Provider, put my antivirus on VDI

Among our clients there are companies that use Kaspersky solutions as a corporate standard and independently manage anti-virus protection. It would seem that the virtual desktop service in which the provider monitors the antivirus is not very suitable for them. Today, I'll show you how customers can manage their own protection without compromising the security of virtual desktops.



In the last post, we have already described in general how we protect customers' virtual desktops. Antivirus within the VDI service helps to strengthen the protection of machines in the cloud and independently control it.



In the first part of the article, I'll show you how we manage the solution in the cloud and compare the performance of cloud-based Kaspersky with traditional Endpoint Security. The second part will be about the possibilities of self-management.









How we manage the solution



This is what the architecture of the solution looks like in our cloud. For the anti-virus, we distinguish two network segments:



  • the client segment where the virtual workstations of users are located,
  • management segment where the server part of the anti-virus is located.


The management segment remains under the control of our engineers, the customer does not have access to this part. The management segment includes the main administration server KSC, which contains license files, keys for activating client workstations.



This is what the solution consists of in terms of Kaspersky Lab.



  • (LA). , SVM Β« Β». , , Β«VDI Β». 
  • (Security virtual machine, SVM). , . SVM: .
  • Kaspersky security center (KSC) . , .






This scheme of work promises to save up to 30% of the hardware resources of the user's machine compared to antivirus on the user's computer. Let's see what is in practice.



For comparison, I took my work laptop with Kaspersky Endpoint Security installed, ran a scan and looked at resource consumption:



 



And here is the same situation on a virtual desktop with similar characteristics in our infrastructure. It eats about the same memory, but the CPU load is two times lower:







The KSC itself is also quite demanding on resources. We allocate

enough for it to make the administrator comfortable to work. See for yourself:







What remains under the control of the customer

So, we have dealt with the tasks on the provider's side, now we will provide the customer with anti-virus protection management. To do this, we create a child KSC server and move it to the client segment:







Go to the console on the client KSC and see what settings the customer will have by default.



Monitoring . On the first tab, we see the dashboard. It is immediately clear which problem areas you should pay attention to: 







Let's move on to statistics. A few examples that you can see here.



Here, the administrator will immediately see if an update has not been installed on some machines

or if there is another problem related to software on virtual desktops. Their

update may affect the security of the entire virtual machine:







In this tab, you can analyze the detected threats to a specific threat found on the protected devices:







The third tab contains all possible options for pre-configured reports. Customers can create their reports from templates, choose what information will be displayed. You can configure sending to mail on a schedule or view reports locally from the

administration server (KSC).   





 

Administration groups . On the right, we see all managed devices: in our case, virtual desktops managed by the KSC server.



They can be combined into groups to create common tasks and group policies for different departments or for all users at the same time.



As soon as a customer has created a virtual machine in a private cloud, it is immediately detected on the network, and Kaspersky sends it to unallocated devices:







Group policies are not applied to unallocated devices. To avoid manually scattering virtual desktops into groups, you can use rules. This is how we automate the transfer of devices to groups.



For example, virtual desktops with Windows 10, but without the administrator agent installed, will fall into the VDI_1 group, and with Windows 10 and the agent installed, they will fall into the VDI_2 group. By analogy with this, devices can also be automatically distributed based on their domain ownership, location in different networks and according to certain tags that the client can set based on his tasks and needs on his own. 



To create a rule, simply launch the wizard for distributing devices into groups:







Group tasks . With the help of tasks, KSC automates the execution of certain rules at a certain time or at a certain moment, for example: performing a virus scan is performed during off-hours or when the virtual machine is β€œidle”, which, in turn, reduces the load on the VM. In this section, it is convenient to run scans on virtual desktops within a group on a schedule, as well as update virus databases. 



Here is a complete list of available tasks:







Group Policies . With a subsidiary KSC, the customer can independently extend protection to new virtual desktops, update signatures, configure exceptions

for files and networks, build reports, and manage all types of checks on their machines. Including - restrict access to specific files, sites or hosts.







Core policies and rules can be turned back on if something goes wrong. In the worst case, if misconfigured, light agents will lose communication with the SVM and leave the virtual desktops unprotected. Our engineers will be immediately notified of this and can enable policy inheritance from the main KSC server.



These are the basic settings that I wanted to talk about today. 



All Articles