More businesses are looking at virtualization as a way to build internal cloud infrastructures. However, server consolidation security risks prevent many from implementing virtualization – partly because the security controls developed for physical environments don’t translate directly to virtual ones. An example of this is how endpoint is implemented in virtual environment
Excerpt from expertIP blog
As a growing number of businesses virtualize their infrastructures, endpoint solutions that are optimized for virtual environments will become more important. Security professionals agree that endpoint is one of the most effective ways to keep corporate assets clean of malware. However, traditional endpoint solutions aren’t very effective in virtual environments and can often undo many of the benefits that virtualization provides.
Here are two ways that you can implement endpoint security in a virtual environment, along with how each deployment model can affect your network performance and security:
1) Install the endpoint agent in every virtual machine (VM) on the server. Here’s an example of how this can work:
• If in idle mode (non-scanning mode), it takes 2% of system resources to operate per instance, then across 4 VMs, it would take 8% of memory allocation off the top in idle mode (2% per VM x 4 VMs).
• However, if a scheduled scan requires 20% of memory per VM, you may use 80% of system memory.
• On a small scale, this type of implementation might not have a huge impact, but many virtual environments can scale to several hundred machines spread across a few hypervisors. In these cases, a scheduled scan could cause a memory overload and infrastructure crash.
Aside from the risks to memory allocation, you should also consider whether deploying endpoint in this manner will help optimize your physical servers. By allocating extra memory to endpoint, you eat up resources that could be better allocated to serve the virtual machines themselves.
Since IT often must show ROI, a less efficient environment will also cause security teams to question the value of installing an endpoint agent on each VM
2) Use a virtualized endpoint to leverage the management console within the hypervisor to deploy an endpoint on every VM. Here’s how this can work:
• Since the management console does all of the work, with each VM hosting a very small (or even agentless) footprint of the solution, the memory hit only applies to the management console.
• This means a 2% memory allocation will only be 2% for the entire hypervisor/server, yet the benefits of endpoint are applied to every VM.
• The IT team can recognize the full benefits of virtualization, and the security teams can ensure that the environment meets security requirements.
White Paper: Choosing an Effective Managed Security Services Partner.
Learn how to run all of your data-intensive applications and enhance your productivity, with a cost-effective solution that delivers scalability, flexibility and reliability.