The impact of virtualization security on your VDI environment

Similar documents
White Paper. The impact of virtualization security on your VDI environment

White Paper. Getting the most out of your cloud deployment

White Paper. Securing the virtual infrastructure without impacting performance

Scalability Testing with Login VSI v16.2. White Paper Parallels Remote Application Server 2018

Parallels Remote Application Server. Scalability Testing with Login VSI

Performance Lab Report & Architecture Overview Summary of SnapVDI Features and Performance Testing Using Login VSI

Citrix VDI Scalability Testing on Cisco UCS B200 M3 server with Storage Accelerator

The scalability and economics of delivering Citrix Virtual App and Desktop services from Microsoft Azure

Kaspersky Security for Virtualization Frequently Asked Questions

AccelStor NeoSapphire VDI Reference Architecture for 500 users with VMware Horizon 7

VMWare Horizon View 6 VDI Scalability Testing on Cisco 240c M4 HyperFlex Cluster System

Virtual Desktop Infrastructure

Dell EMC XC Series Appliances A Winning VDI Solution with Scalable Infrastructure

Paper. Delivering Strong Security in a Hyperconverged Data Center Environment

Login VSI 4.0. Upgrade Guide

Enterprise-class desktop virtualization with NComputing. Clear the hurdles that block you from getting ahead. Whitepaper

NetApp HCI with VMware Horizon View 7

Citrix XenDesktop 5.5 on VMware 5 with Hitachi Virtual Storage Platform

Windows Server 2016 Impact on VDI: Benchmark Results. By Mark Plettenberg, Ryan Bijkerk and Omar Bouhaj

VMWARE HORIZON 6 ON HYPER-CONVERGED INFRASTRUCTURES. Horizon 6 version 6.2 VMware vsphere 6U1 / VMware Virtual SAN 6U1 Supermicro TwinPro 2 4 Nodes

INTEGRATED INFRASTRUCTURE FOR VIRTUAL DESKTOPS ENABLED BY EMC VNXE3300, VMWARE VSPHERE 4.1, AND VMWARE VIEW 4.5

Dell EMC Ready Architectures for VDI

QuickSpecs. HP Client Virtualization with Citrix XenDesktop. Overview. Retired

The Virtues of Virtualization and the Microsoft Windows 10 Window of Opportunity

Citrix Systems Italy

Microsoft RemoteFX for Remote Desktop Virtualization Host Capacity Planning Guide for Windows Server 2008 R2 Service Pack 1

Datrium Technical Note Citrix Ready Setup for XenDesktop on Datrium DVX

Desktop Virtualization Endpoint Solutions for SMB. Erik Willey The VDI Endpoint Authority

Ret h i n k i n g Security f o r V i r t u a l Envi r o n m e n t s

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Technical Overview. Jack Smith Sr. Solutions Architect

A Guide to Closing All Potential VDI Security Gaps

XenDesktop Planning Guide: Image Delivery

Citrix Ready Setup for XenDesktop on Datrium DVX

CYBER SECURITY MALAYSIA AWARDS, CONFERENCE & EXHIBITION (CSM-ACE) Securing Virtual Environments

Deploying XenApp 7.5 on Microsoft Azure cloud

Cisco Integrated Desktop Virtualization Solution

A Guide To Evaluating Desktop Virtualization Solutions

VDI What is it? Virtual Desktop Infrastructure in Plain Vanilla. Clifford Gabriel Data Center and Virtualization Trends and Technologies Inc.

XenApp and XenDesktop 7.12 on vsan 6.5 All-Flash January 08, 2018

TRAPS ADVANCED ENDPOINT PROTECTION

IT Certification Exams Provider! Weofferfreeupdateserviceforoneyear! h ps://

High-Performance, High-Density VDI with Pivot3 Acuity and VMware Horizon 7. Reference Architecture

Desktop virtualization for all

Dell EMC Ready Architectures for VDI

Exam : 1Y Citrix XenApp and XenDesktop 7.15 Assessment, Design and Advanced Configurations. Title : Version : V8.02

Why Converged Infrastructure?

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Optimizing XenApp for the Virtual Data Center

Consulting Solutions WHITE PAPER Citrix XenDesktop XenApp 6.x Planning Guide: Virtualization Best Practices

Goliath Performance Monitor Frequently Asked Questions: Citrix XenServer

Consulting Solutions WHITE PAPER Citrix XenDesktop XenApp Planning Guide: Virtualization Best Practices

Measuring VDI Fitness and User Experience Technical White Paper

[TITLE] Virtualization 360: Microsoft Virtualization Strategy, Products, and Solutions for the New Economy

Ensure Virtualization Security and Improve Business Productivity with Kaspersky

Symantec Endpoint Protection

Reduce costs and enhance user access with Lenovo Client Virtualization solutions

Seagate Enterprise SATA SSD with DuraWrite Technology Competitive Evaluation

SUCCESS STORY SEYFARTH SHAW SEYFARTH SHAW DRAMATICALLY IMPROVES USER EXPERIENCES WITH WINDOWS 10 AND NVIDIA GRID

CSince XenDesktop 4 Enterprise and Platinum editions offer many other

HPE SimpliVity Hyperconverged Infrastructure for VDI Environments

XenApp, XenDesktop and XenMobile Integration

Sophos for Virtual Environments. startup guide -- Sophos Central edition

7 Things ISVs Must Know About Virtualization

Deploying App and Desktop Solutions with Citrix XenApp and XenDesktop (CXD-300)

N-Series SoC Based Thin Clients

VMware Horizon View ScaleIO Reference Architecture. VMware Horizon View 5.3, EMC ScaleIO and LSI Nytro WarpDrive. Reference Architecture

Improving VDI with Scalable Infrastructure

Test Methodology We conducted tests by adding load and measuring the performance of the environment components:

R E F E R E N C E A R C H I T E C T U RE

Consulting Solutions WHITE PAPER Citrix XenDesktop XenDesktop Planning Guide: Hosted VM-Based Resource Allocation

Design and deliver cloud-based apps and data for flexible, on-demand IT

FlashStack for Citrix XenDesktop Solution Guide

All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws.

Mobile Secure Desktop Implementation with Pivot3 HOW-TO GUIDE

VMware Horizon View. VMware Horizon View with Tintri VMstore. TECHNICAL SOLUTION OVERVIEW, Revision 1.1, January 2013

Securing the Modern Data Center with Trend Micro Deep Security

Don t Compromise on the User Experience:

AppEnsure s End User Centric APM Product Overview

Dell EMC Ready Architectures for VDI

Symantec NetBackup 7 for VMware

Virtual Desktop Infrastructure (VDI) Bassam Jbara

Kaspersky Cloud Security for Hybrid Cloud. Diego Magni Presales Manager Kaspersky Lab Italia

Five reasons to choose Citrix XenServer

Maximize your move to Microsoft in the cloud

RED HAT ENTERPRISE LINUX. STANDARDIZE & SAVE.

Er XenApp død og begravet? Allan Bak, edgemo A/S

IOmark- VDI. IBM IBM FlashSystem V9000 Test Report: VDI a Test Report Date: 5, December

Enterprise Mobility Management

Nutanix Reference Architecture Version 1.1 July 2016 RA-2022

Dell EMC Ready Architectures for VDI

The Red RepoRT: MAKING DESKTOP VIRTUALIZATION A REALITY. The Benefits The Approaches. The Challenges The Services VOL

Monitoring Citrix XenDesktop Director

[TITLE] Virtualization 360: Microsoft Virtualization Strategy, Products, and Solutions for the New Economy

FlexPod Data Center Solution. Presented by: Bernd Dultinger Date: December 1 st 2011

Endpoint Security and Virtualization. Darren Niller Product Management Director May 2012

Copyright 2011 Trend Micro Inc.

Optimizing Pulse Secure Access Suite with Pulse Secure Virtual Application Delivery Controller solution

Desktop Virtualization for Higher Education. The Virtual Lab

NetApp All Flash FAS Solution for Persistent Desktops with Citrix XenDesktop

Transcription:

ENTERPRISE The impact of virtualization security on your VDI environment

Contents Introduction... 3 What is VDI?... 3 Virtualization security challenges... 3 Choosing the right virtualization security solution...4 Conclusion... 5 Appendix...6 About Login VSI... 7 2

Introduction Virtualization provides organizations with many costs savings and significant business agility. One virtualization technology that many organizations take advantage of is called virtual desktop infrastructure (VDI). VDI empowers employees and employers with many benefits, no matter the size of the organization. One such benefit with VDI is the ability to provide centrally managed desktop environments to employees on any device. In doing so, the organization can rest assured that information is always accessed and managed in a secure fashion regardless of where the user is accessing information from. VDI is not for everyone. Yet it does serve a purpose in production environments like call centers that have a high concentration of taskbased workers, or to replace large scale office-based desktop deployments. However, as with any environment security should always play a pivotal role and should complement the business environment. With VDI it s no different; security should be seamless, without any effect on the user experience. Designed for physical environments, traditional security can hamper VDI deployments, thus reversing the purpose of adopting virtualization or VDI in the first place efficiency, flexibility and cost savings. This paper provides details about performance testing conducted using industry standard tools like Login VSI. The test results show the comparison of four security solutions available on the market today that have been specifically designed for virtualized environments. These test results are aimed to help organizations gain better insight into the sizing requirement and expected performance from their VDI deployments with optimized virtualization security. What is VDI? Virtual desktop infrastructure (VDI) is the practice by which a desktop operating system is hosted within a virtual machine. The virtual machine can be hosted in the organizations datacenter or from the cloud. In doing so, the VDI can be accessed from devices like thin clients, refurbished PCs, smart phones, tablets and so on. This provides organizations with the ability to guarantee quality end-user experience, regardless of the device used to connect to the corporate network. Virtualization security challenges It is a well-known fact that antivirus software is quite simply a requirement today. Applications running in physical, virtual or cloud-based environments are all susceptible to exploitation. Although traditional security can be used in virtualized environments, it is neither built nor optimized for virtualized environments. Using traditional antivirus solutions can result in specific challenges in a VDI environment such as: Low virtual machine consolidation ratios Boot latency AV storms Outdated AV on dormant virtual machines Administrative bottlenecks Consolidation ratios suffer as a result of using traditional security in virtual environments. Traditional security treats each virtual machine on a silo basis; it is not designed to evaluate all the virtual machine instances in a specific network or group. All application and user actions performed within the virtual machine instance are evaluated by the security agent within the operating system. This silo effect creates significant duplication, from signature databases to scan results for the same files, ultimately creating a performance problem, subsequently lowering virtual machine consolidation ratios. Boot latency is the result of using traditional antimalware in virtual environments. When a virtual machine is started, the security solution must download its latest antivirus engine signatures, as well as the latest software updates. This update process alone can take anywhere between 5 to 12 seconds, which creates a window of opportunity for malicious intent. Figure 1: Virtual Desktop Infrastructure AV storms occur when the traditional security solution agents installed on each virtual machine attempt to perform an update or a scheduled scan at the same time. In doing so, the host CPU, memory and IOP are overloaded, resulting in poor virtual machine performance and in some cases total host failure. Outdated AV on dormant virtual machines brings the management of traditional antimalware security solutions 3

full circle. Antimalware agents installed on dormant virtual machines can only be updated when the virtual machine is started, which results in boot latency issues and potentially AV storms, leaving the VM unprotected by the most current engine signature files. Management of traditional security solutions can become tedious; this is especially the case in larger deployments. Each time a new traditional agent is installed, it is registered to the security management console, for administration. When a virtual machine is deleted or dormant, the traditional agent still remains registered with the security console and the only way to remove that entry is manually. This can become a laborious, mundane task, especially for large organizations where virtual machines are constantly on the move. Choosing the right virtualization security solution Bitdefender used the Login Virtual Session Indexer, (Login VSI) to test how the four virtualization security solutions available on the market today impact a VDI environment. These results can be used in deciding the sizing requirements for a VDI environment when deploying virtualized security. Login VSI is an industry standard VDI benchmarking tool that simulates typical user behavior in VDI environments. The tool measures the total response time of several specific user operations being performed within a desktop workload in a scripted loop. There are three values in particular that are important to note the baseline, VSImax # VDI, and VSImax Dynamic. 1. The baseline is the measurement of the response time of specific operations performed in the desktop workload, which is measured in milliseconds (ms). 2. The VSImax # VDI is the maximum number of VDI sessions attainable on the host before experiencing degradation in host and VDI performance. 3. VSImax Dynamic is calculated based on the response times consistently being above a specific threshold. These thresholds are dynamically calculated on the baseline response time of the test. A low baseline depicts better user experience, resulting in applications responding faster in the VDI environment. Figure 2 outlines the test results of Security for Virtualized Environments (SVE) by Bitdefender compared to the three virtualization security products currently available on the market. There are a number of things to note: 1. The other three virtualization security solutions rely on VMware vshield Endpoint integration. Although SVE supports the same vshield Endpoint integration, it is not limited to only supporting environments that are using VMware vshield Endpoint. Bitdefender SVE has been purpose built and optimized for any virtualized environment. Figure 2 shows SVE for VMware vshield Endpoint and SVE Multi-platform version. 2. Security for Virtualized Environments (SVE) has the lowest Login VSI response times compared to its competitors, which results in better desktop workload performance and user experience. 3. As a result of SVE having the best response times, organizations using SVE are also able to achieve higher number of VDI sessions as compared to competitive security solutions. 4. With SVE one is able to attain at least 20 extra sessions compared to the nearest competitor. As a result; this equates to lower VDI costs due to less hardware being needed to host the same amount of VDI sessions. 200 150 100 50 0 No AV 194 165 Bitdefender SVE - Multi-platform Bitdefender SVE - VMware 145 143 Competitor A Competitor B Competitor C 120 118 Figure 3: Login VSI Max number of VDI sessions 6000 5000 4929 5105 5485 5686 5794 5892 4000 3000 2149 2235 2313 2000 1543 1684 1988 1000 0 No AV Bitdefender SVE - Multi-platform Competitor A Competitor B Bitdefender SVE - VMware Competitor C Figure 2: Login VSI response times 4

Conclusion It has already been proven, security is paramount to ensure that organizations applications and data remain safe. However, security should not hamper the business in any way. Choosing the right security solution can mean the difference between additional capital outlay on more hardware and frustrated employees and wasted productivity. In a VDI environment, the security solution implemented needs to have the least possible impact lower waiting times for applications to open will result in better employee productivity and consequently in fewer helpdesk calls. Security for Virtualized Environments is an all-encompassing security solution, specifically built for any virtualized infrastructure. When SVE is deployed in a VDI environment, it supports the highest number of VDI sessions achievable compared to any other virtualization security solution available on the market. When compared to other virtualization security solutions, using SVE in a VDI environment results in: Improved cost savings. Improved application response time. Increased number of VDI sessions. Flexibility of using any hypervisor. 5

Appendix Testing methodology The following example illustrates how the baseline(ms) is calculated: Activity Result (ms) Weight (%) Weighted Result (ms) Refresh document (RFS) 160 100% 160 Start Word with new doc (LOAD) 1400 33.3% 467 File Open Dialogue (OPEN) 350 100% 350 Start Notepad (NOTEPAD) 50 300% 150 Print Dialogue (PRINT) 220 200% 440 Replace Dialogue (FIND) 10 400% 40 Zip Document (ZIP) 130 200% 230 Baseline 1837 1. VsiMax Dymanic (ms): The formula for the dynamic threshold is: Avg. Baseline Response Time x 125% + 3000. As a result, when the baseline response time is 1800, the VSImax threshold will now be 1800 x 125% + 3000 = 5250ms. 2. VsiMax # VDI: When the response (ms) of all the sessions is above VsiMax Dymanic (ms) the Maximum number of logged on sessions (VsiMax # VDI) has been reached End of test 3. Number of machines: Before starting the actual tests, a number of VDIs are started waiting for VSI Login to login to the environment. 220 virtual machines are started at the beginning of each test run. This is performed to better mimic production environments where login may fail. Therefore, the number of standby VDIs is larger than the logged on VDIs and it has to be a constant value to make the test number of VDIs the same for all test runs. 4. Test Timeframe: The testing tool (Login Vsi Tool) launches sessions, there has to be some delay between the launched sessions. This value is set before testing to calibrate LoginVSI for the environment. The Timeframe value is the total time allocated for launching all 220 sessions. The testing tool will logon a user every 16 seconds. This means it must finish logging in all users within 3600 seconds. 5. Heavy workloads: The heavy workload utilizes higher memory and CPU consumption because more applications are running in the background. This workload simulated a power user. Once a session has been started the heavy workload will repeat every 12 minutes. During each loop the response time is measured every 2 minutes. The heavy workload opens up to 8 apps simultaneously. Type rate is 130ms per character. 40 seconds of Idle time to simulate real-world users. Each loop will open and use the following: Outlook 2007/2010, browse 10 messages. Internet Explorer, one instance is left open (BBC. co.uk), one instance browses to Wired.com, Lonelyplanet.com and heavy flash app gettheglass. com. Word 2007/2010, one instance to measure response time, one instance to review and edit document. Bullzip PDF Printer & Acrobat Reader, the word document is printed and reviewed to PDF. Excel 2007/2010, a very large randomized sheet is opened. PowerPoint 2007/2010, a presentation is reviewed and edited. 7-zip: using the command line version the output of the session is zipped. 6. OS description: Windows 7 X86 SP1, updated Defragmenter disabled Search indexer disabled Windows update disabled Scheduled tasks disabled Firewall disabled Windows defender disabled Web proxy auto-discovery disabled Themes disabled Superfetch disabled Application experience disabled Offline files disabled Security center disabled Machine debug manager disabled Error reporting disabled 1172 RAM allocated with no reservation 1 VCPU allocated with no reservation Pagefile set static to 2x RAM 6

About Login VSI As VDI and HVD are becoming more and more established as end-user infrastructure technologies, performance emerges as one of the key-issues in these centralized environments. Organizations that are researching or implementing these new infrastructures want to make the right decisions about vendors, products and capacity. After implementation they are looking for ways to predict the effect that infrastructure changes may have on overall performance. Login Virtual Session Indexer (Login VSI) is a vendorindependent benchmarking tool to objectively test and measure the performance and scalability of centralized Windows desktop environments such as Server Based Computing (SBC) and Virtual Desktop Infrastructure (VDI). Both leading IT-analysts and IT-vendors recognize and recommend Login VSI as the de-facto industry standard benchmarking tool for SBC and VDI. Login VSI can be used to test virtual desktop environments like Citrix XenDesktop and XenApp, Microsoft VDI and RDS (Terminal Server), VMware View, Quest vworkspace and other VDI/SBC solutions. Customers of Login VSI use the tool for different purposes: Benchmarking: Make the right decisions about different infrastructure options based on tests. Load-testing: Gain insight in the maximum capacity of your current (or future) hardware environment. Capacity planning: Decide exactly what infrastructure is needed to offer users an optimal performing desktop. Change Impact Analysis: To test and predict the performance effect of every intended modification before its implementation. Infrastructure vendor organizations that are committed to continuously improving the field of performance and scalability use Login VSI as an objective benchmark to test, compare, and improve the performance and scalability of their solutions. They publish the results in technical white papers (for an overview please visit www.loginvsi.com) and present the results at conferences. Login VSI is also used by end-user organizations, system integrators, hosting providers and testing companies. Login VSI is the standard tool used in all tests that are executed in the internationally acclaimed Project Virtual Reality Check (for more information visit www.projectvrc.com). About Bitdefender Bitdefender is a global company that delivers security technology in more than 200 countries through a network of value-added alliances, distributors and reseller partners. Since 2001, Bitdefender has consistently produced award-winning security technology, for businesses and consumers, and is one of the top security providers in virtualization and cloud technologies. Through R&D, alliances and partnership teams, Bitdefender has created the highest standards of security excellence in both its number-one-ranked technology and its strategic alliances with some of the world s leading virtualization and cloud technology providers. 7

ENTERPRISE.BITDEFENDER.COM All Rights Reserved. 2012 Bitdefender. All trademarks, trade names, and products referenced herein are property of their respective owners. FOR MORE INFORMATION VISIT: ENTERPRISE.BITDEFENDER.COM

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback