Planning a VDI rollout? Security management is easier than you think

Reading time: 4 min
Share this Share on email Share on twitter Share on linkedin Share on facebook

One of the greatest risks to the success of a Virtual Desktop Infrastructure (VDI) project comes from an unexpected source – the endpoint antimalware. It’s not because of the protection offered (although a VDI deployment can be a great opportunity to upgrade), but rather, it’s because of performance.


In pursuing a VDI deployment, the total cost is tied to the amount of supporting hardware needed to run the required number of desktops. Organizations often rely on various calculations, perhaps backed-up by an evaluation or trial, to scope the hardware requirements. However, if endpoint antimalware isn’t taken into account, there will be problems later-on.


Traditional antimalware is designed to run on dedicated hardware. A full agent can use hundreds of Megabytes of memory in each endpoint, along with CPU and storage resources. With VDI, many endpoints share hardware, and so the impact on the hardware very quickly adds-up.


The solution is to leverage endpoint antimalware that is designed for virtualization – such as Bitdefender Security for Virtualized Environments (SVE), a module with the security management console, GravityZone.


Rather than a duplicated the footprint across all desktop instances, SVE centralizes scanning tasks and the performance footprint at a Security Virtual Appliance. Only a small software toolkit, BD Tools, is left in each instance. Alternatively, VMware vShield Endpoint can be leveraged to accomplish the same thing.


The result is scan-task centralization and deduplication, which frees-up resources to run more desktop instances. Additional resources are freed since care-and-feeding (updates, upgrades) are centralized at the virtual appliance, rather than being applied at each at every desktop instance.


On the management side, SVE integrates with VMware vCenter and Citrix XenServer. This is important because, unlike traditional environments, in VDI deployments instances are created and destroyed at a rapid pace. If the management system cannot keep pace, it quickly becomes unusable – another major risk to the success of VDI projects.


Other GravityZone modules can be used to protect traditional endpoints (end-user and server), Windows and Linux systems, mobile devices, Exchange servers, and public cloud endpoints. In other words, with GravityZone, you need-not manage your VDI endpoint security separately from other systems.


The bottom line is that as you plan your VDI project, consider how you will deal with endpoint antimalware. If you wait until deploying in production, you risk considerable problems due to performance impact and management burden.