Kaspersky Security for Virtualization

Kaspersky Security for Virtualization is an integrated solution that protects virtual machines on a VMware ESCi host against viruses and other computer security threats and network threats. Application components are integrated into the VMware virtual infrastructure using VMware vShield Endpoint technology and VMware Network Extensibility SDK 5.1 technology from the VMware vCloud Networking and Security 5.1.2 suite. Integration by means of Vmware vShield Endpoint and VMware Network Extensibility SDK5.1 technologies helps to protect virtual machines without the need to install additional anti-virus software on guest operating systems.

Kaspersky Security protects virtual machines with Windows guest operating systems, including server operating systems. It protects virtual machines when they are active and online (not disabled or paused) and if they have the VMware vShield Endpoint Thin Agent driver installed and enabled.

Kaspersky Security makes it possible to configure the protection virtual machines at any level of the hierarachy of VMware inventory objects: Vmware vCenter Server, Datacenter object, VMware cluster, VMware ESCi host that is not part of a VMware cluster, resource pool, vApp object and virtual machine. The application supports the protection of virtual machines during DRS cluster migration in VMware.

Kaspersky Security includes the following components:

• File Anti-Virus: Protects the file systems of a virtual machine against infection. The component is launched at the startup of Kaspersky Security. It protects the file system of virtual machines and scans their files.
• Network Attack Blocker: Scans network traffic of virtual machines , detecting and blocking activity that typical of network attacks and checks URLs visited by the user against a database of malicious URLs, blocking access to them. The Network Attack Blocker component registers as the Kaspersky Network Protection service in VMware vShield Manager.

Kaspersky Security for Virtualization - Features

Current Features:

• Protection: The application protects the file system of the guest operating system of a virtual machine. The application scans all files opened or closed by the user or a different program on a virtual machine for viruses and other threats.
  • If the file is free from viruses and other threats, Kaspersky Security grants access to the file.
  • If a file is found to contain viruses or other threats, Kaspersky Secrutiy performs the action that is specified in its settings, ie deletes or blocks the file.
• Scam: The application scans virtual machine files for viruses and other threats. Virtual machine files must be scanned regularly with new anti-virus databases to prevent the spread of malicious objects. You can perform an on-demand scan or specify a scan schedule. Kaspersky Security sends information about all events occuring during scan tasks to the Administration Server of Kaspersky Security Center.
• Network Attack Blocker: The applications scans the network traffic of virtual machines for activity typical of network attacks. On detecting an attempted network attack targeting a virtual machine, Kaspersky Security can block the IP address from which the network attack originated. Kaspersky Security sends information about events occuring during virtual machine protection against network attacks to the Administration Server of Kaspersky Security Center.
• URL Scan: The application checks URLs visited by the user or an application via the HTTP protocal against a database of malicious URLs. On detecking an URL in the database of malicious URL,s the application can block access to this URL. Kaspersky Security sends information about all events occruing during URL checks to the Adminstration Server of Kaserpsky Security Center.
• Storing Backup Copies of Files: The application allows storing backup copies of files that have been deleted or modified during disinfection. Backup copies files are stored in Backup in a special format and pose no danger. If a disinfected file contained information that is partly or completely inaccessible after disinfection, you can attempt to save the file from its backup copy.
• Updating Antivirus Database: The application downloads updated anti-virus databases. Updates keep the virtual machine protected against new viruses and other threats at all times. You can run anti-virus database updated manually or specify and update schedule for anti-virus database.

Kaspersky Security for Virtualization - System Requirements

Hardware requirements

To run Kaspersky Security for Virtualization on an SVM, the following minimum system resources are required:

• virtualized processor with clock speed of 2 GHz;
  
• 512 MB of allocated RAM;
  
• 30 GB of allocated free disk space;
  
• virtualized network interface with a bandwidth of 100 Mbit/s.

Software requirements

To run the application in the virtual infrastructure, one of the following hypervisors must be installed:

• Microsoft Windows Server 2008 R2 SP1 with the Hyper-V role (in the full installation or Server Core mode) with all available updates installed
  
• Microsoft Windows Server 2012 with the Hyper-V role (in the full installation mode) with all available updates installed
  
• Microsoft Windows Server 2012 R2 with the Hyper-V role (in the full installation or Server Core mode) with all available updates installed
  
• Citrix XenServer 6.1 with all recommended fixes installed
  
• Citrix XenServer 6.2 SP1
  
• Citrix XenServer 6.5
  
• VMware ESXi 5.1 with latest updates installed
  
• VMware ESXi 5.5 with latest updates installed
  
• VMware ESXi 6

It is only possible to connect Light Agent to an SVM and ensure the correct functioning of the application if you have deployed Light Agent and the SVM on the platforms for which they are intended. That is, connecting Light Agent deployed on Hyper-V or Citrix platforms to SVMs installed on VMware hypervisors is not supported. Conversely, connecting Light Agent deployed on a VMware platform, to SVMs installed on Hyper-V or Citrix hypervisors is not supported.

For installation and correct work of SVMs installed on a VMware ESXi hypervisor VMware vCenter server (version 5.1, or 5.5, or 6.0) with all available updates must be installed in the virtual infrastructure.

Installing an SVM on a Microsoft Windows Server (Hyper-V) hypervisor that is not a part of an Active Directory domain requires that Windows Remote Management (WinRM) version 3.0 be installed on the hypervisor. WinRM 3.0 is a part of the Windows Management Framework 3.0 distribution that is available for download on Microsoft official website.

Protected virtual machines require one of the following guest operating systems:

• Windows 7 Enterprise (32 / 64-bit)
  
• Windows 7 Professional SP1 (32 / 64-bit)
  
• Windows 8 Pro / Enterprise (32 / 64-bit)
  
• Windows 8.1 Pro / Enterprise (32 / 64-bit)
  
• Windows Server 2003 R2 Standard SP2 (32 / 64-bit) - except for the Citrix XenServer hypervisor
  
• Windows Server 2008 R2 Standard SP1 (64-bit)
  
• Windows Server 2012 (64-bit)
  
• Windows Server 2012 R2 (64-bit)