Balancing VDI Security and Performance

By 2019, more than four-fifths (86 percent) of workloads will be processed by cloud data centers.

Overall data center workloads will more than double (2.5-fold) from 2014 to 2019; however, cloud workloads will more than triple (3.3-fold) over the same period.

The workload density (that is, workloads per physical server) for cloud data centers was 5.1 in 2014 and will grow to 8.4 by 2019. Comparatively, for traditional data centers, workload density was 2.0 in 2014 and will grow to 3.2 by 2019.

Start with hypervisor security and VM isolation. Your hypervisor has become the critical junction for nearly all virtual technologies. Desktops, applications and a variety of servers sit directly on top of your hypervisor platform. With that in mind, why not start your security solution at the hypervisor level? Now you can directly integrate security technology into your hypervisor to stop malicious threats before they hit your virtual machines. Look for enterprise-ready solutions incorporating anti-virus and Intrusion Detection Systems (IDS) technologies, which protect the hypervisor and everything sitting on top. This allows you to better control security resources and how they’re delivered, enabling segmentation of VMs for different user populations which have different security needs. Therefore, you can deliver strong security to some workloads without negatively affecting the performance of other workloads or VDI sessions in the environment.

Introduce agentless technologies. New security platforms are allowing agentless antivirus and firewall technology to sit on the hypervisor. Agentless security allows you to run a security service as a virtual machine and monitor all VMs sitting on top of the hypervisor. This means you don’t need to install a security software client into the actual virtual machine; all security inspection takes place in the hypervisor. This saves CPU resources and increases VM density by up to 30 percent. These types of next-gen security products, such as Trend Micro Deep Security, allow for complete traffic control into the VM and isolation between VMs. Furthermore, with the agentless model, the security software performs incremental scans up to 50x faster and proactively detects malicious attacks.

Integrate with infrastructure management/monitoring tools. You have installed agentless security and have deployed advanced security on your hypervisor. How can you tell it’s all performing well? Now you can integrate ecosystem monitoring and management solutions. For example, plugging configuration and performance management technologies into your hypervisor’s management environment can give you far greater control over your virtual infrastructure. This includes the ability to: