Azure VMware Solution (AVS) is designed, built, and supported by Microsoft and provides customers with a private cloud of hosted vSphere clusters, cloud certified by VMware. AVS enables customers to seamlessly extend or migrate their VMware workloads to Azure without the cost of re-architecting applications with a set of familiar VMware technologies and tools – including vSphere, vSAN, and NSX-T.
Security challenges in a hybrid world
The hybrid cloud ecosystem has arrived, though it also introduces new security challenges for adopters. While Microsoft manages the security "of" the cloud, security "in" the cloud is still the customer's responsibility (shared responsibility in the cloud). Adopting the cloud model not only expands your organization's security perimeter – a challenge on its own – but often leads to fragmentation of IT solutions, increased complexity, and limited visibility.
Bitdefender GravityZone is an integrated cloud workload platform that secures servers, containers, or virtual desktop infrastructure (VDI) workloads and is a fully compatible security platform for the Azure VMware Solution.
GravityZone is a security platform built for resilience. A single agent provides a combination of prevention, detection, and response capabilities. A single console provides visibility into workloads both on-premises and in the cloud. GravityZone integrates with AVS, providing a real-time overview of virtual machines and applied policies. Any time a virtual machine is created, moved, or deleted, changes are detected and inventory in the security server is updated. GravityZone also supports security management policies assigned to objects such as resource pools, folders, or distributed networking – the right security policy can be assigned to a virtual machine as soon as it is created.
GravityZone platform showcasing inventory of virtual machines deployed in Azure VMware Solution
Optimized for the virtual workloads
Legacy infrastructure is not designed to run effectively with cloud-based workloads, often unnecessarily increasing the overall cost. GravityZone Security for Virtualized Environments (SVE) is optionally deployed as an appliance to optimize performance and reduce operational costs. SVE is built from the ground up for virtualization and cloud computing, allowing linear scaling with built-in features such as high availability and load balancing. SVE also includes multi-level caching and scan offloading capabilities. These features significantly reduce CPU, memory, and storage requirements. For more about the impact on scalability, VM density, and responsiveness, read our whitepaper.
Optimized security for virtual workloads
With intelligent caching and offloading, scanning engines and threat intel databases are centralized on SVE appliances. When a security scan is requested, local (on a virtual machine) and global (on a security server) caches are first inspected. The central security server performs a security scan and updates local and global caches if no match is found. A global cache is synchronized between security servers.
To further improve performance, pre-trained cache (for example, known system files) are utilized together with self-learning cache. This scanning and caching functionality is based on file segments that are important to antimalware engines rather than scanning complete files. This means less data needs to be transferred. Similar files only need to be scanned once, and the cache is then deduplicated.
Multi-leveled caching for virtual and cloud workloads
In case of connectivity issues or unexpected failure, local agents will find another server or fall back to local scanning. While lightweight agents prefer optimized central scanning, also work independently if needed.
How to deploy Bitdefender GravityZone solution into AVS
The first step is to deploy Bitdefender GravityZone Control Center appliance - in our example, we host the appliance inside the AVS environment, but there are other available architectures. We show initial configuration and finally connect this appliance to AVS.
The second step is about optimizing security for virtual workloads. We deploy GravityZone Security Server inside the AVS environment and finish the initial configuration. GravityZone Security Server (also known as SVA) is the server component used for scan offloading and centralized caching.
The third and final step is about deploying the agent Bitdefender Endpoint Security Tools (BEST) inside the AVS. We prepare the deployment package, create and assign a policy to virtual machines and finally deploy BEST agents.
Azure VMware Solution is a private cloud offering hosted by Microsoft and meets customers where they are today, providing an easy path to a hybrid cloud strategy. Adopting hybrid cloud model is not recommended without the proper security tools and infrastructure in place.
Bitdefender's GravityZone unified security platform has been tested and validated to work with AVS while providing several key benefits, including integration for better visibility, industry-leading threat prevention, detection, and response, and intelligent caching. These features significantly reduce IOPS, memory, and CPU usage, improve performance, and reduce operational costs.
To learn more on how Bitdefender secures virtualized environments, visit GravityZone Security for Virtualized Environments.