Hyper-V scalable Virtual Switch changes VM Security Mode

The release of Windows Server 2012 has brought many new features, including Hyper-V vswitches. Similar to other vswitches, a VM can be connected to a physical Nic. The core feature of Windows Server 2012 is the scalability of switches, allowing third parties to expand their functions.

How can an extensible vswitch work?

Windows Server 2012 Hyper-V extensible switch is bundled with the Driver stack of the switch through an extended package (NDIS-Network Driver Interface Specification Filter Driver) created by Microsoft or its third-party partners. These vswitch expansion packages can perform common network monitoring and filtering actions in the virtual network. In addition, the vswitch extension kit can monitor or even modify virtual networks by sending or accepting virtual network traffic to network management tools. This allows the expansion kit to not only report the status of virtual network traffic, but also act as a firewall or bandwidth control software.

This scalability allows important applications to access the Hyper-V virtual network and helps the Hyper-V administrator. In addition, applications can directly access the virtual network. For example, network analysis, anti-virus or anti-malicious Access Scanning, firewall packet filtering, bandwidth control, and other applications (for more information about vswitch Extension Kits and how to create drivers, microsoft's website has some content about the Hyper-V vswitch extension driver ).

Last year's Microsoft TechEd Summit presented several applications that can use the Hyper-V virtual network function: cisco's Nexus 1000 V for Windows 2012 Hyper-V, Inmon sFlow for Windows 2012 Hyper-V, and NEC's OpenFlow for Windows 2012 Hyper-V.

Working principle of Windows 2012 Hyper-V agentless Security Products

One unique product, Security Manager of 5 nine Software, claims to be the first agentless Security solution for Hyper-V. Their products provide firewall, anti-virus, anti-malicious access, and intrusion protection for Hyper-V virtual networks through Windows 2012 Hyper-V Scalable Switches.

The company expects the Security Manager to replace the existing enterprise-level anti-virus solution in the Hyper-V virtual architecture. There are several advantages of using the agentless anti-virus software. Proxy-less virus scanning in virtual machines is faster than proxy-based scanning. 5 nine Software claims that its incremental, agentless anti-virus scans are 70% faster than Agent-based products. Their point is that the time saved by running anti-virus software on each virtual machine is equivalent to saving resources. This resource saving means that the virtual performance will not be affected by anti-virus scanning and will not affect the user experience. In the non-proxy mode, you can avoid the impact of the "AV Storm", and do not need to maintain the proxy or update the signature of the anti-virus software on multiple servers. For enterprises, the proxy-less anti-virus method can improve the integration rate of virtual machines, potentially saving the cost of server hardware.

The time saved is because the operating system of the VM has never been used, but is replaced by the Hyper-V host machine to perform anti-virus incremental scanning on the virtual disk files of the VM. The incremental scan process only performs data blocks that have changed from the virtual disk after the last scan (unlike the anti-virus agent in the virtual machine operating system that scans all changed files ).

 

Figure 1. 5 Security Manager of nine Software

5 nine Software's Security Manager takes about 40 s to perform an incremental scan on the VM tool.

You can also set filtering rules for inbound and outbound traffic of each VM. This completes real-time virtual network traffic filtering, monitoring, and bandwidth control through the Security Manager of the vswitch extension package. You will see that by deploying a centrally controlled virtual firewall on the Hyper-V Vm, I can create inbound and outbound rules and monitor the traffic that allows and denies access.

The previous section introduced how the Extensible virtual switch works and how Windows 2012 Hyper-V agentless security products work. After understanding this, the Hyper-V administrator should pay attention to some issues during the implementation process.

Three considerations for Hyper-V Administrators

We can see that Windows 2012 Hyper-V vswitches now provide extensions and how new products can be created, including 5 nine Software's Security Manager for Hyper-V. How should the Hyper-V Administrator take actions to enjoy the new features provided by Windows 2012 Hyper-V scalable switch?

1. reevaluate traditional security products: Remember that traditional backup and security products may not work during migration from physical servers to virtual machines.

2. Consider other solutions: Hyper-V and the Scalable switch can do something you did not imagine before. For example, if you do not use Anti-Virus products on physical servers because you are worried about the impact on server performance. With Hyper-V and Security Manager similar to 5 nine Software, you can protect all servers without compromising performance. Similarly, you may not have imagined running a shared firewall before all the servers in the data center-now it is feasible to use Hyper-V and Scalable Switches.

3. testing and learning: with the release of the latest hypervisor and its new functions (similar to the functions of Scalable Switches ), it is time for administrators to spend some time testing and learning how these solutions help them improve their virtual architecture management. If you do not test these functions on your own, it is hard to imagine the value of these functions.