Virtual desktop security guide
Editor's note
With the variety of endpoints in corporate environments today, security is more important than ever. Users are also becoming increasingly independent, making it difficult for IT to manage passwords, application settings and network access.
Virtual desktop infrastructure can make your desktops either more secure or less so. Storing data on VDI servers in the data center is more secure than storing it locally on the user's endpoint, and administrators have greater control over desktop and app distribution. At the same time, allowing users to access virtual desktops remotely puts your network at risk.
To deal with those extra vulnerabilities, you need solid virtual desktop security measures. Learn how to protect the network, implement single sign-on, secure backup files and more in this guide.
1VDI security challenges
Hold your horses: VDI isn't always a golden ticket to desktop security. Virtualization can also present a new layer of vulnerability.
-
Article
How VDI makes desktop security worse
Desktop virtualization takes users -- who are often unpredictable -- out of the field and into your data center. So, it's best not to allow them to install their own applications or have admin rights. Just because it's "easy" to refresh a master image doesn't mean you want to do that all the time. Read Now
-
Article
Do you still need antivirus software?
You might think the secure nature of virtual desktops means you don't need antivirus software, but that’s false. You can reset an infected gold image, but that won't prevent you from getting the virus in the first place. Virtual desktops -- especially when accessed from mobile devices -- offer more ways than ever for users to transfer data and contract viruses. Luckily, antivirus software vendors such as McAfee and Symantec have tweaked their products for use in virtual desktop environments. Read Now
-
Podcast
Desktop security concerns: Data at rest vs. live data
VDI centralizes data, but users can still get data onto their local devices. That means hackers can access "data at rest" even on a powered-off endpoint. Plus, because virtual desktops are connected to the data center, an attack on one desktop could affect the whole lot. One way to prevent that from happening is through isolation, such as sandboxing. Listen Now
2Virtual desktop security measures
Now that you know how VDI can affect desktop security, check out these methods for securing virtual desktops.
-
Article
Using SSO to enhance desktop security
Single sign-on (SSO) makes things easier for end users because it allows them to access their virtual desktop from different locations without having to re-enter passwords for every application. You can also integrate SSO with two- or three-factor authentication for even more security. Read Now
-
Article
How to get rid of viruses on virtual desktops
If one virtual desktop is infected, simply shut down the machine, then reboot the virtual desktop from the gold image and restart the endpoint in an isolated network. To prevent viruses in the first place, build one golden image with the Windows firewall disabled, then build another one with the firewall enabled that allows only outbound connections. You can use the firewall-enabled image to reconnect users to their virtual desktops instantly. Read Now
-
Article
Nine ways to ensure VMware View security
To ensure VMware View security, install antivirus software in the base image or use VMware vShield Endpoint to offload antivirus processes to a virtual appliance. It's also a good idea to place VMware View security servers inside a DMZ. For greater virtual desktop security in spread out environments, View also supports smart-card authentication. Read Now
-
Article
Creating security certificates in VMware View
It's important to understand security certificates, which validate browser, server and services connections to the virtual desktop. In VMware View, the process for creating certificate request files, submitting them to an authority and configuring the security servers is somewhat complicated. Read Now