Virtualization has gone from a testing environment to full-blown production in just a few years. However, running a dozen operating systems on a single piece of hardware has its challenges, especially when it comes to keeping all those virtual servers secure from outside attacks.
Trend Micro Deep Security Virtualization Security Pack 8.0 addresses these issues using the vShield components that VMware provides for vSphere 4.1 and 5.x. The Deep Security software installs as a virtual appliance and then scans multiple virtual machines immediately. Rather than running with an agent at the level of the guest OS, the combination of Deep Security and vShield lets the Trend Micro virtual appliance interface directly with vSphere, scanning the OSs at the level of the virtual disks. This reduces loads because only one antivirus app is running.
IT managers will find Deep Security easy to deploy, by simply adding a virtual appliance to an existing vSphere server. The appliance requires VMware's VMsafe application programming interface (API), VMware Tools and the vShield agent 5.x or later. VMsafe is available only with the commercial version of ESX. VMware's vShield is available separately and works with vSphere 4.1 or 5.x, letting IT managers scan the VMware server's virtual disks directly, rather than requiring an interface to each OS. vShield includes VMware Tools, which means that the same appliance can scan any version of Windows, as well as Linux VMs, whether or not they are running at the time of the scan.
Deep Security also integrates with VMware's vCenter, although it's not required. Integration with vCenter makes managing antimalware across multiple VMware servers much simpler. The appliance includes a database for storing the data on virus signatures, log files and scan results. In a production environment, this should be made a separate SQL server.
The software can protect both physical and virtual systems, using deep integration with VMware to scan guest operating systems, and supporting scans of physical systems and client OSs on PCs. A single, integrated software setup protects all the systems in an organization. In addition, the integration with vCenter and vSphere allows for a much lighter footprint than installing separate antivirus software on each guest OS, reducing storage loads as well as the load on the vSphere server itself.
Why It Works for IT
The Trend Micro software delivers security without impacting server loads and ensures that VMs are protected from the moment they are brought online — whether the latest OS patches are applied or not. Deep Security also gives administrators a better chance of achieving compliance with the Payment Card Industry Data Security Standard (PCI DSS). Because the standard requires organizations to secure stakeholder data from theft, ensuring data security on all VMs is a necessity. In addition, the detailed logs that Deep Security provides can show that the PCI DSS standards are met.
Although Trend Micro Deep Security bills itself as agentless, it does require the VMware vShield agent, which is an added cost. Guest OSs also must have VMware Tools installed, and the system doesn't work with the free version of vSphere ESX. This shouldn't be a problem, because IT managers shouldn't be running the free version in a production environment.