Desktop Virtualization Drives Security, Not Just Dollar Savings
Infosec pros who don't take a stand on virtualizing their companies' desktops are missing a prime opportunity to boost safety while aiding manageability and compliance.
Thin is back in, and you can thank server virtualization. We all know what happened last time IT tried to make business desktops smaller, leaner, and easier to manage: Users balked at being told they couldn't install their pet applications. IT realized that a data center-based operating system rendered on a diskless thin client yielded only marginal cost and manageability improvements. And security groups never took up the cause of terminal services because they worried about the implications of an attacker gaining access to the central server. But now, virtualization on the server side has paved the way for broader acceptance throughout the business. Today's virtual desktop infrastructure, or VDI, might not make your end users any happier than yesterday's thin clients did, but IT and information security pros are paying attention, and liking what they see.
In a VDI, server memory is divvied up among individual virtual machines, bringing significant manageability and security benefits. This is a new paradigm in desktop computing--secure, mobile, and platform independent. Clients are "thin" in the sense that the operating system isn't tied to hardware but centrally stored. A compact, specialized desktop hypervisor is the sole interaction point between client and network.
All the big names in server virtualization have desktop offerings. VMware provided the push that got VDI into IT's consciousness. Citrix Systems, long a leader in terminal services, acquired XenSource last year, and Microsoft announced in March that it would buy VDI vendor Kidaro. At present, virtual desktops need Windows licenses just like their fat kin, so Microsoft is in a win-win situation. And not all your applications will be supported in a virtual environment--AutoDesk, for example, doesn't recommend using ProductStream or Vault virtually--but most mainstream apps will run fine. As a bonus, with virtual desktop infrastructure, you can strictly manage licensing and ensure that any given application is accessed only when and by whom it's meant to be used. Support for legacy systems that need nonstandard operating systems will be eased.
Not to be outdone, hardware vendors are moving in with offerings geared to VDI. Architecturally, VDI shifts the repository of user desktops to a central server or servers and requires a large, fast storage system--most likely, a storage area network. For users to take advantage of the latest and greatest hardware-assisted virtualization, systems equipped with CPUs optimized for hypervisors will provide the best performance. Intel is supporting VDI in a big way with its vPro and Virtualization Technology-embedded CPUs, and so is Advanced Micro Devices.
Intel and AMD offer new chip designs that will help IT make the most of desktop and server virtualization.
In terms of security, you've probably heard the lingo: hardware-assisted virtualization, unified threat management, adaptive security, Trusted Platform Modules. Symantec promises virtual security appliance Intel vPro desktops in about 18 months. A VDI station could run the user guest VM plus a security VM or virtual security appliance. Vendors know it's only a matter of time before security becomes a key decision point for organizations considering VDI, and they're taking two tacks to grab our interest: Some, including Intel and AMD, want to make the physical desktop smarter, more secure, and more manageable via intelligent, virtualization-aware processors. Others, including VMware, Pano Logic, and Stoneware, say we need to get rid of the client-server model altogether and invest in their revamped architectures.
We don't buy everything being pitched, and we don't believe that now is the time for ubiquitous VDI. But we do know that information security pros who aren't investigating the security advantages are missing out.
InformationWeek Elite 100Our data shows these innovators using digital technology in two key areas: providing better products and cutting costs. Almost half of them expect to introduce a new IT-led product this year, and 46% are using technology to make business processes more efficient.
The UC Infrastructure TrapWorries about subpar networks tanking unified communications programs could be valid: Thirty-one percent of respondents have rolled capabilities out to less than 10% of users vs. 21% delivering UC to 76% or more. Is low uptake a result of strained infrastructures delivering poor performance?
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.