A virtual desktop environment can help companies securely manage “bring your own device” policies by controlling access to corporate information.
Companies must meet the technological demands of telecommuting workers and those taking advantage of “bring your own device” (BYOD) policies while still finding ways to secure corporate data. One option is a virtualized infrastructure for telecommuters—one in which their entire work desktop environment is offered to them remotely.
In essence, a virtual desktop environment separates the applications associated with a computer’s operating system from the physical device itself, allowing the components of that operating system to be accessed on any device with an Internet connection, such as a tablet, thin client, or smartphone. Rather than data being stored on the device, it resides in a cloud computing environment, such as the company’s data center or a public cloud.
“Virtual desktop basically says, ‘Keep all the information in one place, keep it secure, keep it safe…make sure that access is limited,’” said Donald Parente, director of technology strategy-chief architect at AT&T Federal Solutions. He says the virtual desktop is “like a window into the environment you’re working on. You’re typing here on your iPhone, but it’s really being typed into a session that’s hosted somewhere else. That’s kind of a difficult concept to grasp, but that’s essentially what’s going on with virtualization. The app is not running on your device; you’re simply looking into the app from your device,” said Parente, who spoke at the Mobile Work Exchange Town Hall in Washington, D.C.
Among the places using this approach is the U.S. Nuclear Regulatory Commission (NRC). “[M]any of our employees are mobile based on what their work is,” said Darren Ash, chief information officer, who also spoke at the event. He explained that the virtual desktop solution is ideal for NRC employees who have to do work at various nuclear plants far from the main offices.
While the approach appears similar to the concept of Virtual Private Network (VPN), a remote access option preferred by many enterprises, Parente noted that users connecting over VPN may experience latency with what he called “chatty” applications, or applications that are database transactional in nature.
“These chatty applications traverse a much longer path, and latency issues that might take place or congestion issues that might take place at the user will create corruptions in the database,” according to Parente. “With virtual desktop, the actual desktop environment is colocated in the same datacenter with that database, so the user is interacting not with the database directly but instead the presentation data is just being exchanged, so congestion will not impact the transaction of the application. It might impact performance a little bit for the user in terms of just their overall user experience, but it’s not going to cause data corruptions.”
Security issues must be considered when evaluating whether or not virtual desktop infrastructure is the appropriate choice for a company. Many security considerations related to virtual desktops are similar to that of cloud computing, says J.D. Sherry, vice president of Technology and Solutions at TrendMicro.
“The virtual desktop infrastructure allows IT to centrally manage [desktops], [and] incorporate a one-to-many security and patch-management process,” which is better from a security standpoint. It’s also cost effective “because they don’t have to spend a lot of capital expenditures to go buy a laptop, provision it, and give it to an end user,” notes Sherry.
But the virtual desktop infrastructure is vulnerable to the same threats that apply to the normal PC environment, so the traditional security measures must be in place, like best practices for password management and password delivery, notes Sherry.
Trend Micro’s product, DeepSecurity, enables companies with virtualization technologies to provide a tailored security solution for the virtual desktop environment at the level where the virtual machine is running, called the hypervisor level. And that “streamlines how you manage and protect those virtual desktop instances,” he says.
He points out that adding too many firewalls and other endpoint protections that aren’t specifically designed for virtual desktop infrastructure can cause latency issues. “When you don’t put the right security solutions in place, it could impact performance, which makes end users unsatisfied and increases IT helpdesk tickets, people calling in and saying ‘I can’t get access to my computer or it’s slow,’ and [that] creates a lot of strain on the folks who are running the infrastructure because they’re constantly dealing with problems and solutions that don’t work cohesively together,” notes Sherry.
Of course, virtual desktop users are unable to complete work offline, which could be viewed as a drawback. Sherry says that it’s up to a company to decide whether that architecture works for them.
Another issue is one of persistent versus nonpersistent desktop. With the persistent state, when users log in, they go back to where they left off. This requires more server storage space and backup on the part of the company.
“The persistent side is usually the route that organizations are going. They’re connected, the profile, the settings are persistent from what I would call login to login, and there isn’t a new instance of that virtual machine every single time. It’s already running; it stays running; it doesn’t shut down,” he states. “Persistent desktops themselves are a more natural experience for users who are accustomed to using a laptop or desktop.”