Nonpersistent virtual desktops wipe clean after each session, and that provides a security boost over persistent...
virtual desktops and physical PCs, but it also makes it harder to assess any attacks.
The biggest VDI security threat to any endpoint device is that attackers will exploit a weakness within the device and then use it as a platform to gain access to other resources. Administrators still have to worry about endpoints as part of their nonpersistent VDI security strategy, because it's entirely possible for a nonpersistent desktop to contain an exploitable security vulnerability.
However, nonpersistent VDI environments are inherently easier to secure for a few different reasons. For starters, nonpersistent virtual desktops reset to a pristine state after each session. This means the old technique of planting malware on an endpoint and using that malware as a mechanism to gain access to the network is not as effective. It is still theoretically possible for a hacker to plant malware on nonpersistent virtual desktops, but they usually contain hardened operating systems, so any malware that makes it onto the system may not even work. Furthermore, the virtual desktop will automatically remove malware at the end of the session when it resets.
The biggest security drawback to nonpersistent desktops is that they make it easier for a hacker to cover his tracks. Any audit logs that exist within the virtual desktop erase the moment the session ends, so the same feature that makes nonpersistent desktops more secure can also work against them. IT staff won't be able to rely on endpoint-level forensics, so organizations using nonpersistent desktops should implement strong monitoring tools at other levels of the IT infrastructure.
Patching, which can address VDI security flaws and other bugs, is also different across persistent and nonpersistent desktops. Persistent desktops retain users' profiles and data, so admins can treat them similar to physical desktops, usually centrally downloading patches and then distributing them individually. Often in nonpersistent VDI, users all share the same disk image, so admins have to patch the master image and deploy a new one.
When should you use persistent VDI?
Why nonpersistent VDI is now a viable option
Compare the options for VDI endpoints
Dig Deeper on Virtual desktop management
Related Q&A from Brien Posey
Edge computing is finding its place in the enterprise to handle data growth. IT may use that same advantage to help address problems in a VDI ...continue reading
A ghost image can be used to copy the contents of one server to another for backup, but the process of creating ghost images may not be as simple as ...continue reading
Backup and recovery trends, such as hybrid cloud data protection, are gaining popularity in the IT industry. Are these three major trends part of ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.