Maintain secure infrastructure is important, but the execution of anti-malware software can affect the performance of a virtual environment.
How did the anti-malware software affects performance VM?
The anti-malware software, such as antivirus solutions, with virtual machines have a large critical. The problem is not in the installation but, rather, of absorption of computing resources that these applications require, especially when you run a scan.
This type of task, in fact, it can take a considerable portion of CPU cycles, memory space and almost exclusive access to storage resources.
The impact is not a big problem in a situation of testing and development, or if the underlying system is supporting a single workload. In fact, this is a situation that occurs regularly.
Imagine, instead, the case of a consolidated server that is supporting 10 or 12 workload enterprise in order to maximize the use of resources.
When anti-malware tools are in operation (especially since all are shooting simultaneously), the sudden load on system resources can slow workloads. In perspective, the problem is accentuated when one considers the impact on shared storage, in which a dozen machines are trying to scan a LUN (Logical Unit Number) through the storage network.
As a workaround performance?
There are several options to safeguard a virtualized server, minimizing performance problems generated by the anti-malware software.
- First, IT administrators can consider installing an anti-malware software optimized for virtual environments, that is designed to reduce the processing load on the virtual machines. An example is the software Symantec Endpoint Protection, which integrates with VMware vShield Endpoint.
A second possibility is to install anti-malware tools main host rather than in every single guest host. This is a sure way to protect the host, while the network scan can monitor traffic for each virtual machine (VM).
A third option is to install the anti-malware protection in the form of dedicated network appliance, for example, the product line of WatchGuard XTM or family of IronPort S-Series Web Security Cisco, which are designed to provide a gateway to network traffic can scan malicious content before it reaches the servers and virtual machines.
No comments:
Post a Comment