Nonpersistent virtual desktops wipe clean after each session, and that provides a security boost over persistent...
virtual desktops and physical PCs, but it also makes it harder to assess any attacks.
The biggest VDI security threat to any endpoint device is that attackers will exploit a weakness within the device and then use it as a platform to gain access to other resources. Administrators still have to worry about endpoints as part of their nonpersistent VDI security strategy, because it's entirely possible for a nonpersistent desktop to contain an exploitable security vulnerability.
However, nonpersistent VDI environments are inherently easier to secure for a few different reasons. For starters, nonpersistent virtual desktops reset to a pristine state after each session. This means the old technique of planting malware on an endpoint and using that malware as a mechanism to gain access to the network is not as effective. It is still theoretically possible for a hacker to plant malware on nonpersistent virtual desktops, but they usually contain hardened operating systems, so any malware that makes it onto the system may not even work. Furthermore, the virtual desktop will automatically remove malware at the end of the session when it resets.
The biggest security drawback to nonpersistent desktops is that they make it easier for a hacker to cover his tracks. Any audit logs that exist within the virtual desktop erase the moment the session ends, so the same feature that makes nonpersistent desktops more secure can also work against them. IT staff won't be able to rely on endpoint-level forensics, so organizations using nonpersistent desktops should implement strong monitoring tools at other levels of the IT infrastructure.
Patching, which can address VDI security flaws and other bugs, is also different across persistent and nonpersistent desktops. Persistent desktops retain users' profiles and data, so admins can treat them similar to physical desktops, usually centrally downloading patches and then distributing them individually. Often in nonpersistent VDI, users all share the same disk image, so admins have to patch the master image and deploy a new one.
When should you use persistent VDI?
Why nonpersistent VDI is now a viable option
Compare the options for VDI endpoints
Dig Deeper on Virtual desktop management
Related Q&A from Brien Posey
Unpredictable user behavior and boot storms can cause VDI resource usage fluctuations throughout the day. IT can take steps to identify and curtail ... Continue Reading
Like a car or any other important machine or device, backup architecture should have a maintenance plan. This process will help ensure the health and... Continue Reading
Expert Brien Posey breaks down why flash storage may not be the best choice for medical imaging archiving in terms of speed and cost, and how it may ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.