McAfee MOVE anti-virus
Last week we had a meeting with a McAfee Sales Engineer and he told us something I have been waiting for for a long time.
McAfee now has a product especially for virtualized environments, McAfee MOVE (Management for Optimized Virtual Environments). After Trend Micro, McAfee is now the second anti-virus company, that I know of, which has a product especially for virtual environments.
McAfee’s Management for Optimized Virtual Environments (MOVE) platform is combines speed ad security by significantly reducing the overhead of protecting individual machines in a VMware or Citrix virtual environment. Support for Microsoft Hyper-V is not available yet.
McAfee MOVE does this by offloading all anti-virus tasks to an appliance/server which needs to be installed on each ESX host or XenServer in a cluster. The only McAfee components which needs to be installed on the virtual server or desktop is the McAfee MOVE client and the ePO agent.
McAfee MOVE integrates with ePolicy Orchestrator (ePO) 4.5 patch 1 with which you can configure the MOVE client which than intercepts the traffic and scans it using the McAfee MOVE appliance/server. This means it can scan virtual servers and desktops online.
In general we tend to implement maximum protection on the endpoints which, with the traditional anti-virus approach, means a big load on the desktops. When running multiple desktops in a VDI scenario these big loads turn into a huge load on the ESX host or XenServer. This makes McAfee MOVE an ideal solution for VDI environments like VMware View or Citrix XenDesktop. Because the overall load of the combined desktops is lowered, the consolidation ratio can be much higher, lowering the cost of the virtual environment.
Below you can find the minimum system requirements. Actual requirements will vary depending on the nature of your environment.
Supported Virtualized Environments
Citrix XenServer 5.5
Virtual Desktop Infrastructure
Supported Virtual Machine Operating Systems
Microsoft Windows XP (32-bit)
Microsoft Windows 7 (32 and 64-bit)
MOVE Anti-virus for Virtual Servers
Microsoft Windows 7 (x86, AMD64)
Microsoft Windows 2008 R2 (AMD64)
Microsoft Windows 2008 Server (x86, AMD64)
Microsoft Windows Vista (x86, AMD64)
Microsoft Windows XP (x86, AMD64)
Microsoft Windows 2003 Server (x86, AMD64)
Virtual machine software installation
10 MB for MOVE client
ePolicy Orchestrator (ePO) agent
I somehow fail to see how this has anything to do with virtualization or why, for example, “VMware 4.0” would be required at all. It seems just like an agent which connects via IP to a dedicated scanserver to “offload” the scanning. My point is not that this wouldn’t be beneficial in some cases like VDI, but this has nothing to do with VMsafe/vShield/Xenserver/virtualization in general at all; it doesn’t even seem virtualization-aware.
Quite contrary to Trendmircos Deepsecurity 7.5 which was recently released and is based on vShield Endpoint.
I don’t know if it uses VMSafe or vShield but according to the McAfee Engineer it IS virtualization aware. True Trend Micro has some experience in this field and McAfee MOVE has just been released. But I’m glad there’s another player now besides Trend Micro which tries to address the virtualization/anti-virus dillema.
Spot the Trend Micro employee.
This is a way of managing scans on a VM Environment. It will also do neat things such as only scan a file once per hypervisor, regardless of how many VMs it appears on.
For a Citix environment it will only install an agent into each session and all the scanning is handled centrally, this has a proven performance benefit.