How does antimalware software affect VM performance? How can we overcome these performance problems?
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Antimalware software (like antivirus software) presents a special problem for virtual machines. Although it is certainly possible to install and operate antimalware tools inside a virtual machine, it's important to remember that the antimalware tool can make significant demands on computing resources -- especially when it runs a scan. This means the tool can demand a sizable portion of CPU cycles, some memory space and almost exclusive access to storage.
The impact really isn't such a big deal when the underlying system supports a single workload (such as your desktop PC), and software developers attempting to develop software might indeed create a desktop VM -- complete with common antimalware products -- to simulate a complete desktop or other endpoint environment while isolating the environment from other workloads. This happens routinely in test and development situations.
But just imagine a server consolidated to run 10 or 12 enterprise-class workloads in order to maximize the use of server resources. When antimalware tools run (especially when they run simultaneously), the sudden burden on system resources can slow workloads to a crawl. Consider the hit to shared storage when 10 VMs all try to scan a LUN across the storage network.
There are several options to guard a virtualized server against malware while minimizing the performance problems antimalware software can present. First, IT administrators can consider installing antimalware software that is designed and optimized to reduce the computing burden on virtual machines. One example is Symantec Endpoint Protection software, which integrates with VMware vShield Endpoint. A second alternative is to install antimalware tools in the host rather than in each guest. This is certain to protect the host, and network scanning can often monitor network traffic to each VM. A third option is to install antimalware protection in the form of a dedicated network-based appliance, such as WatchGuard's XTM product line or Cisco's IronPort S-Series Web Security Appliances, which are designed to provide a network traffic gateway that can scan for malicious content before it ever reaches the servers and virtual machines.
Related Q&A from Stephen J. Bigelow
VSAN 6.6 and 6.6.1 boast new features, such as vSAN Configuration Assist, integration with vROps and a streamlined upgrade process to improve storage...continue reading
For enterprises that require powerful security and resiliency, vSAN 6.6 presents an array of features, such as encryption and stretched clusters, to ...continue reading
Certain versions of the Linux kernel offer more complete and uniform support for paravirtualization than others due to the open source nature of ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.