I was reading Richard Garsthagen’s article about anti-virus solutions yesterday and decided that this deserved a little bit of extra attention as it is an often overlooked area when it comes to architecture and impact. As Richard points out the difference in terms of load that it generates and overhead is enormous. All of these combined will most definitely result in an increase of consolidation ratio. Not only that but is will also seriously lower the risk during for instance a VDI boot storm but also think about the impact of HA initiated restarts. This could cause an enormous amount of IOps and CPU/Memory overhead which in its turn could impact the other virtual machines.
I guess there is no point in rehashing what is written in the whitepaper of what Richard wrote, I just want to point out the whitepaper as I believe it is a good read. As always results may vary but it is pretty obvious that from an architectural and operational perspective End Point Security is most definitely worth looking into and I cannot wait for more vendors to jump on the bandwagon. Download the tolly report here. (I personally found the disk results very interesting…)
DavidWarburton says
We got bit on the ass by AV in our environment….but interestingly it wasn’t scheduled or even real-time scans that were the problem.
We finally narrowed it down to the fact that almost every single VM was getting pushed new AV sigs out at the same time. Disk activity spiked only for a minute or two but across every VM it just hammered our EVA and caused massive problems. Wasn’t a lot of fun during the time we spent trying to figure out what was going on!
Using an AV solution that made use of vSafe API’s was always part of the plan but I’ve been frustrated and the slow release of products to the market.
Lessi says
Hi,
I can remember that I heard about the idea of an virtual appliance which make local antivirus agents unnecessary already at VMWorld 2009 in Cannes.
I think it was a guy from symantec who told me that it will only take one year till there will be a product on the market… this was three years ago.
But perhaps it will happen now – it would be great.
Regards
Andrew Mancey says
Hi Duncan,
Excellent article – I’ve seen countless companies I’ve worked with bypass the need to restructure their existing AV environment and then go on to simply employ the typical VMware blame culture. This goes to prove the importance of the buy in required for those that administer the AV environment when implementing VMware be it for desktop or server virtualisation.
At the end of your post, you mention “End Point Security is most definitely worth looking at” – shouldn’t that read “Deep Security”.
Regards
Andrew
Andrew Mancey says
Apologies – whilst the Tolly report covers Deep Security, I’ve just read the article regarding EPSec so please ignore my last sentence.
Thanks
Craig says
I think Trend Micro already got the solution to overcome this