Categories
Digital Workspace

Secure Your Virtual Desktop

Secure Your Virtual Desktops

Credit to : Junichi Atsumi
Security Team, 1st Applied Technology Department, Business Promotion Division - Net One Systems Japan

An evolution is now stirring up attention in all industries due to COVID19 where now working from home is the new way to work, and the ICT technology for this is “Virtual Desktop Infrastructure” (VDI). 

By providing VDI solutions and DaaS services , Net One is contributing to Work Style Innovation in terms of promoting VDI and other solutions.

Why is VDI so popular from the security aspect? 

The reason is that you can enjoy the following benefits. 

Why is VDI so popular from the security aspect? 

Although information security countermeasures are being put in place by the separation of Internet connection as well as the business system environment; as well as the automation of isolating any possible malware, however, the environment could still be rendered helpless to guard against the possible targeted attack and will be impossible to retrieve any confidential information inside any PCs, laptops or business units.  
 
As a result, many local government authorities have introduced VDI into the organization, in order to create a stronger security defense.

What are the VDI challenges? 

VDI is a modern technology that is expecteto promottelecommuting.  

Although VDI is used in various environments such as via the Internet and closed networks, but security must be considered as there are employees who will be accessing the network remotely from potentially insecure connections.   

Therefore, by properly implementing the right authentication process, which is part of the measures against unauthorized access, will it allow the VDI to enhance the efficiency and performance of telecommuting employees, in addition to strengthening the security in the deployed centralized location. 

What is “authentication”? How will it enhance VDI? 

VDI is also based on password authentication (to determine if the person is an employee or not). In a VDI environment that can be accessed via the Internet, additional authentication (multi-factor authentication) should be considered on the assumption that “passwords could be compromised.” 

Multi-factor authentication is an authentication method in which a computer user will only be granted access upon successfully present two or more pieces of evidence to an authentication mechanism such as a password together with a smartphone fingerprint or face identification. 

What is a recommended solution for VDI? 

Here, we will introduce VMware’s Horizon as an example of VDI solution. 

For Horizon, a server called “Unified Access Gateway” (UAG) that accepts VDI access from the Internet is placed in the “Demilitarized zone (DMZ). This UAG server is included in the Horizon license and uses the Linux OS that stopped unnecessary services, so you can safely place it in the DMZ. 

VDI authentication is controlled via the UAG server. It supports multi-factor authentication such as a device for one-time passwords and security certificates, a reasonable solution that can strengthen authentication at a low cost.

When implementing multi-factor authentication using smartphone, biometric recognitions, keycards etc through one-time password authentication or certificate authentication, a frequently asked question is, “How do we reduce the operational load?“.  

For example, in order to use one-time password authentication, one-time password products (servers) are required. Besides the system administrator endthe user side will also have to load the issued one-time password each time. Potential hacking towards the one-time password through the smartphone can also happen 

A safer method of leaving additional authentication (multi-factor authentication) to the cloud is derived.  

With push authentication, push notifications are delivered to smartphones. Authentication will be complete just by tapping the notification, so the load of keying a one-time password can be reduced. 

Net One Asia Workspace as a Service is a intelligence driven digital workspace managed service platform that simply and securely delivers and manages any application and desktop on any device by integrating access control, application management, and multi-platform endpoint management.

Subscribe to Our Newsletter
* indicates required
Subscribe to Our Newsletter
* indicates required
Categories
Digital Workspace

Things to Consider When Building The New Workspace Using Virtual Desktops

Things to Consider When Building "The New" Workplace Using Virtual Desktops

Table of Contents

Watch for Hidden Cost

The most common underestimated costs are WAN and backend storage. When introducing VDI, additional load will be placed on the network. VDI can heavily tax a WAN link, depending on number of users and type of applications that users are running.

Sizing and capacity planning are critical factors when creating a VDI environment. Engage with us to help you with with sizing your VDI environment. 

Software Licensing Terms

Microsoft licensing is one key area that must be evaluated for VDI deployment, they have issued special licensing guidelines, the cost of the VDA license is included under your agreement. 

Microsoft licensing is complex even without virtualization, engage solutions providers and have them assist you. Licensing may well be the most troublesome aspect of your VDI project but it is not rocket science with someone who have done it before guide you along.

Is Data Security A Key Concern?

Travelex paid hackers $6million ransom for its stolen 5Gbs customer personal data.

The immediate answer is “YES”, it is important to add another layer of protection for your data to ensure it will never leaves the data center, even with user scattered around the globe, that makes VDI worth it all by itself. 

VDI not only can improve the security of data, corporate applications also can be siloed by leveraging multiple operating system instances or application virtualization. VDI in the data center manged by IT can be more reliably updated with antivirus signature files, patches and updates.

Subsription Based Model

Subscription-based models of Hyper-Converged infrastructure (HCI). Subscription-based model allows rapid deployment and configuration of the hyperconverged infrastructure (HCI) layer. 

Download Full VDI Whitepaper Now


    Subscribe to Our Newsletter
    * indicates required
    Subscribe to Our Newsletter
    * indicates required