Virtual machines have become very widespread. A virtual machine (VM) is a software environment which ensures the working within one physical (“real”) machine (such as a computer or server) of another real computer. Several virtual machines can operate at the same time on one physical machine, which is also known as the “host machine”, thereby forming a virtual computer environment. In this case, the virtual machines utilize the same computing resources of the host machine, control of which resources is provided by a monitor of the virtual machines.
The monitor of the virtual machines, also known as a hypervisor, enables the simultaneous working of the virtual machines deployed on the host machine, and also controls the computing resources of the host machine, allocating them among the virtual machines. Thus, the hypervisor allocates a certain number of resources during the deployment of each VM in the virtual environment. Each VM then uses the allocated resources both for the working of its own operating system and to perform the tasks of the user. Moreover, the hypervisor can provide the virtual machines with means of communication and interaction with each other, such as network connections, as if they were different physical machines. Thus, it is possible to create a virtual local-area network on the host machine. Moreover, the capabilities of the hypervisor make it possible to impose various limits on the virtual machines, such as a limit on connecting to the Internet. In this case, a local-area network is formed that is isolated from the external network, which, for example, makes it possible to ensure the security of this network or of the virtual machines, while the communication with the external network occurs through the hypervisor or a specially designated VM. This variant is useful when creating corporate networks whose virtual machines may contain confidential information.
A virtual machine, like any physical computer device (such as a personal computer), is also vulnerable to malicious software. Consequently, there is a need to use an antivirus system for their protection, which is designed to detect and remove malicious software. At the same time, the realization of an antivirus system in a virtual environment has some special features. These are due to the fact that virtual machines do not have a physical hard disk drive (HDD), since this is emulated in the central processing unit of the host machine. Therefore, the input/output (I/O) operations carried out on virtual machines result in substantial burdening of the host machine processor and may even result in prolonged hanging of both of the VM when performing tasks, as well as the host machine itself. Hence, there is a need to reduce the number and volume of the I/O operations performed on the virtual machines. For this reason, a distributed antivirus system is created for implementing an antivirus system to protect a virtual environment, one of the advantages of which being a substantial decrease in the number of disk operations.
Such an antivirus system may be a distributed antivirus system that includes, for example, a virtual machine carrying out the tasks of antivirus checking (also known as a security virtual machine (SVM)), and agents located on each VM in the network and performing functions to enable the working of the SVM (transfer of data, detection and blocking of access to various objects residing on the VM).
However, if a very large number of VMs are deployed within a single host machine, there is also a continual growth in the workload of the SVM, which may result in its failure. Furthermore, scenarios are also possible where the connection between VM and SVM may be broken. Therefore, the antivirus protection in the context of a distributed approach to protection of a virtual environment, especially that of virtual machines, becomes difficult if not impossible. Therefore, for an effective use of the benefits of a distributed antivirus system of protection, it is necessary to ensure the condition of fault tolerance for such antivirus protection in the conditions of a virtual network infrastructure (environment).
Therefore, even though some current antivirus systems are aimed at solving the problem of optimizing the use of the host machine resources, they have one common drawback. The drawback is related to the lack of an assured fault tolerance of the antivirus protection in the conditions of a virtual environment.