Datasheet
applicatiOn SerViceS
|
25
conjunction with the virtualization layer, they are expected to provide higher levels of security to
virtual machines compared to even physical servers. The following are examples of such VMsafe-
based VMware-aware security products:
A single antivirus virtual appliance that protects a vSphere host and all virtual machines
•u
running on it.
A network security virtual appliance that protects network access for all virtual machines
•u
on a vSphere host.
Security solutions that are aware of advanced VMware features such as DRS and vDS and
•u
that continue to protect virtual machines as they migrate using VMotion, Storage VMotion,
or vDS network VMotion.
VMk e r n e l Pr o t e c t i o n
vSphere introduces several security mechanisms to assure the integrity of the VMkernel and
loaded modules as they reside on disk and in memory. It leverages disk integrity mechanisms
to protect against malware, which might attempt to overwrite or modify VMkernel as it persists
on disk. vSphere makes use of Trusted Platform Module (TPM), a hardware device embedded in
servers, to protect the boot-up of the hypervisor.
VMkernel modules are digitally signed and validated during load time to ensure the
authenticity and integrity of dynamically loaded code. VMkernel also uses memory integrity
techniques at load time coupled with microprocessor capabilities to protect itself from common
buffer-overflow attacks that are used to exploit running code. All these techniques are part of
ongoing efforts to protect the hypervisor from common attacks and exploits and create a stron-
ger barrier of protection around the hypervisor.
Scalability
Scalability services allow the vertical and horizontal scaling of virtual infrastructure while
ensuring that the right amount of resources are allocated to applications without any disruption.
VMware ESX and ESXi scalability vSphere continues to extend the maximum supported
configurations for the underlying physical hardware used by ESX and ESXi as well as virtual
machines running on them. vSphere also makes the switch to 64-bit versions of VMkernel
and Service Console for better scalability.
VMware DRS VMware DRS improves scalability in vSphere deployments in two ways. First,
it automatically and continuously balances the workload across ESX servers within a cluster,
making sure that no single virtual machine is bottlenecked on resources. Second, it provides
a proportional resource allocation mechanism using shares, reservations, and limits so that
you can dynamically control the resources used by a virtual machine without the need for any
reboot.
Virtual machine hot-add support Virtual hardware version 7 in vSphere 4 introduces hot-add
support for various virtual devices. The ability to add more resources to a virtual machine
without powering it off can help you improve virtual machine scalability as needed. This
functionality is supported only if the underlying guest operating system supports it.
563601c01.indd 25 6/29/10 4:41:03 PM