Tuesday, June 29, 2010

Security in a mixed virtual and traditional desktop environment

How do you manage security in a virtual desktop environment? Mixed with traditional desktops?

Traditional security comes short when you start thinking about delivering the desktop virtually from the data center. Installing antivirus and firewall is not enough.

Why not?

Well, everybody now run their personal desktop from within the data center. The network is shared with mission critical servers. Of course you can segment your network, install gateways etc etc.  This will increase complexity, will be difficult to maintain, difficult to document, inflexible and expensive. A much easier way is to protect the sensitive infrastructure from the users.  Security should be based on the user session instead of on the device itself, as traditional security does. What we want is context based security!

What will this actually mean to me?

You do not have to create a complex infrastructure if security is tied to the user sessions. After user authentication, the user session will be locked down and external access will be limited. Access to USB drives, CD/DVD (yes even from a virtual desktop) and network can be limited and/or prohibited.  No complex scripting adapted to each and every OS/application is required. Security is maintained independently if the user logs on to Windows XP, Windows Vista, Windows 7 or Windows Server 200x. No need for complex firewall rules or locking down local drives with NTFS. One golden stateless image is possible.

RES PowerFuse solves all your headaches!

The user context (id, role, location, device and time) will continously be evaluated and a limited content will be composed. The composition can consist of access to applications, data, printers and of course the users personal settings. You will get a dynamic User Workspace where applications and resources only are available to the right user at the right time at the correct location. This applies even if other applications are installed - they will not be available to the user if security policys apply. Unauthorized processes will not be able to execute in the user session. RES PowerFuse will allow you to use white listing on application level.

What happens if a user disconnects from the session and move to another location?

What security policys apply in this new location?  Is access to all applications and data allowed according to regulations?  What if the application where running in the session? Applications will be terminated if the applications are not allowed in the new location - without having to log out and back in again! Security rules are evaluated in real time based on the user´s context and the corresponding content is composed. In this above scenario the physical location of the user is used as a contex evaluator. Not the location of the virtual desktop - which is in the data center.

You will, quite simply, get a very secure zone in the data center wher users intentionally or unintentionally can make a mess.

Contact RES Software if you want to know more about how to secure you virtual desktop infrastructure.  This way of securing your infrastructure based on user sessions is also applicable to traditional desktops and central published desktops. One way to rule them all!

Focus on what to deliver to the users instead of how!

Find out more here!