Symantec Endpoint Protection 11.0 Securing Virtual Environments Best Practices White Paper. Updated 7/20/2010



Similar documents
How To Set Up A Shared Insight Cache Server On A Pc Or Macbook With A Virtual Environment On A Virtual Computer (For A Virtual) (For Pc Or Ipa) ( For Macbook) (Or Macbook). (For Macbook

Symantec Endpoint Protection (SEP) 11.0 Configuring the SEP Client for Self-Protection

W H I T E P A P E R : T E C H N I C A L. Understanding and Configuring Symantec Endpoint Protection Group Update Providers

Symantec Endpoint Protection 11.0 Architecture, Sizing, and Performance Recommendations

Symantec Endpoint Protection

Data Sheet: Endpoint Security Symantec Endpoint Protection The next generation of antivirus technology from Symantec

Data Sheet: Endpoint Security Symantec Endpoint Protection The next generation of antivirus technology from Symantec

WHITE PAPER: BEST PRACTICES. Sizing and Scalability Recommendations for Symantec Endpoint Protection. Symantec Enterprise Security Solutions Group

Symantec Endpoint Protection

Best Practices for Running Symantec Endpoint Protection 12.1 on the Microsoft Azure Platform

Small and Midsize Business Protection Guide

How To Protect Your Computer From A Malicious Virus

Redefining Endpoint Security: Symantec Endpoint Protection Russ Jensen

Data Sheet: Endpoint Security Symantec Protection Suite Enterprise Edition Trusted protection for endpoints and messaging environments

Symantec Endpoint Protection

Improve Backup Performance by Upgrading to Symantec Backup Exec 12.5 with Service Pack 2

Data Sheet: Backup & Recovery Symantec Backup Exec 12.5 for Windows Servers The gold standard in Windows data protection

WHITE PAPER: TECHNICAL OVERVIEW. NetBackup Desktop Laptop Option Technical Product Overview

Data Sheet: Endpoint Security Symantec Network Access Control Comprehensive Endpoint Enforcement

Symantec Backup Exec System Recovery

Symantec Endpoint Protection

Optimized data protection through one console for physical and virtual systems, including VMware and Hyper-V virtual systems

Symantec Endpoint Protection 11.0

Symantec Endpoint Protection

Consulting Services for Veritas Storage Foundation

Data Sheet: Messaging Security Symantec Brightmail Gateway Award-winning messaging security for inbound protection and outbound control

Virtual Desktops Security Test Report

Data Sheet: Backup & Recovery Symantec Backup Exec System Recovery Windows Small Business Server Edition

Data Sheet: Backup & Recovery Symantec Backup Exec System Recovery The Gold Standard in Complete Windows System Recovery

Symantec AntiVirus Enterprise Edition

Virtual Machine Protection with Symantec NetBackup 7

Symantec Desktop and Laptop Option 7.6

Symantec LiveUpdate Administrator. Getting Started Guide

Symantec Endpoint Protection Datasheet

Data Sheet: Storage Management Veritas Virtual Infrastructure Bringing enterprise-class storage management to virtual server environments

INFORMATION PROTECTED

Best Practices for Running Symantec Endpoint Protection 12.1 on Point-of- Sale Devices

Symantec Protection Suite Small Business Edition

Symantec Mobile Security

Veritas Cluster Server by Symantec

How To Protect A Virtual Desktop From Attack

WHITE PAPER: ENTERPRISE SOLUTIONS. Quick Recovery of Microsoft Active Directory Using Symantec Backup Exec 11d Agent for Active Directory

Minimize the impact of downtime and disruption. Replace time-consuming manual processes with fast, automated recovery.

WHITE PAPER: DATA PROTECTION. Veritas NetBackup for Microsoft Exchange Server Solution Guide. Bill Roth January 2008

Symantec Backup Exec.cloud

Norton Personal Firewall for Macintosh

Host-based Protection for ATM's

Data Sheet: Archiving Altiris Server Management Suite 7.0 from Symantec Essential server management: Discover, provision, manage, and monitor

Data Sheet: Server Management Altiris Server Management Suite 7.0 Essential server management: Discover, provision, manage, and monitor

Confidence in a connected world. Veritas NetBackup 6.5 for VMware 3.x Best Practices

Data Sheet: Storage Management Veritas CommandCentral Storage 5.1 Centralized visibility and control across heterogeneous storage environments

Veritas InfoScale Availability

UP L17 Virtualization: Security Without Sacrificing Performance

Athena Mobile Device Management from Symantec

Veritas Cluster Server from Symantec

Two Great Ways to Protect Your Virtual Machines From Malware

Endpoint protection for physical and virtual desktops

Symantec Workspace Streaming: Enabling the Dynamic Management of Software Licenses

VDI Security for Better Protection and Performance

Symantec Backup Exec 2012

Technology Blueprint. Secure Your Virtual Desktop Infrastructure. Optimize your virtual desktop infrastructure for performance and protection

WHITE PAPER: HIGH CUSTOMIZE AVAILABILITY AND DISASTER RECOVERY

Deputy Secretary for Information Technology Date Issued: November 20, 2009 Date Revised: December 20, Revision History Description:

Symantec NetBackup 7 Clients and Agents

Advanced Server Virtualization: Vmware and Microsoft Platforms in the Virtual Data Center

PST Migration with Enterprise Vault 8.0: Part 1 - Solution Overview. Author: Andy Joyce, EV Technical Product Management Date: April, 2009

Symantec Backup Exec System Recovery

Symantec Protection Suite Small Business Edition A simple, effective and affordable solution designed for small businesses

Getting Started with Symantec Endpoint Protection

Symantec Backup Exec 11d for Windows Servers New Encryption Capabilities

Virtualization of CBORD Odyssey PCS and Micros 3700 servers. The CBORD Group, Inc. January 13, 2007

VMware Security Briefing. Rob Randell, CISSP Senior Security Specialist SE

McAfee MOVE / VMware Collaboration Best Practices

Direct virtual machine creation from backup with BMR

WHITE PAPER: ENTERPRISE SECURITY. Symantec Backup Exec Quick Recovery and Off-Host Backup Solutions

Endpoint Virtualization for Healthcare Providers

Symantec Virtual Machine Management 7.1 User Guide

TECHNICAL WHITE PAPER. Symantec pcanywhere Security Recommendations

Table of Contents Introduction and System Requirements 9 Installing VMware Server 35

Code Injection From the Hypervisor: Removing the need for in-guest agents. Matt Conover & Tzi-cker Chiueh Core Research Group, Symantec Research Labs

WHITE PAPER: customize. Comprehensive Backup and Recovery of VMware Virtual Infrastructure Symantec Backup Exec 12.5 for Windows Servers

Symantec Endpoint Protection Analyzer Report

Kronos Workforce Central on VMware Virtual Infrastructure

Symantec Brightmail Gateway Real-time protection backed by the largest investment in security infrastructure

Veritas NetBackup 6.0 Server Now from Symantec

Symantec Protection Suite Enterprise Edition for Servers Complete and high performance protection where you need it

VMware/Hyper-V Backup Plug-in User Guide

HP Virtual Controller and Virtual Firewall for VMware vsphere 1-proc SW LTU

Symantec NetBackup 5000 Appliance Series

Demystifying Virtualization for Small Businesses Executive Brief

Virtualization Support - Real Backups of Virtual Environments

Symantec Endpoint Protection 11.0 Home Use & Student Use Overview

Transcription:

W H I T E P A P E R : T E C H N I C A L S E C U R I T Y S O L U T I O N S Symantec Endpoint Protection 11.0 Securing Virtual Environments Best Practices White Paper Updated 7/20/2010

White Paper: Symantec Enterprise Security Solutions Securing Virtual Environments with Symantec Endpoint Protection Content Scope... 3 Executive Summary... 3 What is Virtualization... 3 Supported Virtualization Platforms... 3 What is Symantec Endpoint Protection... 4 Best Practices for Symantec Endpoint Protection Clients in a Virtual Environment... 4 Best Practices for Security Overview... 4 Best Practices for Performance Overview... 5 Randomizing Virus Definition Updates... 5 Randomizing Scans... 5 Updating Virus Definitions directly from the SEPM... 6 Updating Virus Definitions Using LiveUpdate... 8 Scheduled Scans... 9 Best Practices for Symantec Endpoint Protection Manager on a guest system... 9 Appendix A: Licensing... 10 Appendix B: Looking Forward VMSafe... 10

Scope This White Paper provides an overview on Best Practices when running Symantec Endpoint Protection in a virtual environment, and offers an overview of what factors to consider when using Symantec Endpoint Protection in virtual environments. It does not give specific sizing guidelines, as many factors can influence performance of multiple guest hosts in a virtual environment. Note: In certain configurations or environments, Symantec Endpoint Protection might not be the recommended solution to maintain security. For example, Symantec Critical System Protection might be the preferred solution for a locked down VDI workstation or similar guest operating system. Please contact a Symantec Sales Engineer or Consultant if you have questions about your particular environment. This White Paper addresses cases where Symantec Endpoint Protection is considered the proper solution for securing a virtual environment. Executive Summary Symantec Endpoint Protection 11.0 fully supports, virtual environments. This White Paper provides an overview of the most common considerations when running Symantec Endpoint Protection in virtual environments. It describes specific points about how to secure virtual environments while maintaining acceptable performance of guest systems. What is Virtualization Virtualization is the abstraction and simulation of resources. Platform virtualization/virtual Machines (VMs) are software simulations of physical machines. Virtualization enables more than one running operating system per physical machine. The technology got its start on mainframes decades ago, allowing administrators to avoid wasting expensive processing power. Symantec Endpoint Protection components run in virtual systems just as on physical hardware, although you may need to slightly increase basic hardware requirements for the physical system account for overhead due to running multiple virtual environments concurrently. Supported Virtualization Platforms The following Virtualization Platforms are supported by Symantec Endpoint Protection 11.0 VMWare (WS 5.0, GSX 3.2, and ESX 2.5, ESX 3.x) Microsoft Virtual Server 2005 Hyper-V Note: this list is current as of the date of this white paper s publication. For a current list of support platforms, please refer to: http://service1.symantec.com/support/ent-security.nsf/docid/2008121812110848 3

What is Symantec Endpoint Protection Symantec Endpoint Protection 11.0 combines Symantec Antivirus with advanced threat prevention to deliver unmatched defense against malware for laptops, desktops, servers and guest hosts in a virtual environment. It seamlessly integrates essential security technologies in a single agent and management console, increasing protection and helping lower total cost of ownership. Specifically, Symantec Endpoint Protection 11.0 provides the following protection technologies: Antivirus and Antispyware Firewall Intrusion Prevention (both Network and Host based) Device Control Network Access Control (optional add-on) The core components required to run a centrally managed Symantec Endpoint Protection 11.0 environment include: Symantec Endpoint Protection client (on each machine you wish to protect) Symantec Endpoint Protection Manager (a web server, utilizing Microsoft IIS and Apache Tomcat) Database (by default, the SEPM automatically installs an embedded database, based upon Sybase Adaptive Server Anywhere version 9) Symantec Endpoint Protection Manager console (Java-based, can be run from anywhere with network access to the Manager) Best Practices for Symantec Endpoint Protection Clients in a Virtual Environment The main considerations when running Symantec Endpoint Protection in a virtual environment are the same as running on physical hardware: Security and Performance. The following Best Practices address how to ensure security for a virtual environment while maintaining performance and stability. Best Practices for Security Overview Symantec Endpoint Protection protects Windows-based operating systems, and must be installed on each instance of Windows to ensure protection. For example, if an administrator runs a Windows-based host with multiple Windowsbased guest virtual machines, each discrete Windows instance must have Symantec Endpoint Protection installed to avoid any security gaps. In general, the default settings for Symantec Endpoint Protection are appropriate to ensure the security of a guest operating system. 4

Best Practices for Performance Overview When running Symantec Endpoint Protection in a virtual environment, consider how multiple guest systems can impact hardware resources on a host system. This is especially true when routine tasks happen simultaneously on multiple guest systems. Due to extremely high I/O, the following tasks are examples that can degrade performance if run on multiple guest systems simultaneously. Virus Definition Updates Scheduled Scans Symantec recommends using randomization to minimize the impact on hardware resources when these tasks occur. Randomization ensures each client on a guest system does not run a scheduled scan or update virus definitions at the same time. Randomizing Virus Definition Updates Symantec Endpoint Protection clients can update their virus definitions either directly from the Symantec Endpoint Protection Management server or by running the LiveUpdate component on the client to download virus definitions. Randomizing Scans SEP RU6a includes a scan randomization feature designed to ease the load on the host machine by running scans at different times. This feature is especially useful in virtual machine environments helping to reduce the overall load at any given time on the host computer. The need for this feature arose from potential performance and bottleneck issues when scans would start and run simultaneously on host machines running multiple VMs. This feature corrects that bottleneck and ensures scans are not started simultaneously in multiple VM environments thus greatly improving overall performance. The Amber release will include Idle time and Scan Less features further improving performance of scanning VM environments. More information on these Amber features will become available in the coming months. 5

Updating Virus Definitions directly from the SEPM Symantec Endpoint Protection 11 Maintenance Release 3 introduced a randomization feature to the Communications Settings for clients which will optimize performance in a virtual environment. These settings are configured via the communications settings within any group. 6

Note: Uncheck the box next to Inherit policies and settings from parent group to configure the Group specific settings. In the following Communication Settings dialog box, make the following changes as shown below: 1. Configure clients to use Pull Mode 2. Place a check in the Enable randomization 7

Note: Depending on the number of clients in the virtual environment, consider increasing the heartbeat interval as needed. Additionally, if the time at which clients update virus definitions causes a performance impact, consider increasing the randomization window as needed. Updating Virus Definitions Using LiveUpdate Alternatively, clients can be configured to run LiveUpdate to download Virus Definitions directly from Symantec. To prevent many clients from updating Virus Definitions simultaneously, Symantec recommends that you randomize the LiveUpdate schedule. To configure clients to run LiveUpdate with a randomized schedule, configure the LiveUpdate Settings policy as follows: 8

1. In the Symantec Endpoint Protection Manager, select the Policy Page and then select LiveUpdate 2. Open or create a LiveUpdate Settings policy for editing. 3. In the Server Settings dialog box uncheck Download Definitions from management server unless the randomization setting has been enabled in the client group s communication settings. 4. Make sure there is a check next to Use a LiveUpdate Server. 5. In the Schedule dialogue enable scheduling and configure a schedule during non peak times 6. Make sure there is a check box next to randomize the start time Scheduled Scans Scheduled scans require consideration in a virtual environment due to the potential for performance degradation. How often and when scheduled scans should be run will depend on security policies in your organizations. The following Knowledge Base articles apply to Scheduled Scan tuning in general and should be considered when configuring scheduled scans for guest systems: Ensure Scan Tuning options are set for Best Application Performance : http://service1.symantec.com/support/ent-security.nsf/docid/2008082509323748 Consider using multithreading during scheduled scans: http://service1.symantec.com/support/ent-security.nsf/docid/2005062813030748 Consider utilizing the resumable scan feature: http://service1.symantec.com/support/ent-security.nsf/docid/2005062806252148 Note: the specific options that are appropriate will depend on your environment. Additionally, Symantec recommends dividing up guest clients in different groups with different scheduled scan times to avoid performance degradation. Also, consider scanning compressed files one or two levels deep (instead of default 3). Best Practices for Symantec Endpoint Protection Manager on a guest system When running a Symantec Endpoint Protection Manager in a guest host, ensure the Symantec Endpoint Protection Manager guest operating system has at least two virtual CPUs and that CPU throttling is disabled in ESX. Furthermore, Symantec recommends following the same recommendations noted above for running multiple guest systems. The previously discussed settings establish how clients communicate with the manager and how the clients receive content from the manager, both of which affect how much CPU and Disk I/O the manager requires. Simultaneous content downloads can severely affect performance of a host virtual environment. In summary, Symantec recommends configuring clients to communicate with the Symantec Endpoint Protection Manager in Pull Mode and enabling randomization for content downloads in the Communications Settings. 9

Appendices Appendix A: Licensing Section 17.2 in the End User License Agreement states that each running instance of Symantec Endpoint Protection Client requires a license. This includes a running instance that exists due to cloning a virtual system. The exact wording is as follows: 17.2. Notwithstanding anything to the contrary contained in this License Agreement, if the Licensed Software is Symantec Endpoint Protection, each running instance (physical and/or virtual) of such Software must be licensed. You create an instance of software by executing the software s setup or install procedure. You also create an instance of software by duplicating an existing instance. References to software include instances of the software. You run an instance of software by loading it into memory and executing one or more of its instructions. Once running, an instance is considered to be running (whether or not its instructions continue to execute) until it is removed from memory. Appendix B: Looking Forward VMSafe VMsafe is an API provided by VMWare to enhance security in virtual environments. Symantec is partnering with VMWare to leverage this technology to improve security and performance of virtual environments. For more information please refer to VMWare s VMSafe website: http://www.vmware.com/technology/security/vmsafe/partnerships.html This White Paper will be updated as more information about Symantec s VMSafe technology is made available. 10

About Symantec Symantec is a global leader in providing security, storage and systems management solutions to help businesses and consumers secure and manage their information. Headquartered in Cupertino, Calif., Symantec has operations in 40 countries. More information is available at www.symantec.com. For specific country offices and contact numbers, please visit our Web site. For product information in the U.S., call toll-free 1 (800) 745 6054. Symantec Corporation World Headquarters 20330 Stevens Creek Boulevard Cupertino, CA 95014 USA +1 (408) 517 8000 1 (800) 721 3934 www.symantec.com Copyright 2010 Symantec Corporation. All rights reserved. Symantec and the Symantec logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information