White Paper. The impact of virtualization security on your VDI environment

Similar documents
The impact of virtualization security on your VDI environment

Scalability Testing with Login VSI v16.2. White Paper Parallels Remote Application Server 2018

Parallels Remote Application Server. Scalability Testing with Login VSI

White Paper. Securing the virtual infrastructure without impacting performance

White Paper. Getting the most out of your cloud deployment

Citrix VDI Scalability Testing on Cisco UCS B200 M3 server with Storage Accelerator

VMWare Horizon View 6 VDI Scalability Testing on Cisco 240c M4 HyperFlex Cluster System

Performance Lab Report & Architecture Overview Summary of SnapVDI Features and Performance Testing Using Login VSI

AccelStor NeoSapphire VDI Reference Architecture for 500 users with VMware Horizon 7

NetApp HCI with VMware Horizon View 7

VMWARE HORIZON 6 ON HYPER-CONVERGED INFRASTRUCTURES. Horizon 6 version 6.2 VMware vsphere 6U1 / VMware Virtual SAN 6U1 Supermicro TwinPro 2 4 Nodes

INTEGRATED INFRASTRUCTURE FOR VIRTUAL DESKTOPS ENABLED BY EMC VNXE3300, VMWARE VSPHERE 4.1, AND VMWARE VIEW 4.5

Cisco Integrated Desktop Virtualization Solution

The scalability and economics of delivering Citrix Virtual App and Desktop services from Microsoft Azure

Technical Overview. Jack Smith Sr. Solutions Architect

XenApp and XenDesktop 7.12 on vsan 6.5 All-Flash January 08, 2018

Citrix XenDesktop 5.5 on VMware 5 with Hitachi Virtual Storage Platform

Windows Server 2016 Impact on VDI: Benchmark Results. By Mark Plettenberg, Ryan Bijkerk and Omar Bouhaj

Dell EMC Ready Architectures for VDI

Virtual Desktop Infrastructure

Ret h i n k i n g Security f o r V i r t u a l Envi r o n m e n t s

Dell EMC. Vblock System 340 with VMware Horizon 6.0 with View

Dell EMC XC Series Appliances A Winning VDI Solution with Scalable Infrastructure

Deploying EMC CLARiiON CX4-240 FC with VMware View. Introduction... 1 Hardware and Software Requirements... 2

Kaspersky Security for Virtualization Frequently Asked Questions

REAL PERFORMANCE RESULTS WITH VMWARE HORIZON AND VIEWPLANNER

Optimizing XenApp for the Virtual Data Center

High-Performance, High-Density VDI with Pivot3 Acuity and VMware Horizon 7. Reference Architecture

N-Series SoC Based Thin Clients

Login VSI 4.0. Upgrade Guide

Dell EMC Ready Architectures for VDI

iocontrol Reference Architecture for VMware Horizon View 1 W W W. F U S I O N I O. C O M

HPE SimpliVity Hyperconverged Infrastructure for VDI Environments

CSince XenDesktop 4 Enterprise and Platinum editions offer many other

VMware Horizon View. VMware Horizon View with Tintri VMstore. TECHNICAL SOLUTION OVERVIEW, Revision 1.1, January 2013

Why Datrium DVX is Best for VDI

Performance of Virtual Desktops in a VMware Infrastructure 3 Environment VMware ESX 3.5 Update 2

Virtualization of the MS Exchange Server Environment

The Virtues of Virtualization and the Microsoft Windows 10 Window of Opportunity

Adobe Acrobat Connect Pro 7.5 and VMware ESX Server

Measuring VDI Fitness and User Experience Technical White Paper

REVISED 1 AUGUST REVIEWER'S GUIDE FOR VMWARE APP VOLUMES VMware App Volumes and later

Dell Networking S6000

REVISED 1 AUGUST QUICK-START TUTORIAL FOR VMWARE APP VOLUMES VMware App Volumes and later

Mobilizing Windows apps

Goliath Performance Monitor Frequently Asked Questions: Citrix XenServer

5,000 Persistent VMware View VDI Users on Dell EMC SC9000 Storage

EMC Virtual Infrastructure for Microsoft Applications Data Center Solution

Performance Characterization of the Dell Flexible Computing On-Demand Desktop Streaming Solution

Dell EMC Ready Architectures for VDI

THREAT PROTECTION FOR VIRTUAL SYSTEMS #ILTACON #ILTA156

Ensure Virtualization Security and Improve Business Productivity with Kaspersky

Deploying XenApp 7.5 on Microsoft Azure cloud

R E F E R E N C E A R C H I T E C T U RE

EMC INFRASTRUCTURE FOR SUPERIOR END-USER COMPUTING EXPERIENCE

Seagate Enterprise SATA SSD with DuraWrite Technology Competitive Evaluation

Dell EMC Ready Architectures for VDI

Test Methodology We conducted tests by adding load and measuring the performance of the environment components:

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

A Guide To Evaluating Desktop Virtualization Solutions

AppEnsure s End User Centric APM Product Overview

IT Certification Exams Provider! Weofferfreeupdateserviceforoneyear! h ps://

IOmark- VDI. IBM IBM FlashSystem V9000 Test Report: VDI a Test Report Date: 5, December

TRAPS ADVANCED ENDPOINT PROTECTION

Endpoint Security and Virtualization. Darren Niller Product Management Director May 2012

Get to know SysKit Monitor

This document details the procedure for installing Layer8 software agents and reporting dashboards.

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

NetApp All Flash FAS Solution for Nonpersistent Desktops with VMware Horizon View

DELL EMC XTREMIO X2 WITH CITRIX XENDESKTOP 7.16

Table of Contents HOL SLN

Sophos for Virtual Environments. startup guide -- Sophos Central edition

EMC END-USER COMPUTING

Windows 7 Deployment Key Milestones

Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice.

EMC INFRASTRUCTURE FOR VIRTUAL DESKTOPS ENABLED BY EMC VNX SERIES (NFS),VMWARE vsphere 4.1, VMWARE VIEW 4.6, AND VMWARE VIEW COMPOSER 2.

Virtual Desktop Infrastructure (VDI) Bassam Jbara

Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice.

Pivot3 vstac VDI-Simple Scalability for VMware View 5 Date: February 2012 Author: Tony Palmer, Sr. Lab Engineer/Analyst

A Guide to Closing All Potential VDI Security Gaps

Virtual Desktop Infrastructure on VMware Horizon 6* with View* using

BITDEFENDER GRAVITYZONE

Enterprise-class desktop virtualization with NComputing. Clear the hurdles that block you from getting ahead. Whitepaper

Nutanix Complete Cluster Reference Architecture for Virtual Desktop Infrastructure

Mobile Secure Desktop Implementation with Pivot3 HOW-TO GUIDE

Goliath Performance Monitor v11.7 POC Install Guide

Consulting Solutions WHITE PAPER Citrix XenDesktop XenApp 6.x Planning Guide: Virtualization Best Practices

Integrated and Hyper-converged Data Protection

XenDesktop Planning Guide: Image Delivery

Dell EMC Ready System for VDI on VxRail

Dell PowerEdge R910 SQL OLTP Virtualization Study Measuring Performance and Power Improvements of New Intel Xeon E7 Processors and Low-Voltage Memory

Lab Validation Report

When will I use ED Analyzer (EDA) with LAW?

Citrix Workspace Cloud

Pivot3 Enterprise HCI Flash: Reference Architecture with VMware Horizon View

Virtualizing SQL Server 2008 Using EMC VNX Series and VMware vsphere 4.1. Reference Architecture

EMC Business Continuity for Microsoft Applications

The Hardware Realities of Virtualization

IOmark- VM. HP HP ConvergedSystem 242- HC StoreVirtual Test Report: VM- HC b Test Report Date: 27, April

[TITLE] Virtualization 360: Microsoft Virtualization Strategy, Products, and Solutions for the New Economy

Transcription:

The impact of virtualization security on your VDI environment

Contents Introduction...3 What is VDI?...3 Virtualization security challenges...3 Choosing the right virtualization security solution...4 Conclusion...7 Appendix...8 About Login VSI... 10 [2]

Introduction Virtualization provides organizations with many costs savings and significant business agility. One virtualization technology that many organizations take advantage of is called virtual desktop infrastructure (VDI). VDI empowers employees and employers with many benefits, no matter the size of the organization. One such benefit with VDI is the ability to provide centrally managed desktop environments to employees on any device. In doing so, the organization can rest assured that information is always accessed and managed in a secure fashion regardless of where the user is accessing information from. VDI is not for everyone. Yet it does serve a purpose in production environments like call centers that have a high concentration of task-based workers, or to replace large scale office-based desktop deployments. However, as with any environment security should always play a pivotal role and should complement the business environment. With VDI it s no different; security should be seamless, without any effect on the user experience. Designed for physical environments, traditional security can hamper VDI deployments, thus reversing the purpose of adopting virtualization or VDI in the first place efficiency, flexibility and cost savings. This paper provides details about performance testing conducted using industry standard tools like Login VSI. The test results show the comparison of four security solutions available on the market today that have been specifically designed for virtualized environments. These test results are aimed to help organizations gain better insight into the sizing requirement and expected performance from their VDI deployments with optimized virtualization security. Figure 1: Virtual Desktop Infrastructure What is VDI? Virtual desktop infrastructure (VDI) is the practice by which a desktop operating system is hosted within a virtual machine. The virtual machine can be hosted in the organizations datacenter or from the cloud as a service (DaaS). In doing so, the VDI can be accessed from devices like thin clients, refurbished PCs, smartphones, tablets and so on. This provides organizations with the ability to guarantee quality end-user experience, regardless of the device used to connect to the corporate network. Virtualization security challenges It is a well-known fact that antimalware software is quite simply a requirement today. Applications and operating systems running in physical, virtual or cloud-based environments are all susceptible to exploitation. Although traditional security can be used in virtualized environments, it is neither built nor optimized for virtualized environments. Using traditional antivirus solutions can result in specific challenges in a VDI environment such as: Low virtual machine consolidation ratios Boot latency AV storms Outdated AV on dormant virtual machines Management challenges Consolidation ratios suffer as a result of using traditional security in virtual environments. Traditional security treats each virtual machine on a silo basis; it is not designed to evaluate all the virtual machine instances in a specific network or group. All application and user actions [3]

performed within the virtual machine instance are evaluated by the security agent within the operating system. This silo effect creates significant duplication, from signature databases to scan results for the same files, ultimately creating a performance problem, subsequently lowering virtual machine consolidation ratios. Boot latency is the result of using traditional antimalware in virtual environments. When a virtual machine is started, the security solution must download its latest antivirus engine signatures, and the latest software updates. This update process alone can take anywhere between 5 to 12 seconds, which creates a window of opportunity for malicious intent. AV storms occur when the traditional security solution agents installed on each virtual machine attempt to perform an update or a scheduled scan at the same time. In doing so, the host CPU, memory and IOP are overloaded, resulting in poor virtual machine performance and in some cases total host failure. Outdated AV on dormant virtual machines brings the management of traditional antimalware security solutions full circle. Antimalware agents installed on dormant virtual machines can only be updated when the virtual machine is started, which results in boot latency issues and potentially AV storms, leaving the VM unprotected by the most current engine signature files. Management of traditional security solutions can become tedious; this is especially the case in larger deployments. Each time a new traditional agent is installed, it is registered to the security management console, for administration. When a virtual machine is deleted or dormant, the traditional agent still remains registered with the security console and the only way to remove that entry is manually. This can become a laborious, mundane task, especially for large organizations where virtual machines are constantly on the move. Choosing the right virtualization security solution Bitdefender used Login VSI to test Bitdefender against seven virtualization security solutions available on the market today. The results capture the impact of the solutions on a VDI environment. Login VSI is the industry standard VDI benchmarking tool that simulates typical user behavior in VDI environments. The tool measures the total response time of several specific user operations being performed within a desktop workload in a scripted loop. There are two values in particular that are important to note: The Baseline and the VSImax. The VSImax is the maximum number of VDI sessions attainable on the host before experiencing degradation in host and VDI performance. The Baseline is the measurement of the response time of specific operations performed in the desktop workload when there is no stress on the system which is measured in milliseconds (ms). A low Baseline indicates a better VDI user experience. When interacting with a VDI instance, if response times are too long, the ideal experience of a virtual desktop behaving like a local one is unachievable. Very long response times are akin to working with a dynamic web page that takes extended periods to refresh. All of these measurements represent what is achievable with a given stack. In this testing, the same hardware, virtualization software, and other factors are the same across all tested solutions. The only element changed from test to test was the antimalware solution. The only way to achieve better results with the same software stack is to add more computing power, increasing costs. Note that the Bitdefender, McAfee Multiplatform and Kaspersky Light Agent solutions do not use VMware vshield Endpoint, while all other solutions do rely on it. Bitdefender does include vshield integration for customers who wish to use it. [4]

Figure 2: VSImax the maximum attainable number of VDI sessions The Baseline is the measurement of the response time of specific operations performed in the desktop workload when there is no stress on the system which is measured in milliseconds (ms). depicts the VSImax of each solution tested. This is the most straightforward test, representing the number of VDI instances that can be run before user experience degrades beyond unusable levels. While all tests are related to consolidation ratios, this test represents what is achievable, even with less-than-ideal user experience, in an environment. Figure 3: Baseline the response time (ms) of an unstressed system Figure 3 outlines test results of the Baseline measurement. Bitdefender achieves the lowest Baseline response time, which results in better user experience and desktop workload performance when the environment is not stressed. [5]

Figure 3: Antimalware impact on system load and latency Since the overall picture relies on both VSImax and Baseline, the results have been combined in In the figure, the latency is expressed as a percentage increase in Baseline over running the same test with no antimalware installed. The computing power is represented as a percentage increase in hardware load applied by each VDI instance by comparing VSImax of each solution against VSImax with no antimalware installed. [6]

Conclusion Without question, security is paramount to ensuring the security of data. However, security must not hamper the business in any way. Choosing the right security solution is the difference between a successful virtualization project, and additional capital outlay on more hardware, frustrated employees, and wasted productivity. In a VDI environment, the security solution implemented must have the least possible impact shorter waiting times for applications to open results in better employee productivity and consequently in fewer helpdesk calls. GravityZone Security for Virtualized Environments is an all-encompassing security solution, specifically built for any virtualized infrastructure. When SVE is deployed in a VDI environment, it supports the highest number of VDI sessions achievable compared to any other virtualization security solution available on the market. It also minimizes the impact in latency, while providing antimalware protection for files, memory, processes and registry. Figure 4: Scope of protection When compared to other virtualization security solutions, using SVE in a VDI environment results in: Improved cost savings. Improved application response time. Increased number of VDI sessions. Flexibility of using any hypervisor. Comprehensive protection for files, memory, processes and registry. [7]

Appendix Testing methodology All security solutions were installed and tested in minimum default installation with antivirus and antimalware features activated. VSImax v4 (Max # of VDIs): VSImax v4 shows the number of concurrent sessions that can be active on a system before the system is saturated. This number gives you an indication of the scalability of the environment (higher is better). VSIbase: VSIbase indicates the performance of the system while there is no load on the environment. This number is used to determine what the performance threshold will be. VSIbase gives an indication of the base performance of the environment (lower is better). VSImax v4 Threshold: VSImax v4 threshold indicates the saturation point of the environment and is based on VSIbase. The threshold for the total response time is: average weighted baseline phase response time + 2600ms. Calculating VSImax v4: The simulated desktop workload is scripted in 48-minute loops during which a simulated Login VSI user performs generic Office worker activities. Within each loop the response times of twelve specific operations are measured in a regular interval. The response time of these actions are weighted before they are added to the total, so as to ensure that each activity has an equal impact on the total response time. Weighting applies as follows: Activity Weight (%) Start VSI Notepad with large text file 50% File Open Dialogue 125% Start Print Dialogue 400% Zip PST file without compression 600% Zip PST file with high compression 17,5% Start Word with new document 15% 1. VsiMax Dymanic (ms): The formula for the dynamic threshold is: Avg. Baseline Response Time x 125% + 3000. As a result, when the baseline response time is 1800, the VSImax threshold will now be 1800 x 125% + 3000 = 5250ms. 2. VsiMax # VDI: When the response (ms) of all the sessions is above VsiMax Dymanic (ms) the Maximum number of logged on sessions (VsiMax # VDI) has been reached End of test ; 3. Number of machines: Before starting the actual tests, a number of VDIs are started waiting for Login VSI to login to the environment. 220 virtual machines are started at the beginning of each test run. This is performed to better mimic production environments where login may fail. Therefore, the number of standby VDIs is larger than the logged on VDIs and it has to be a constant value to make the test number of VDIs the same for all test runs. 4. Test Timeframe: The testing tool (Login VSI Tool) launches sessions, there has to be some delay between the launched sessions. This value is set before testing to calibrate Login VSI for the environment. The Timeframe value is the total time allocated for launching all 220 sessions. The testing tool will logon a user every 16 seconds. This means it must finish logging in all users within 3600 seconds. 5. Heavy workloads: The heavy workload utilizes higher memory and CPU consumption because more applications are running in the background. This workload simulated a power user. Once a session has been started the heavy workload will repeat every 12 minutes. During each operation the response time is measured every 2 minutes. The heavy workload opens up to 8 apps simultaneously. Type rate is 130ms per character. 40 seconds of Idle time to simulate real-world users. [8]

Each loop will open and use the following: Outlook 2007/2010, browse 10 messages. Internet Explorer, one instance is left open (BBC.co.uk), one instance browsers to Wired.com, Lonelyplanet.com and heavy flash app gettheglass.com. Word 2007/2010, one instance to measure response time, one instance to review and edit document. Bullzip PDF Printer & Acrobat Reader, the word document is printed and reviewed to PDF. Excel 2007/2010, a very large randomized sheet is opened. PowerPoint 2007/2010, a presentation is reviewed and edited. 7-zip: using the command line version the output of the session is zipped. 6. Testing environment description: vcenter 5.5.0 1476327 VMware Tools 9.4.0, build-1280544 VDI Manager VMware View 5.3.0 build 1427931 vshield Manager Release 5.5.3-217697 Endpoint Driver Version 5.1.0-01814505 (Mux Driver) Host1 (Dell R710) 5.5.0 1331820 CPU 2 x Xeon E5645 @2.4 GHz RAM 128GB DDR3 Storage Controller Perc H700 Disks 5 x OCZ Vertex 3 in Raid 0 Config Net 2 x Gigabit Ethernet Host2 (Dell R710) 5.5.0 1331820 CPU 2 x Xeon E5645 @2.4 GHz RAM 128GB DDR3 Storage Controller Perc H700 Disks 5 x OCZ Vertex 3 in Raid 0 Config Net 2 x Gigabit Ethernet Testing policy: Scan all Files Scan network files Archives excluded from scanning Mail archives excluded from scanning Windows 7 X86 SP1, updated Defragmenter disabled Search indexer disabled Windows update disabled Scheduled tasks disabled Firewall disabled [9]

Windows defender disabled Web proxy auto-discovery disabled Themes disabled Superfetch disabled Application experience enabledabled Offline files disabled Security center disabled Machine debug manager disabled Error reporting disabled 1172 RAM allocated with no reservation 1 VCPU allocated with no reservation Pagefile set static to 2x RAM Tested with Login VSI version 4.1.0 in April 2015 About Login VSI Login VSI, Inc. delivers industry-standard testing solutions for virtualized desktop and server environments. The world s leading virtualization vendors use the flagship product, Login VSI, to benchmark the performance and scalability of their solutions. Enterprise IT departments use Login VSI in all phases of their virtual desktop deployment from capacity planning, to load testing, to change impact prediction for more predictable performance, higher availability and a more consistent end user experience. With minimal configuration, Login VSI works in VMware Horizon View, Citrix XenDesktop and XenApp, Microsoft Remote Desktop Services (Terminal Services) and any other Windows-based virtual desktop solution. For more information, download a trial at www.loginvsi.com. [10]

[11]

BD-Business-May.13.2015-Tk#: 70767

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback