In mid May McAfee, or better the now security division of Intel, announced a two-phases partnership with Citrix to deliver security solutions specifically tailored for virtual desktop infrastructures (VDI).
The first phase involved releasing a VDI-optimized antivirus, while the second is about introducing a single out-of-band security agent that control the whole virtual infrastructure through hypervisor’s APIs (something the industry usually calls introspection).
A couple of weeks ago McAfee completed the first step, announcing the availability of its new Management of Optimized Virtual Environments (MOVE) antivirus.
MOVE is based on a lightweight agent, that pseudo-randomizes some of its activities on the virtual desktops’ virtual hard drive, and that doesn’t carry on the scanning and removal engine.
The core activities are in fact executed out of band, in a remote, dedicated virtual appliance. What the optimized agents, which are centrally managed by McAfee ePolicy Orchestrator (ePO), really do is copying the suspicious files from the potentially infected virtual desktop to the security virtual appliance, over a secure channel.
Interestingly, the two companies report that MOVE AV can increase user density by 60% even if no specific benchmarks seem available for review at the moment. It’s an interesting claim, worth to be verified, considering that McAfee supports Microsoft Hyper-V, VMware ESX and of course Citrix XenServer as backend hypervisors for XenDesktop.
McAfee’s competitor TrendMicro announced a similar move in June. Its VDI-optimized OfficeScan supports XenDesktop too, along with VMware View.
Now, of course, both companies are expected to deliver the second-phase product, which will support both XenServer and XenClient and that is expected to have a much greater impact on performance.