1
Download Deep Security 7.5 SP1 Installation Guide
Transcript
Appendix A: The Virtual Appliance and the Coordinated Approach using Deep Security Agents The Virtual Appliance The Deep Security Virtual Appliance provides Anti-Malware, Firewall, Intrusion Detection/Prevention, Application Control, and Web Application protection services to Virtual Machines without requiring the presence of an in-guest Agent. The Virtual Appliance uses VMware's VMsafe-NET API to intercept network traffic at the hypervisor. It is supported on VMware vSphere 4 (Requires vCenter 4.1 and ESX 4.1). Security policies are applied per virtual machine. The Virtual Appliance provides some distinct security advantages over scenarios with an in-guest Agent: The Appliance is isolated from the guest. The guest can operate with only the minimum required software being installed. Short-lived and reverted machines for which administrator time may not have been allocated for installing security software can easily and quickly be protected. Virtual machines and other Appliances whose operating systems are not directly accessible can be protected, even those machines being managed by other administrators. The Deep Security Virtual Appliance simplifies deployment. There is no need to remotely install Agent software on the virtual machine. Connectivity to the virtual machine from Deep Security is not required. The Coordinated Approach Using the Virtual Appliance to protect virtual machines doesn't preclude the use of Deep Security Agents for virtual machines on the same host. This coordinated approach provides the following benefits: Allows you to implement the additional Integrity Monitoring and Log Inspection modules on the virtual machine. Recommendation Scans can be run on the virtual machines. Provides mobility to the virtual machines. They can be moved between data centers or cloud providers and the protection moves with them. Performance improvement. While the Deep Security Agent is active on the virtual machine, the Virtual Appliance automatically passes traffic through to the Agent. For the Coordinated Approach to be implemented for a particular protection module, both the Agent and the Appliance have to implement that protection. The following table shows the Deep Security protection modules that can make use of the Coordinated Approach: Supported by Appliance Supported by Agent Coordinated Approach Available Anti-Malware Yes No No Firewall Yes Yes Yes Deep Packet Inspection Yes Yes Yes Integrity Monitoring No Yes No Log Inspection No Yes No If you install an Agent on a virtual machine that was previously being protected only by a Deep Security Virtual Appliance, the virtual machine will have to be activated again from the Manager to register the presence of the Agent on the computer. 30
