Dr.Web Enterprise Security Suite can be used for protecting virtual infrastructure—virtual machine clusters providing services to clients (hereinafter referred to as client VMs): virtual hosting, remote desktop services, corporate clouds, etc.
One or several virtual machines in the cluster are assigned as service VMs; by means of the special software (Dr.Web Scanning server) installed on them the service VMs process requests for anti-virus scanning from other VMs.
The Scanning server includes:
•the Scanning Engine that scans the received data for threats;
•virus bases and filter bases for Office control.
The Dr.Web Agent software is installed on the client VMs, after which it needs to be connected to the Scanning server so that Dr.Web Agent enters Dr.Web Virtual agent mode. In this mode it operates under the control of Dr.Web Server and transmits requests for anti-virus scanning as well as files to be scanned to the Scanning server on the service VM. This mode of operation allows to significantly reduce the load on client virtual machines due to the following factors:
•scanning is performed outside client VMs;
•there is no need to keep virus databases and filter databases updated on client VMs.
Configurations with the Scanning server allow to:
•save RAM;
•reduce the load on the disk subsystem of a VM;
•reduce the network load.
Such approach causes higher CPU usage. Configurations with the Scanning server are most efficient when the virtual network is arranged within one physical server. Only using a virtual (rather than physical) network for data transfer between VMs located on the same server (hypervisor) can ensure a high data exchange rate and scanning speed.
The Scanning server can be included in any group. It is also possible to combine Scanning servers into a separate group, including automatically on the basis of predefined rules.
|
Adding the Scanning server to groups and defining membership rules is performed in the same way as for any other station. Detailed information on group management can be found in the Including Stations into Groups section. |
Dr.Web Agent operating in Dr.Web Virtual agent mode sends requests for scanning files and URLs to the Scanning server. After switching to this mode, Dr.Web Agent stops using virus databases and is left unprotected if the connection with the Scanning server is lost. Thus, Virtual agents can be used only if the Scanning server is installed and configured.