Tag : compliance

Virtual Desktop Infrastructure (VDI); Session Based Computing

Spring is fully upon us and the summer heat is looming in the not too distant future. Many of us are planning out our summer vacations to beat the heat and spend time with our friends and families. While our minds are probably already off to some beachside locale, there is still a bit of time before we’ll be flying there ourselves. In the meantime, perhaps now is as good a time as any to look into moving your business over to an older and simpler way of computing.  Session based technology has been around for many years and at one point in the late 90’s/early 2000’s it was a very popular desktop architecture.  For a variety of reasons it became less popular primarily due to the desktop hardware cost decreasing significantly.  Session Based computing is where you take all the data and processing activity off the local desktop and have it take place on a robust server.  By doing this you can have multiply desktop sessions running on a single server if you were so inclined.  For best practice methodology, bva recommends putting all sessions spread over two (2) servers to ensure up-time and load balancing for the user community.  The great advantages of Session Based Computing are the following:

  • Smaller Footprint
  • Eco-Friendly and More Green
  • All Data on Servers, No Loss of Data
  • Seamless and Consistent Interface over Different PC’s
  • Ability to Leverage Older PC Hardware for Production
  • Ability to Leverage Newer Operating Systems Virtually Without Conflict
  • Application Virtualization Ensures Seamless User Experience

The most popular products leveraged today for this type of architecture are as followed:

  • Remote Desktop Services (Terminal Server)
  • Citrix Systems
  • Vmware View

Virtual Desktop Infrastructure (VDI) is another name for Session Based Technology. VDI is an emerging architectural model where a Windows client operating system runs in server-based virtual machines (VMs) in the data center and interacts with the user’s client device such as a PC or a thin client. Similar to session virtualization (formerly known as Terminal Services), VDI provides IT with the ability to centralize a user’s desktop; instead of a server session, however, a full client environment is virtualized within a server-based hypervisor. With VDI, the user can get a rich and individualized desktop experience with full administrative control over desktop and applications. However, this architecture, while flexible, requires significantly more server hardware resources than the traditional session virtualization approach.

Key benefits of VDI are:

  • Better enablement of flexible work scenarios, such as work from home and hot-desking
  • Increased data security and compliance
  • Easy and efficient management of the desktop OS and applications

iPad and iPhone Can Be a Security Risk

BVA has found that these types of mobile devises if not provisioned correctly can seriously be a security risk to your network environment.  Security policies need to be set forth to ensure security at all levels of access.  Apple iPad tablet device as well as the iPhone is slowly becoming a legitimate business tool, your employees will soon have them in hand and invade your business. The reality is that the iPhone changes the playing field for security and really surprised IT consulting companies and their administrators when it got released.   The users needs versus wants changed completely where being able to have a Smartphone that just sync’s calendars, contacts, and emails changes drastically. The iPhone hit the scene and next thing we were getting requests for it to be integrated into a businesses mail environment immediately. These requests were coming from owners and directors, decision makers were being demanding about making it work, totally side-stepping the security protocols set forth by years of experience and best practice.  The bottom line is that the line between corporate tool and consumer gadget has not just been blurred; it has been completely erased.  There have been several studies that have shown that when asked, the iPad and iPhones present the greatest smartphone security risk for IT.  It’s a scary thought that you have locked down your environment but since a new gadget gets releases to the market and owners want it, it diminishes the integrity of the system.

There was recently a few contents by security outfits where they had people hack the iPhone in less than 2 minutes and won a cash price.  This is a scary thought and quite frankly shows how easy it can be for the non-hacker.  Obviously it might take a little longer from a less talented hacker but it can clearly be done.  Apple has little intention to make their OS more secure because it’s not the market that they are targeting.  Again they are targeting the consumer, not the business enterprise.  I am sure there will be a point in time when that day comes but it is not in the near future.  If Apple at the very minimum addressed just the enterprise security, supportability requirements, and new hardware level encryption.  I want to be very clear that the OS on the iPhone is the same as the iPad as well as its security. Apple targeted the iPad primarily as a media consumption gadget for the residential consumer, not the business community but again we have seen this shift.  I am not saying that you should ban the iPhone or iPad but develop policies and procedures that address the rules of engagement for integrating the iPad with your network environment.

As you develop the policies, keep in mind that the iPad is unique and could fall into a few different areas for policies.  Here are some key points to keep in mind:

•    delivers notebook-like functionality
•    smartphone OS platform
•    normally placed in the policy bucket for computer usage and security policies, not recommended
•    a good policy bucket to consider – smartphone usage and security policies (recommended)
•    same smartphone OS was hacked in less than 2 minutes

Make sure that whatever policy selected addresses the most important factor here which is allowing or denying the storage of confidential or sensitive information on the iPad, or how e-mail, instant messaging and other communications conducted through the iPad fit within archiving and compliance requirements.