Virtual Desktop Connectivity

1. The Challenge

”Virtual Desktop Infrastructure”, or VDI, is gaining increasing acceptance from businesses and organizations because VDI promises to extend optimization and the operational advantages of server side virtualization to the desktop. VDI is a technology that offers individual, virtual desktops to users, controlled and managed by a centralized back end server infrastructure. VDI is a virtualization-based version of the client/server model that IT departments have normally offered their businesses. With VMWare’s VDI, users can connect from a thin client or browser over the network to their own virtual desktops running on backend ESX infrastructure. Compared to traditional Terminal Services based solutions, the end users are provided individual virtual PCs as opposed to individual user accounts on shared PCs.

The advantages of VDI include:

• Simplified endpoint management by offering a centrally controlled desktop image to users as opposed to relying on software located on a more or less secure standalone endpoint.
• Increased security by controlling and enforcing the patch state and update levels of OS and applications from and in a central location
• More effective use of local PCs
• Rapid deployment, or re-deployment, of desktops to new and existing users
• Simpler regulatory compliance (e.g. HIPAA and SOX)
• No application compatibility issues (as can be the case for TS or Citrix) as each user has a complete, but virtualized, computer available.

VMWare’s VDI solution (Virtual Desktop Manager, VDM) consists of three main elements: Virtualization servers with associated infrastructure, hosted individual OS instances and the Connection Server (VMware’s VDI Connection Broker). The Connection Server distributes and manages incoming connections from users towards the OS instances on the backend server infrastructure. The Connection Server is thus a core component in any VDI installation. The G/On server is set up in front of the VDI Connection Server to handle all network related functions.

Advanced virtualization technologies are highly optimized towards the effective use of hardware and software resources thus making them very computer centric (server and PC). Typical virtualization solutions do not address the challenges of the network between client and server(s). IT Administrators looking to deploy VDI are still left with traditional SSL or IPsec based VPN solutions which rely heavily on third party solutions (e.g. tokens, certificates, proxies etc.) to provide the security levels required to reap the full benefits of desktop virtualization.

When analyzing this challenge of connecting virtualized servers with virtualized desktops it becomes clear that there are five challenges to overcome:

1. Identifying who is trying to connect: Strong multi factor authentication of end users
2. Protect the backend from potential infections from unknown devices
3. Protect data in transit on the Internet, i.e. encryption
4. Filtering of connections before allowing access to the back end based on identity, location and client PC or user.
5. Authorization of users’ connections to back end applications, i.e. the virtual desktops

Simply deploying standard RDP and SSL technology, as is typically recommended, only addresses a small part of this overall picture.

2. The Solution

A complete end-to-end secure virtualization is achieved by integrating G/On and VMWare VDI:

1. All necessary client side software (VMWare View and G/On) is copied to theunique G/On USB token that also serves as HW authentication device.
2. At execution (e.g. auto launch from the USB CDROM) a seamless and secure connection to the G/On server is established and the user is authenticated.
3. The VMWare View client is automatically launched and provides the user with a direct and secure access to the virtual desktop inside the VMWare farm from any PC with internet access – no installation is required.

The G/On USB option provides the mobility support that enables extended use of VDM beyond internal networks to almost any location on the Internet. The VMWare View Client runs off the G/On USB device thus combining the networking capabilities of G/On with the mobility and maintenance advantages of having all client side software integrated on the unique G/On USB. Furthermore, the built-in software deployment system in G/On allows the IT Administrator to centrally manage all necessary client side software.

Giritech remains the only vendor in the market that provides a complete, end-to-end and fully integrated user to application networking solution. G/On therefore completes the virtualization picture by offering a unified and optimized network infrastructure.

3. Benefits

• Improved end user experience, just “Plug and Work”
• Increased security by addressing all the security challenges associated with network access in an integrated way
• Mobility, carrying all required executables on the secure G/On USB device allows access from almost any internet connected PC
• Lower network complexity. G/On provides an end-to-end complete network solution connecting users to their virtual desktop.
• Full tracking and logging of all user access

4. More Information

Download a complete description of the benefits of G/On and VDI: