|
 |
Microsoft Virtual PC & Enterprise Desktop Virtualization, Virtual Desktop Infrastructure (VDI) from VMWare, XenDesktop from Citrix and host of other desktop virtualization technologies are now available for Enterprises to deploy in their environment. The VDI as it is often called, provides significant benefits over deploying physical computers.
• VDI allows Enterprise IT to configure, deploy and maintain hardware-independent desktop virtual machines from central locations for simpler management and more efficient desktop provisioning.
• TCO due to the repeated change & update management on these virtual desktops is substantially lower than physical computer management.
• Apart from these benefits VDI also makes it simpler for Enterprise IT to enforce application policy compliance and possibly better security due to the fact that compromised desktop can be replaced with a clean version immediately.
• Lastly, VDI doesn’t require a long learning curve for the end user since it presents the same familiar desktop – only delivered over the network.
With these benefits, Enterprises have been increasingly focusing on deploying VDI in their environments. However VDI also poses atypical challenges in deployment such as degraded user experience over networks if links are slow and the high costs of networked storage needed for each user’s desktop image. Besides these issues, VDI also poses uniquely different security challenges.
1) VDI desktop components, some of which support Type-2 hypervisors, are mostly available for free from these major vendors e.g. Microsoft Virtual PC, VMWare VM Player, Sun’s xVM box & a host of others. This allows any end-user to install a virtual desktop environment locally on his machine and create a VM or download pre-created VM templates which are freely available. These unauthorized VM Environments & VMs can pause just as much or more security challenges as an unauthorized physical machine, exposing the Enterprise network for possible compromise.
2) Most VDI implementations (from VMWare, Microsoft, Citrix and others) require an end-point component to be installed on the end-user machine, sometimes even on thin terminals. For example VMWare has the VDM Client software, Microsoft has the VirtualPC client & Citrix has the Xen Desktop Receiver program. Once installed these programs allow their respective server side components to send the virtual desktop image over the network once the user is authenticated. However these clients are interoperable with other technologies e.g. VMWare VMD client & Xen Desktop Receiver can work with Microsoft RDP which is what Microsoft uses primarily for it’s VDI. Thus controlling which client is allowed to work where becomes another security challenge.
|
VMFW VME Blocker can identify and remove almost all Type-2 hypervisors that are either available for free or a user can download and set up on their own. It also detects most commonly used VDI components so that the authorized VDI desktop client would be the only VME allowed to run on that computer.
RedCannon VME Blocker is an end-point security software that resides on each computer where none or only a specific Virtual Machine Environment (VME) is allowed. Through centrally configured policy & a simple software deployment process such as Windows group policies, each computer on the Enterprise network can be immediately made compliant by removing any unauthorized VMs & VMEs from those computers & blocking any future installations.
VME Blocker eliminates:
- Unauthorized VMEs with Type-2 Hypervisor such as
• VMWare Server, WorkStation, Player & VDM Client
• Microsoft Virtual PC & Virtual Server 2005
• Sun xVM Virtual Box
• Citrix XenDesktop Client, QEMU, Mojopac & others
- VM Vulnerabilities and security risks & VM Data Leakage
- Secures VDI deployments (VMWare or Citrix)
- Automatically detects & removes/uninstalls any unauthorized Type-2 Hypervisors from any Windows computer
- Auto-detects installation of an authorized VME & immediately stops the installation process
|
