How We Tested Virtualization Security

We did not test performance. We concentrated on what it took to setup new policies, hosts, reports, and user roles in each product, and how the various parts of each product worked to protect a typical multi-host ESX installation.

We did not test performance. We concentrated on what it took to setup new policies, hosts, reports and user roles in each product, and how the various parts of each product worked to protect a typical multi-host ESX installation.

We asked each vendor to set up their test ESX hosts and provide remote access to the test equipment via several methods: VPN, Web, Remote Desktop or Secure Shell. This was done so we wouldn't have to spend time in setting up a complex virtual environment for our tests and could concentrate on the functional differences of each product. All of the products can use just a Web browser to connect to one or more portals to configure and run, Reflex has an additional Windows client needed for certain operations, and BeyondTrust relies on terminal mode command-line access for most of its heavy lifting. Some products have agents that run inside the hypervisor (Catbird, Reflex, BeyondTrust, and part of the Trend Micro product). That sounds good in theory until you realize that your host can quickly fill up with so many agents as to impact its performance - again, this is something to be aware of.

At a minimum to test any of these products, you'll need at least two ESX hosts: one with running VMs that you want to protect, and one running the vendor's own protection software or management, monitoring and reporting tools. You will need to have at least ESX v3 or later installed on your hosts, and some products will require v4 versions along with additional VMware support software such as vSphere Management Assistant, vShield or vCloud to be pre-installed.

Return to main test.