Since a couple of years various anti-virus vendors have been using the vShield Endpoint API and VMsafe-net API for agentless anti-malware and network inspection. Basically this technology scans IO traffic to and from the virtual machine from inside the ESXi kernel instead of using an agent in each guest operating sytem .
The image below shows the architecture for Trend Micro Deep Security. It shows how third party solutions use VMware API’s.
vShield Endpoint API is used for anti-malware.
VMsafe-net API is used for network security.
With the introduction of VMware vSphere 6.0 things have changed. In short:
- for agentless anti-malware features customers can still use vShield Endpoint.
- for agentless network security features customers need to purchase VMware NSX. VMsafe-net API is not available anymore in vSphere 6.0
This is a good post about vShield Endpoint. To use it , customers need Shield Manager/vCloud Networking and Security Manager.
Mind vSphere 6.0 features are not supported on vCloud Networking and Security as can be seen in this post.
Trend Micro Deep Inspection version 9.6 supports VMware vSphere 6.0.
The image below shows which features are supported agentless or with using an agent for vSphere+vCNS and vSphere+NSX.
In short: available agentless features in vSphere 6 are anti-malware and integrity monitoring.
To continue using agentless deployment in VMware vSphere 6.0 for Web reputation, intrusion prevention and Firewall customers need to purchase NSX.