Anti-Virus Functionality for VMs on Acropolis Hypervisor (AHV)

  • 17 March 2016
  • 5 replies
Anti-Virus Functionality for VMs on Acropolis Hypervisor (AHV)
Userlevel 7
Badge +35
This post was authored by Amit Jain, Product Management at Nutanix

As virtualization is becoming mission-critical for servers and desktops (VDI), more so in private cloud settings, your IT teams must support increasingly large number of end points and protect those from being exposed to any virus or malware.

In a recent blog, I had highlighted how Nutanix Acropolis architecture provides “Holistic” security for your Data Center Stack. In this blog, I would provide details on protecting the end-point through the Intel McAfee MOVE Anti-Virus Multi-platform architecture, which provides superior Anti-Virus functionality for the VMs running on Acropolis hypervisor (AHV) or, in general, for the mixed hypervisor environments.

How does it work?

In the Intel McAfee MOVE (Management for Optimized Virtual Environments) Multi-platform architecture, the MOVE Anti-Virus (AV) Agent—a lightweight endpoint component—communicates to the offload MOVE Scan Server VM (SVM) to broker the antivirus processing on behalf of each user virtual machine.

You can designate and scan a gold image for use as a clean master. Pre-populating the local cache with clean images delivers the fastest VM boot-up time. Upon file access, the MOVE SVM performs an on-access scan, providing a response back to the user VM. Users can be notified of issues through a pop-up alert, and can either delete, deny access to, or quarantine malicious files.

Multi-Platform -vs- VMware Tools based Architecture?

Now, you may be wondering about the alternate architecture, which is VMware Tools based and is offered by multiple vendors, including Intel McAfee Security. However, the so-called Agentless model too involves a component from the hypervisor vendor, which in this case involves integration with vShield endpoint or NSX and so is very specific to VMware ESXi environments.

On the other hand, the Multi-Platform architecture involves the component (or agent) from the Anti-Virus vendor (Intel McAfee Security) itself and provides significant flexibility and efficiency benefits with rapid pace of innovation. So, I have tabulated (as below) the key points of similarities and differentiators across both the architectures.

Proof Points?

As per Intel Security team, more than a third of MOVE customers leverage Multi-Platform architecture for the afore-mentioned benefits. There is a detailed implementation guide on this as well, so you can refer this link.

Moreover, the Multi-platform architecture has already been qualified for AHV environment by the Nutanix team!

[Techy Tidbit: “Brain”, the first virus infecting the computer, was discovered in 1986. Typically, it is a no-brainer that any virus would leave minimal trail, however this one included the name and contact information of authors! No, the authors (two brothers) weren’t dumb. It was just that the virus wasn’t supposed to be destructive. In fact, the two brothers are currently running a very successful business - as Brain NET Internet service providers]

Continue the conversation in the community forums and follow Nutanix on Twitter for the latest news and announcements. Also listen to episode 27 of the Nutanix community podcast - Why Security Should Be Your First Focus

This topic has been closed for comments

5 replies

Badge +2
Interesting topic as security is a growing concern in converged datacenter and cloud area. Important note is that for virtualization and cloud a different security is needed but the management should fit the traditional environement as well. So a need to protect both physical, virtual and cloud environments with one security management tool and a security policy that travels with the workload no mather in what state it is.

I would recommend to choose a solution for the datacenter that goes beyond antivirus. With all the new threats antivirus is still an important defense layer but there is even a bigger need for vulnerability shielding, Intrussion prevention, host based firewalling and many more security features. Trend Micro Deep Security which is a Nutanix technology partner and has Nutanix ready status offers a much more broad security set including web-reputatiation, log inspection, integrity monitoring next to anti-malware, firewalling and intrussion prevention. Whatever security solution you choose, at least consider a security solution that support your virtualization and convergence efforts without comprimising security level.
Userlevel 1
Badge +8
McAfee Move provides two deployment options Multi-Platform (Agent) and Agentless.Agentless deployment integrates with VMware vShield that require Shield Endpoint Thin Agent driver. Typically, installing Hypervisor guest tools is part of any virtualization deployment.

Also, Having 2 options for antivirus deployment is a good choice. In some cases agentless deployment would be the best option, like Non-persistent VDI.

Moreover, AHV is not supported platform by McAfee 😞
Badge +3
How about SYMANTEC customers? any relevant article?
Userlevel 1
Badge +8
Symantec Endpoint Protection Best Practices - Virtualization

How about ESET Virtualization security, also working on VMWare NSX vshield APIs. Do you happen to have article on that topic too?