alphaspirit - Fotolia
Nonpersistent virtual desktops wipe clean after each session, and that provides a security boost over persistent virtual desktops and physical PCs, but it also makes it harder to assess any attacks.
The biggest VDI security threat to any endpoint device is that attackers will exploit a weakness within the device and then use it as a platform to gain access to other resources. Administrators still have to worry about endpoints as part of their nonpersistent VDI security strategy, because it's entirely possible for a nonpersistent desktop to contain an exploitable security vulnerability.
However, nonpersistent VDI environments are inherently easier to secure for a few different reasons. For starters, nonpersistent virtual desktops reset to a pristine state after each session. This means the old technique of planting malware on an endpoint and using that malware as a mechanism to gain access to the network is not as effective. It is still theoretically possible for a hacker to plant malware on nonpersistent virtual desktops, but they usually contain hardened operating systems, so any malware that makes it onto the system may not even work. Furthermore, the virtual desktop will automatically remove malware at the end of the session when it resets.
The biggest security drawback to nonpersistent desktops is that they make it easier for a hacker to cover his tracks. Any audit logs that exist within the virtual desktop erase the moment the session ends, so the same feature that makes nonpersistent desktops more secure can also work against them. IT staff won't be able to rely on endpoint-level forensics, so organizations using nonpersistent desktops should implement strong monitoring tools at other levels of the IT infrastructure.
Patching, which can address VDI security flaws and other bugs, is also different across persistent and nonpersistent desktops. Persistent desktops retain users' profiles and data, so admins can treat them similar to physical desktops, usually centrally downloading patches and then distributing them individually. Often in nonpersistent VDI, users all share the same disk image, so admins have to patch the master image and deploy a new one.
When should you use persistent VDI?
Why nonpersistent VDI is now a viable option
Compare the options for VDI endpoints
Dig Deeper on Virtual desktop management
Related Q&A from Brien Posey
The reasons for going hyper-converged vary. Often, however, organizations deploy HCI technology to effectively address one or more of the five issues... Continue Reading
Adhering to service-level agreements, keeping up with performance demands and planning for future workloads are just a few of the goals you should ... Continue Reading
Is hyper-convergence a good fit for disaster recovery? More organizations appear to believe so and are increasingly using hyper-converged ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.