster adoption of virtualization. Our Vision: A world safe for exchanging digital information Founded • United States in 1988 Headquarters • Tokyo, Japan Offices • 23 countries Employees • 4,350 Leadership • US $1 Billion annual revenue • 3rd largest security company 1,000+ Threat Research Experts 10 labs. 24x7 ops • “Global 100 Most Sustainable Corporations” Real-time alerts for new threats • Top 3 in Messaging, Web and Endpoint security • Leader in virtualization & cloud computing security Copyright 2009 Trend Micro Inc. 37 37
  • 38. Questions? Thank you, merci New Threats Informations For more informations: http://blog.trendmicro.com/ Technical: david_girard@trendmicro.com 514-629-1680 User group Sales: Groupe d’utilisateurs Michel_bouasria@trendmicro.com Trend Micro du Québec 514-653-2257 http://www.linkedin.com/groups?gid=2296257 Jean_houle@trendmicro.com 514 893-1512 Classification 10/4/2010 Copyright 2009 Trend Micro Inc. 38 38

×