Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
VDI Under The Security Microscope
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
rowie3103
50%
50%
rowie3103,
User Rank: Apprentice
10/14/2014 | 4:39:03 PM
User Adoption
User adoption has been very low because I think of 2 main reasons - the User Experience is inadequate or the architecture does not scale. Providing Persistant desktops to 100 people on a PoC is easy, then when you go to 300 the projects typically end up having to acquire more hardware (server aqnd Storage) and the ROI goes out the door.  User Virtualisation (UV) technologies out there today can now provide that nirvana of a Non-Persistant desktop with a persistant look and feel. Providing a single gold image that is reset at log off and if the user has changed any of their settings then that is backended into the UV system. This must also be bi-directional and seamless from thick client to thin and back again, even OS to OS.

The user expeience can be a raft of issues but what I see mostly is poor login/logoff timnes due to poor execution of Windows login scripts, Windows GPO's being sequentially applied, and applied whether they are needed or not. Again UV technologies can assist here with applying GPO's in a multi threaded way, and also moving form a just in case delivery model to a just in time i.e. Load Outlook policies when i start Outlook etc..And of course the dreaded roaming profile .... these can be fixed as well with a good UV strategy.

The other big gotcha in VDI costing, that is never thought of, is Device Based License Control i.e. MS Visio, MS Project, Adobe etc...IF you have 10 licenses of visio for instance and 1,000 users connecting to the VDI envrionment you must license Visio for 1,000 users. See;

https://pinpoint.microsoft.com/Applications/4294982790?locale=en-gb

This becomes quite expensive....

 

My .02 cents worth - a great article and some great comments as well
rowie3103
50%
50%
rowie3103,
User Rank: Apprentice
10/14/2014 | 4:18:51 PM
Re: Virtualized Doesn't Mean Completely Different
Surely by impelementing effective controls like Application Whitelisting anc zero admins we can make virtual and physical PC's a lot more robust ? Certainly utilising a belts and brace approach to security you would deploy whitelisting on the servers and desktops from vendor A, and AV etc.. from Vendor B.

The key here is to ensure the technoklogy you choose has the ability to implement these controls without affecting the user or his experience. 
Marilyn Cohodas
100%
0%
Marilyn Cohodas,
User Rank: Strategist
6/18/2014 | 12:24:10 PM
Re: VDI myths versus adoption rate
I hear you, Chrstian. Even for a basic user like me, there will always be that one app that I can only get on my own hard drive. 
RetiredUser
100%
0%
RetiredUser,
User Rank: Ninja
6/18/2014 | 12:18:45 PM
Re: VDI myths versus adoption rate
@Marilyn Cohodas

I dreamed the dream of the cloud when I was young, and it was good.  Then the cloud came, and it was alright, but not what I'd hoped for.  I'd argue the point that we do and always will need PCs, for a particular subset of the tech user at least.  Consider this:  I am offline quite a bit, but I have my clunker Acer with Debian on it that holds every application I need to do what I do; at the heart of it, Git, so I can push back to the cloud when I get online.  I can't imagine life without my own personal box and I don't think I should have to; the cloud is nice for some things, but it isn't the end-all.  That's the user end, of course, and VDI and virtual technologies in general are often thought of more in the server space, where the super users and admins live.  But at the end of the day, while I love my 100+ strong VM farm of test systems, I would choose a small datacenter with real steel, iron and silicon over one that could vanish in a puff of bytes.
Robert McDougal
100%
0%
Robert McDougal,
User Rank: Ninja
6/18/2014 | 11:32:41 AM
Re: Virtualized Doesn't Mean Completely Different
Agreed.  Also, I would like to point out that while I believe VDI is a great technology with great benefits it still suffers from the greatest flaw that traditional computing does, the user.  If a user follows a malicious link on a VDI desktop or Windows PC, the result is the same.

We keep putting up walls but our users keep putting welcome mats down and giving the bad guys milk and cookies.
Randy Naramore
50%
50%
Randy Naramore,
User Rank: Ninja
6/17/2014 | 2:08:20 PM
Re: VDI myths versus adoption rate
Good point, maybe it has and it may be a while before we see that come to fruition.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
6/17/2014 | 2:02:40 PM
Re: VDI myths versus adoption rate
If the profile resides on the server versus the device, I can see how it simplifies end user device management. As the end of the PC as we know it, I think that train has left the station. If I can access my files and profiles virtually, who needs a PC? 
Randy Naramore
50%
50%
Randy Naramore,
User Rank: Ninja
6/17/2014 | 11:43:12 AM
Re: VDI myths versus adoption rate
I do think it will have a big upside, you can have a wyse device or some kind of boot device that connects back to server where the profile resides. The best part of VDI is the support and how it can all be concentrated back at the server instead of the pc. This will not eliminate pc, and not that I want that but in certain areas it wil help.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
6/17/2014 | 11:32:36 AM
Re: VDI myths versus adoption rate
Randy, Do you think the problem with VDI is that users want to have their data where they can see it on the hard drive, or is more of a management issue? I would think users are pretty used to working in the cloud and that's less of a factor. What are some other reasons you think VDI won't live up to its promise.
RetiredUser
50%
50%
RetiredUser,
User Rank: Ninja
6/17/2014 | 2:12:11 AM
Virtualized Doesn't Mean Completely Different
Great train of thought from Black Hat USA.  One must remember that a virtual environment, be it network or OS, still has the potential exploitable holes the actual environment has.  VDI brings ease of management to an ecosystem, but can't block every penetration opportunity by virtue of being virtual.  Plus, you've added more layers of penetration opportunities in the form of thin/fat clients (seen the list of Citrix exploits lately?), VDM connection servers now a target, app virtualization services open to attack and use for transport, and so on.  A needed microscopic review. 
Page 1 / 2   >   >>


Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21652
PUBLISHED: 2021-05-11
A cross-site request forgery (CSRF) vulnerability in Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CVE-2021-21653
PUBLISHED: 2021-05-11
Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier does not perform a permission check in an HTTP endpoint, allowing with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
CVE-2021-21654
PUBLISHED: 2021-05-11
Jenkins P4 Plugin 1.11.4 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified Perforce server using attacker-specified username and password.
CVE-2021-21655
PUBLISHED: 2021-05-11
A cross-site request forgery (CSRF) vulnerability in Jenkins P4 Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified Perforce server using attacker-specified username and password.
CVE-2021-21656
PUBLISHED: 2021-05-11
Jenkins Xcode integration Plugin 2.0.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.