We are in the process of getting Security to buy off on our PCI ESX cluster design. ONe thing that came up was antivirus in the COS. Is antivirus necessary in the ESX cos and if it isn't is there a good whitepaper or statement from VMware that I could show as proof? and next question; if there isn't something like this, how about for ESXi? I thought ESXi eliminated the COS, so shouldn't having an AV agent be negligable in this situation? Once again, is there some supporting document on this? And last question! Does VMSafe for vSphere address and solve most of these issues?
From my experience anitvirus software is not necessary for the service console.
This is an article written on techtarget on this topic from last year.
This is also a good board post on the topic
http://communities.vmware.com/message/1030091;jsessionid=4F44B8A6C48B53176A84B7C81367C791
www.phdvirtual.com, makers of esXpress
From my experience anitvirus software is not necessary for the service console.
This is an article written on techtarget on this topic from last year.
This is also a good board post on the topic
http://communities.vmware.com/message/1030091;jsessionid=4F44B8A6C48B53176A84B7C81367C791
www.phdvirtual.com, makers of esXpress
Execellent links Petedr. I understand some shops have a security mandate to install AV in the SC, but we need to stop treating every OS as if were Windows. How about we install Norton in a Cisco IOS, a KVM switch or a SAN? At some point the people driving these security mandates to install AV in everything (because that is what they are used to in the windows world) have to be educated on how separation of traffic and other security measures protect the ESX COS.
Hello,
Moved to the Security Forum.
have a security mandate to install AV in the SC, but we need to stop treating every OS as if were Windows
This is true, but if you do install AV in the SC, just take special care on how you scan things. You asked whether VMsafe solves this, and the answer is maybe.
TrendMicro has a product that uses the VDDK (vStorage APIs) to scan VM disk whether they are running or not. This is a great way to do things as you can keep track of AV even if the VM is powered down.
Other than that, VMsafe will not help with disk scans, it will help if you have a network IPS available to VMsafe-net.
Best regards,
Edward L. Haletky VMware Communities User Moderator, VMware vExpert 2009
Virtualization Practice Analyst[/url]
Now Available: 'VMware vSphere(TM) and Virtual Infrastructure Security'[/url]
Also available 'VMWare ESX Server in the Enterprise'[/url]
[url=http://www.astroarch.com/wiki/index.php/Blog_Roll]SearchVMware Pro[/url]|Blue Gears[/url]|Top Virtualization Security Links[/url]|
[url=http://www.astroarch.com/wiki/index.php/Virtualization_Security_Round_Table_Podcast]Virtualization Security Round Table Podcast[/url]