How to secure your network by using Virtual Desktop Infrastructure
The internal threats is the most security Challenge , now a days using private cloud with VDI (Virtual Desktop Infrastructure) in enterprise solution it could add some value controls to mitigate some of the internal information security threats .In 90’s there was very little exchange of files between people. Most data was exchanged on floppy disks, USB Flash Memory; CD–RW that still a threat in the information security beside the Internet.
Secure traditional PC Now is more difficult because of the security challenge by Internet and internal network attack the most incoming attack was in the breach of the Operating system and some application security breach.
The threat of viruses/Trojans is high. Secure the traditional PC in network against Virus is takes time because of distributing A/V signatures update on each Traditional PC and the complexity of Viruses now Advanced Persistent Threat (APT) are a set of stealthy and continuous computer hacking processes that could be distribute in network before A/V detect .
VDI is more secure than traditional Desktops, if you are able to centralize your data there are several benefits in security and Support, they are:
- Proactive response to security incidents – If you deploy VDI and all of your desktop operating systems are running in a centralized data centre (or regional data centres throughout the world), then patching those Windows instances is able to be done more rapidly, distributing A/V signatures, HIPS agent updates, ..etc can be more rapidly accomplished than if those assets were spread over WAN links or frequently disconnected from the network as in the case of laptops.
- Collapse branch infrastructure – If you are successful at deploying VDI at large scale you can probably collapse branch office file/print servers, email servers and maybe even app servers.
- Data sharing – If all over your data is in one location, it will be much easier to share data among users without needing to worry about delays transmitting that data over WAN connections or having to worry about replicating data in multiple sites.
- Data backup – If you data is located centrally it will be much easier to backup data and configure offsite data backups. If you data was spread over 100 different sites, you would potentially need multiple backup systems and multiple DR strategies.
- eDiscovery – If you organization requires eDiscovery for audit purposes, having the data in one place makes this slightly easier. You will still of course need to address eDiscovery on any laptops, smartphones, tablets, etc. But it does make it a bit easier.
- Protect against stolen (No more need to worry about stolen secrets or missing laptops) entire hardware as traditional PC like Hard Disk, Obviously VDI use Think Client or Zero Client has no potential to steal Hard Disk, or the Device itself because it will not work without Servers.
- Reduce desktop support, management costs, and low power energy.
VDI does that, traditional desktops cannot
When you use Virtual Desktop Infrastructure (VDI) ?
What is the different between Endpoint of Zero Clients and Thin Clients?
Enterprises Business reach the decision to create a Virtual Desktop Infrastructure (VDI), there comes the question, “thin clients or zero clients?” Thin Clients and Zero Clients are both small form factor, solid state computing terminal devices, specifically designed for VDI, but they have many different characteristics as well.
When choosing between thin clients and zero clients, you need to understand the benefits and the challenges of your VDI option that will help you to make the right choice, the required environment being deployed and the users’ needs on desktop.
Virtual desktops are hosted in the data centre and the thin or Zero client simply serves as a terminal to the back-end server just like the concept of the Main Frame and Terminals in 70 seventies and 80 eighteens of last century, by using Zero or Thin Clients you avoid that three year lifecycle refresh on PCs by either repurposing these PCs as terminals or replacing those PCs with cheaper terminals and utilize the hardware that is more than user needs in Hard disk or Rams or CPU in PCs.
VDI lets you push out compute resources from a server rather than having to install those resources directly onto the end-user’s device Like PC’s, Because VDI depend on the servers behind the scenes to handle the compute, you’re less likely to need to update or refresh the end point devices.
In many ways thin clients and zero clients are similar, but what are the differences between the two? More importantly, which of the two types would be best for your IT environment?
The Similarities Between Thin and Zero VDI Clients
When you go to virtualization the infrastructure of the environment to support the VDI is based on the back end of the servers at Data Center both Zero and Thin VDI Clients has same benefits.
- simple to install and replace
- require less maintenance
- improve security
- reduce hardware needs than PC’s
- rely on a network connection to a central server for full computing and don’t do much processing on the hardware itself
- required Management system centralized
The Differences Between Thin and Zero VDI Clients
Which of the two types would be best for your IT Environment?
Thin Clients offer video experience. You should also take into account your remote display protocol and how much display processing your back end can supply, if you user environment need some application with high video.
If your users have standard application and inforce security and easy management you can go to Zero Clines.
Both Zero and Thin Client devices rely on a network connection to a central server for full computing and don’t do much processing on the hardware itself.
If you go to Thin client your thin client management software should be a powerful software product that combines thin client management capabilities with connection management features
The first step on deciding between thin and zero clients really rests within the requirements of your network and the connection you prefer with your end uses.
About The Author
Waleed Zakaria Hamouda
AIBK Bank IT Security & Research Consultant