VMware vShield Endpoint
Enhanced Endpoint Security and Performance for Virtual Datacenters

Overview:

VMware vShield™ Endpoint strengthens security for virtual machines while improving performance for endpoint protection by orders of magnitude. vShield Endpoint offloads antivirus and anti-malware agent processing to a dedicated secure virtual appliance delivered by VMware partners. The solution is designed to leverage existing investments by allowing customers to manage antivirus and antimalware policies for virtualized environments with the same management interfaces they use to secure physical environments.

Key Benefits

• Improve consolidation ratios and performance by eliminating antivirus agents from guest virtual machines.
• Streamline antivirus and anti-malware deployment and monitoring in VMware environments.
• Improve security by consolidating antivirus software agents to reduce the attack surface.
• Satisfy compliance and audit requirements through logging of antivirus and anti-malware activities.

vShield Endpoint improves performance and consolidation ratios for antivirus and anti-malware in virtualized environments.

What is vShield Endpoint?

vShield Endpoint revolutionizes the thinking behind how to protect guest virtual machines from viruses and malware. The solution optimizes antivirus and other endpoint security for use in VMware vSphere® and VMware View™ environments.

vShield Endpoint improves performance by offloading virusscanning activities from each virtual machine to a secure virtual appliance that has a virus-scanning engine, as well as the stored antivirus signatures. For antivirus and anti-malware functions, this architecture eliminates the software agent footprint in guest virtual machines, frees up system resources, improves performance and eliminates the risk of antivirus "storms" (overloaded resources during scheduled scans and signature updates). Because the secure virtual appliance - unlike a guest virtual machine – doesn't go offline, it can continuously update antivirus signatures, giving uninterrupted protection to the virtual machines on the host. Also, new virtual machines (or existing virtual machines that went offline) are immediately protected with the most current antivirus signatures when they come online.

vShield Endpoint enhances security with a hardened, tamper-proof secure virtual appliance (delivered by VMware partners) that uses the robust and secure hypervisor introspection capabilities in vSphere, reducing the vulnerability of the antivirus and anti-malware service itself.

vShield Endpoint also provides VMware partners with interfaces to implement not just file scanning, but also memory and process scanning. Organizations can simultaneously use multiple security solutions; for example, they can use the sensitive data discovery capability in VMware vShield App with Data Security in one secure virtual appliance while using an antivirus solution in another secure virtual appliance.

Organizations can demonstrate compliance and satisfy audit requirements through detailed logging of activity from the antivirus or anti-malware service.

Administrators can centrally manage vShield Endpoint through the included vShield Manager console, which integrates seamlessly with VMware vCenter™ Server to facilitate unified security management for virtual datacenters.

How Does vShield Endpoint Work?

vShield Endpoint plugs directly into vSphere and consists of three components:

• Hardened secure virtual appliances, delivered by VMware partners
• Thin agent for virtual machines to offload security events (included in VMware Tools)
• VMware Endpoint ESX® hypervisor module to enable communication between the first two components at the hypervisor layer

For example, in the case of an antivirus solution, vShield Endpoint monitors virtual machine file events and notifies the antivirus engine, which scans and returns a disposition. The solution supports both on-access and on-demand (scheduled) file scans initiated by the antivirus engine in the secure virtual appliance.

When remediation is necessary, administrators can specify actions to take using their existing antivirus and anti-malware management tools, and vShield Endpoint manages remediation actions within the affected virtual machines.

How is vShield Endpoint Used?

The management console provided by the VMware partner is used to configure and control the partner's software hosted in the secure virtual appliance. VMware partners can provide a user interface that makes the management experience (including policy management) exactly like managing software hosted on a dedicated physical security appliance.

Virtual infrastructure administrators have a vastly reduced level of effort because virtual machines have no antivirus agents to manage. Instead, the partner's management console is used to manage the secure virtual appliance. This approach also avoids the need to administer frequent updates per virtual machine. For deployment, VMware Tools includes the thin agent, and the ESX module enables hypervisor introspection.

Virtual infrastructure administrators can easily monitor deployments to determine, for example, whether an antivirus solution is operating properly

Key Features:

Antivirus and Anti-Malware Offloading

• vShield Endpoint improves performance by using the vShield Endpoint ESX module to offload virus-scanning activities to a secure virtual appliance where the antivirus scanning is enforced.
• Tasks such as file, memory and process scanning are offloaded from virtual machines to a secure virtual appliance through a thin client agent and partner ESX module.
• vShield Endpoint EPSEC manages communication between virtual machines and the secure virtual appliance, using introspection at the hypervisor layer.
• Antivirus engine and signature files are updated only within the security virtual appliance, but policies can be applied across all virtual machines on a vSphere host.

Remediation

• vShield Endpoint enforces antivirus policies that dictate whether a malicious file should be deleted, quarantined or otherwise handled.
• Thin agent manages file remediation activity within the virtual machine.

Partner Integrations

• The EPSEC API enables VMware anti-virus partners to integrate with vShield Endpoint by providing introspection into file activity in the hypervisor. Essential anti-virus functions are supported through this API.

vShield Manager, Policy Management and Automation

• vShield Manager provides full-featured deployment and configuration of vShield Endpoint.
• Representational State Transfer (REST) APIs allow customized, automated integration of vShield Endpoint capabilities into solutions.
• Monitoring reports provided.
• vShield Manager can be leveraged as a vCenter plug-in.

Logging and Auditing

• Event logging is based on industry-standard syslog format.

VMware vShield Endpoint FAQs

1. What VMware products are compatible with VMware vShield Endpoint?

vShield Endpoint is compatible with:

• (Required) vSphere: 5.0 (including VMware ESX)
• vCenter Server: 5.0
• vShield App 1.0
• vShield Edge 1.0
• VMware View 4.5

 2. Is vShield Endpoint compatible with earlier versions of VMware ESX (3.0, 3.5) and VMware vCenter (2.5)?

vShield Endpoint is not compatible with these earlier versions of VMware ESX and VMware vCenter. Customers are encouraged to upgrade to current versions of vCenter and vSphere (including ESX 4.0, 4.1) to benefit from security and other advanced virtual data center management capabilities.

3. What are the main use cases for vShield Endpoint?

For virtual desktop (VMware View) deployments, enterprises can support thousands of internal and external users with:

• Comprehensive security for View servers
• Anti-virus agents to protect client data
• Optimal performance and scalability

vShield Endpoint, along with VMware vShield Edge, lets you:

• Improve performance by offloading AV processing
• Reduce costs by freeing up virtual machine resources and eliminating agents
• Improve security by streamlining AV functions to a hardened security virtual machine
• Protect View application servers from threats
• Demonstrate compliance and satisfy audit requirements with detailed logging of offloaded AV tasks

4. What are the similarities and differences between the various VMware security solutions?

Solutions for virtualized network security on vSphere-based environments:

• vShield App
• vShield App with Data Security
• vShield Edge
• vShield Endpoint

The following table summarizes a comparison of key features for these products:

Feature	vShield Edge	vShield App	vShield App with Data Security	vShield Endpoint
Deployment Method	Per port group	Per host	Per host	Per host
Enforcement	Between virtual datacenter and un-trusted networks	Between virtual machines	Between virtual machines	Within the guest virtual machine
Anti-virus, Anti-malware	No	Yes	Yes	Yes
Site-to-Site VPN	Yes	No	No	No
NAT, DHCP services	Yes	No	No	No
Load balancing	Yes	No	No	No
Sensitive Data Discovery	No	No	Yes	No
Stateful firewall	Yes	Yes	Yes	No
Change-Aware	Yes *	Yes	Yes	No
Hypervisor-based firewall	No	Yes	Yes	No
Application firewall	No	Yes	Yes	No
Flow Monitoring	No	Yes	Yes	No
Groupings for policy enforcement	Only 5-tuple** based policies	1) 5-tuple 2) Security Groups: resource pools, folders, containers and other vSphere groupings	1) 5-tuple 2) Security Groups: resource pools, folders, containers and other vSphere groupings	Any available vCenter groupings for virtual machines

* Edge security and services are maintained within the host where the edge appliance is deployed. If the virtual appliance were moved to another host, the edge security policies would need to be updated.

** A 5-tuple is defined as the combination of Source IP address, Destination IP address, Source Port, Destination port, protocol.

Support:

VMware Production Support & Subscription

Technical Support, 24 Hour Sev 1 Support -- 7 days a week.

Focused, 24-Hour Support For Production Environments

• Global, 24x7 support for Severity 1 issues
• Fast response times for critical issues
• Unlimited number of support requests
• Remote Support
• Online access to documentation and technical resources, knowledge base, discussion forums
• Product updates and upgrades

Overview

VMware Production Support is designed with your production environments in mind. Our global support centers are staffed around the clock to provide you access to our industry-leading expertise in virtualization and years of experience supporting virtual infrastructure products in real-world customer environments. We are committed to delivering enterprise-class, worldwide support with a single objective in mind: your success.

VMware Basic Support & Subscription Service

Technical Support, 12 Hours/Day, per published Business Hours, Mon. thru Fri.

Weekday Support for Test, Dev and Non-Critical Deployments

• Global, 12x5 access to support
• Unlimited number of support requests
• Remote Support
• Online access to documentation and technical resources, knowledge base, discussion forums
• Product updates and upgrades

Overview

VMware Basic Support is designed for non-critical applications and platforms that require support during normal business hours. Our global support centers have been strategically placed to provide you with fast and efficient access to the support center in your region. Each center is staffed with engineers that can provide industry-leading expertise in virtualization and years of experience supporting virtual infrastructure products in real-world customer environments. We are committed to delivering enterprise-class, worldwide support with a single objective in mind: your success.

Feature	Production Support	Basic Support
Hours of Operation	24 Hrs/Day 7 Days/Wk 365 Days/Yr 1	12 Hrs/Day Mon–Fri 1
Length of Service	1 or 3 Years	1 or 3 Years
Product Updates	Yes	Yes
Product Upgrades	Yes	Yes
Products Supported	All Products (excluding VMware Fusion and Player)	All Products (excluding VMware Fusion and Player)
Method of Access	Telephone/ Web	Telephone/ Web
Response Method	Telephone/ Email	Telephone/ Email
Remote Support	Yes	Yes
Access to VMware Web site	Yes	Yes
Access to VMware Discussion Forums and Knowledge Base	Yes	Yes
Max Number of Support Admins per Contract	6	4
Number of Support Requests	Unlimited	Unlimited
Target Response Times Critical (Severity 1 Major (Severity 2) Minor (Severity 3) Cosmetic (Severity 4)	30 minutes or less: 24x7 4 business hours 8 business hours 12 business hours	4 business hours 8 business hours 12 business hours 12 business hours
Business Hours North America and Latin America Alaska, Hawaii South America (NASA) Europe, Middle East, Africa (EMEA Asia, Pacific Rim, Japan (APJ) Australia/New Zealand	Monday - Friday 6 a.m. to 6 p.m. (local time zone) 6 a.m. to 6 p.m. (PST/PDT) 6 a.m. to 6 p.m. (EST/EDT) 7 a.m. to 7 p.m. (GMT/GMT+1) 8:30 a.m. to 8:30 p.m. (Singapore Time) 7 a.m. to 7 p.m. (Sydney AET)	Monday - Friday 6 a.m. to 6 p.m. (local time zone) 6 a.m. to 6 p.m. (PST/PDT) 6 a.m. to 6 p.m. (EST/EDT) 7 a.m. to 7 p.m. (GMT/GMT+1) 8:30 a.m. to 8:30 p.m. (Singapore Time) 7 a.m. to 7 p.m. (Sydney AET)

1Hours of operation for Gemstone are Monday - Friday, 8 a.m. to 5 p.m. (PST/PDT) globally.
1Hours of operation for VMware Go Pro and vCenter Protect products are 7 a.m. to 7 p.m. (CST/CDT), except holidays.
1Hours of operation for VMware IT Business Management and IT Financial Management are 8 a.m. to 5 p.m. (EST/EDT/GMT) except holidays.
1Hours of operation for Socialcast are 6 a.m. to 6 p.m. (PST/PDT).

Documentation:

Download the VMware vShield Endpoint Datasheet (PDF).

Download the VMware vShield Brochure (PDF).