Securing VMware Virtual Desktop Infrastructure (VDI)

Bringing VMware NSX and Horizon together with Trend Micro Deep Security

For years virtual desktop infrastructure (VDI) has been a popular virtualization option for many organizations and VMware customers have relied heavily upon Trend Micro Deep Security to secure these environments.

VMware and Trend Micro have been working together to continue to evolve and advance the protection of VDI deployments. Most recently the focus has been on introducing advanced security controls with Trend Micro Deep Security that secure a combined VMware NSX (network virtualization platform) and Horizon 6 (VDI) environment. This solution offers organizations the chance to make huge leaps forward in the security and management of their virtualized desktop deployments.

Two big challenges that have slowed the adoption of large-scale desktop virtualization in the past are:

	The lack of effective security that is equal to or better than a physical desktop Difficulty scaling out deployments rapidly and quickly without losing visibility or control.

In today’s data centers, security for these deployments is even more critical because of the need to limit “east-west traffic,” the internal traffic that occurs between servers in the data center. However, “east-west traffic” isn’t monitored well, if at all, by traditional perimeter defenses. And a basic surfing or email mistake by a trusted end user could bring a threat right past those defenses into your data center—resulting in a costly breach.

Advanced security controls are essential for VMware-based environments

Deep Security is a security platform built for VMware environments. It provides advanced security controls, both network- and system-based, from a single virtual appliance. VMware NSX with Horizon enables micro-segmentation and automates the deployment and provisioning processes. This allows for the insertion of advanced security services like Trend Micro’s Deep Security that includes:

	Anti-malware IDS/IPS Integrity monitoring URL filtering Virtual patching

All of these capabilities run agentlessly from the hypervisor level. This means that they’re very lightweight and provide instant, automated protection as soon as a new virtual desktop is spun up. They can also offer huge performance gains. In addition, the tight integration between NSX, Horizon, and Deep Security means that you can do new kinds of automated remediation of threats in the data center.

From a deployment perspective, you’ll need to deploy one virtual appliance for each ESX host, and that appliance then provides protection for all of the VMs on that host (PPT build). Deep Security is tightly integrated with VMware solutions so that when a VM or virtual desktop is spun up or down, the security assigned to that unit automatically follows it wherever it goes in the data center, greatly reducing management overhead and the chance for manual configuration errors. In addition, Deep Security’s agentless architecture optimizes performance in VMware environments by offloading security scanning from the guest VMs to the host. Administrators will see a noticeable gain in performance, as much as 30%, resulting in a much improved end user experience after deployment.

Organizations are already leveraging these Deep Security benefits with Horizon, even without NSX as the foundation. However, when we add NSX to the mix, we make the advanced security provided by Trend Micro even more powerful and easy to deploy, as it becomes part of the data center fabric. With NSX, we create the ability to automate security provisioning and processes, and to micro-segment workloads, allowing you to scale your environment faster and more securely than ever before.

Advanced Threats, automated remediation, and the unification of security

The combination of VMware NSX and Horizon provides the framework for automation and micro-segmentation. Deep Security takes advantage of those capabilities to provide the security that protects the workloads. Deep Security can then detect a previously unknown threat and trigger an automated remediation of that threat. Today, companies are deploying Deep Security and leveraging NSX capabilities to tag events to fully automate the detection and remediation process. Finally, by applying micro-segmentation to the workload, you can ensure that the new threats can’t proliferate within the data center.

The bottom line is that organizations that deploy Horizon 6, NSX, and Deep Security in their modern data centers can enjoy easier management, extensive automation, greater scalability, and improved security as a result. In addition, performance of virtual desktops is dramatically improved and risk to the data center is reduced.

Visit us at VMworld (Booth #1505)

Trend Micro is the experienced leader in server security and delivers a comprehensive security platform optimized for the VMware environment. Our tightly-integrated Deep Security platform with automated threat protection capabilities is built to work seamlessly with all the key VMware solutions including vSphere, NSX, vCloud Air, Horizon VDI/DaaS, and vRealize Operations. We hope you can join us in our booth (#1505) at VMworld for a personal demonstration showing how we can help secure your VMware deployments.

from Trend Micro Simply Security http://ift.tt/1HXU6lb
via IFTTT