We are happy to share with you a recording of our free webinar held by virtualization experts Alex Karavanov, Virtualization Security Engineer, 5nine Software and Max Kolomyetsev, Product Manager, Starwind Software. During the webinar, our experts revealed how to achieve high availability and get deplete protection from external threats for Free Microsoft Hyper-V Server.
Let`s have a brief overview of what had been discussed during the webinar.
Importance of highly available and protected Hyper-V infrastructure:
What is specific about protecting the virtual infrastructure?
By switching to virtual infrastructure, you gain multiple benefits such as running hundreds of VMs and applications on the same physical host. However, if any of those VMs becomes corrupted, the impact on your Hyper-V infrastructure can become extremely high. That is why it is very important to protect your high-density Hyper-V servers in the most effective way.
In addition, another significant advantage of virtualization is the ability to create VMs in a fast manner – you need just a couple of minutes to provision a new VM. This, in fact, can cause an uncontrolled VM sprawl that may be especially hard to manage from the security standpoint unless you are using specialized security solutions. When you provision a new unprotected VM, it can become a target for external threats that may affect your overall infrastructure. Therefore, you should always keep an eye on that and be sure your VMs stay protected.
Moreover, VMs in Hyper-V infrastructure communicate through the Virtual Switch providing the ability to process traffic on 10-gigabit speed. However, as soon as you don`t see the traffic outside of the Hyper-V host, such a traffic becomes hard to control. If you use legacy physical appliance, you obviously get some blind spots. It is very important to have a solution that will provide you with functionality to monitor all the traffic even if it happens within the Hyper-V host itself.
Current infrastructures also have multiple dynamic IT loads. You can use live migrations to move VMs around but that causes ever-changing security posture. When one of your Hyper-V hosts is not as secured as another one it may lead to some kind of protection issues. You have to make sure that all of your Hyper-V hosts stay protected in the same manner.
A protected virtual infrastructure should provide fault tolerance and high-availability. Should one server fail you should have everything automatically restarted on the second server.
Finally, one of the cornerstones in the security world of virtualized datacenter is storage security. A compromised access to SAN leads to compromising all the data.
What should you do to make sure that your systems are HA and protected?
Hyper-V security with 5nine Software solutions
From the security point of view, 5nine Software provides agentless protection of Hyper-V VMs. Using 5nine Cloud Security for Hyper-V enterprises and cloud providers are able to:
- Provide Hyper-V isolation: protect VMs from any internal and/or external network security breach.
- Protect Hyper-V VMs with agentless Antivirus: unique agentless AV technology for Hyper-V that allows saving CPU resources and increasing VM density by up to 30%.
- Enforce Hyper-V compliance: get required level of protection in order to be compliant with PCI-DSS, HIPAA or Sarbanes-Oxley security standards.
- Secure multi-tenant Hyper-V environment: multiple tenants in your virtual network should have access to their resources while being absolutely isolated and protected from each other
The benefits of using agentless approach to protect Hyper-V VMs
Traditional agent-based antivirus solutions are a legacy choice for virtual environments because of the dynamic nature of virtual machines. With agentless antivirus you can protect all the virtual machines on the host without having to deploy an agent to each one of them. Instead, you offload your antivirus scans to a virtual host.
When you use agent-based approach there is a high demand on computing resources because the antivirus software simultaneously scans all the virtual machines on a physical host. This can cause what is called an “AV storm”.
5nine Cloud Security provides the Antivirus protection on the host level itself so you don`t need to install anything inside a VM for AV scans. Firewall and IDS gets integrated into the Hyper-V Extensible Switch and that allows doing those processes in an agentless manner.
Incremental scan technology
5nine Cloud Security supports Changed Block Tracking (CBT) technology to make AV scans 50-70x times faster than traditional full scans. Using CBT technology allows processing only changed blocks of data in VM disk file during AV scanning. This is another benefit available for virtual environments, as you greatly save your time and resources on AV checks. Actually, you spend between 40 seconds to 3 minutes on the process of AV scanning (depending on changes to VM virtual disk) instead of 40 minutes when dealing with regular full scans.
A storage part of the story
Starwind offers its Virtual SAN solution designed to make the storage management process easy and efficient. Let`s look briefly at what Starwind Virtual SAN is and what benefits it provides when used in virtualized environments.
StarWind Virtual SAN is entirely software-based, hypervisor-centric virtual machine storage. It creates a fully fault-tolerant and high-performing storage pool that is built for the virtualization workload “from scratch”. StarWind Virtual SAN basically “mirrors” inexpensive internal storage between hosts. Virtual SAN completely eliminates any need for an expensive SAN or NAS or other physical shared storage. It seamlessly integrates into the hypervisor for unbeatable performance and exceptional simplicity of use.
Advantages of using Starwind Virtual SAN
The main point is that Starwind Virtual SAN provides a zero hardware footprint for the production environment. Instead of putting an extra piece of hardware you just install the software on the existing nodes, mirror the existing storage and use it as a HA resource tool. This allows creating a highly available and fault tolerant cluster with just 2 physical servers and no extra hardware. You don`t need any proprietary equipment, you can use any industry`s standard server platform and it is automatically supported.
One more interesting thing about Starwind is that if you compare two similar configurations in an old-fashioned SAN and the same set-up in Starwind Virtual SAN, the latter will be faster. That happens because it sits inside the server and doesn`t need to go to the bottleneck of the storage fabric back and forth. The latency is minimized and you can utilize local RAM to leverage direct memory access to this server and use local Flash. It would be the way faster than with any storage fabric running behind the servers.
One more thing that differentiates the software-defined storage from the hardware-based analogues – it is the level of performance you get with the same set of hardware.
Another benefit is that everything in Starwind is managed with an easy-to-use centralized GUI. So you don`t need to go to each host individually to manage networking proprieties. You do everything from your laptop and that`s really convenient.
Storage security is one of the key components of a highly available and protected virtualized infrastructure, because as we have already mentioned, having a key to the SAN is like having a key to the backdoor of the whole datacenter.
Starwind allows easing the management and compliance processes. There is no proprietary hardware or proprietary technologies used within Starwind. Being a Windows-level application, Starwind Virtual SAN can be easily installed in the existing equipment, quickly configured and managed with standard Windows security tools – no 3rd party instruments are required for managing security.
Moreover, Starwind provides 360 Security set – it supports a broad range of security instruments, such as CHAP, IPSec & Kerberos authentication, ACLs, BitLocker support and more.
Starwind Virtual SAN can run on Free and Core Microsoft OS versions.
Stay tuned with the latest security trends!