Ensuring Security in the VDI Environment
Submitted by Robert Krauss on
Virtual desktop infrastructure (VDI) and the concept of desktop virtualization have become a key part of the IT strategy at a growing number of organizations, as they come to realize the many potential benefits of the technology.
Many enterprises and smaller organizations have already deployed server virtualization in their data centers, and for some the move to desktop virtualization is a logical next step in the effort to modernize the IT infrastructure.
It’s important to keep in mind that there are some security concerns when it comes to the virtualized desktop environment, and enterprises need to be aware of these in order to defend against attacks.
First, let’s look at what these new desktop environments look like. At a basic level, VDI is a service that hosts user-desktop environments on remote servers, often in a company’s data center. Users access their desktop environments over a network by employing a remote display protocol, and a connection-brokering service links them to their assigned desktop session.
Desktop virtualization separates the desktop environment and the applications associated with that environment from the physical client device, such as a desktop or laptop PC, that’s used to access it.
One of the benefits of this technology is that users can access their desktop and the applications and data they need from virtually any location, and from a multitude of devices. This capability fits quite nicely with the growing use of mobile devices and apps in the workplace.
Because the desktop resources are centralized in the data center (or in a hosted environment), users who frequently move between different work locales can still access the same desktop applications and data. This is why desktop virtualization is ideal for companies that have a large number of remote or highly mobile workers who need to have continuous and reliable access to their desktops.

For administrators, VDI provides a centralized, efficient client infrastructure environment that’s easier to maintain and support. The technology enables businesses to fully leverage mobile devices such as laptops, tablets and thin clients.
When VDI first came to the fore, many were touting cost savings as a key benefit. And indeed, companies can save money through desktop virtualization. But perhaps a more significant benefit is the added flexibility VDI provides.
With desktop virtualization, companies have a more comprehensive disaster recovery strategy, because data is held in a centralized datacenter and backed up through traditional redundant maintenance systems. In the event of a power outage, flood or other event, or if a device is lost or stolen, recovery of the data is simpler because the virtual desktop can be made available from a different device that has access to the datacenter.
Desktop virtualization can be provided via the cloud through desktop-as-a-service (DaaS), which is similar to the software-as-a-service (SaaS) model. Typically the DaaS provider is responsible for hosting and maintaining the computing, storage and access infrastructure, as well as operating system, and common application, licenses needed to provide the desktop service in return for a fixed monthly fee.
More well-known DaaS offerings include VMware Horizon DaaS, (based on VMware's acquisition of Desktone) and Amazon WorkSpaces on Amazon EC2.
Now for the security issues—and this is where channel partners can come into play by offering solutions that address these concerns. Perhaps the biggest concern here is that traditional antivirus software is not always ideal for this virtualized environment.
Because they’re designed for physical environments, traditional security tools can actually hamper VDI deployments, countering the efficiency and cost savings benefits that companies turn to VDI for in the first place.
Although traditional security technologies can be used in virtualized environments, they are typically not intended for virtualized environments and therefore are not optimal for virtual desktops.
Using traditional antivirus products can result in several challenges in VDI environments. These include low virtual machine consolidation ratios, boot latency, outdated antivirus protection on dormant virtual machines and administrative bottlenecks.
The management of traditional security tools can become tedious in the VDI environment, especially in larger deployments. Each time a new traditional agent is deployed within a VDI instance, it is registered to the security management console for administration. When a virtual machine is deleted or dormant, the traditional agent remains registered with the console and the only way to remove the entry is manually, unless the console is integrated with VDI management.
Organizations need to consider security solutions that are specifically designed for the virtualized environment. Choosing the right security technology can result in a successful VDI implementation that ensures the protection of systems and data.

