Virtual Desktop Infrastructure (VDI) not only opens the door to easy desktop virtualization, but it also opens possibilities of security breaches.
We live in a world where security is paramount. As our daily life becomes more and more online-based, we need to understand more about how to secure our life online. The trend toward replacing existing physical desktops with VDI is rapidly strengthening, especially with the strong emergence of tablets and other high-end mobile devices coupled with wider and faster mobile network access. It is not only accessibility that drives the process, corporations are driven by the rising cost of CBD floor space, investment reductions in physical desktops, and the ability to centralize user data and management are key motivators for adoption of VDI. Corporations are reducing the amount of office space by introducing working-from-home schemes, using hot desks and providing the ability to work from anywhere, anytime. VDI makes this possible, thus enabling users to take their desktop home, or to the coffee shop around the corner. However, this introduces new risks to the corporate desktop environment that were not apparent before.
Corporations now have to deal with:
Network security for remote users
The ability of users to access confidential corporate information offsite
Securing data against theft using a simple USB stick
Redirecting printing to the nearest printer
VMware View is one of the leading VDI products. Its strength is that it builds upon existing capabilities, features, and investments made into the VMware infrastructure. This book will focus on the essential security features and how to address them using VMware View. Let's start off with defining what View actually contains.
You might be already familiar with most of this; however, I think a quick refresher is not a bad idea. The VMware View product is based on VMware vSphere. Let's just go over the vSphere 5.1 products that are needed to create a vSphere environment.
WebClient Server: VMware announces that the WebClient interface will in future replace the Windows-based vSphere Client. The WebClient has some advantages compared to the vSphere Client; however, it requires people to change their thinking as things look and feel differently.
The View environment consists of the following products that may need to be installed:
Security: The security server can be deployed in a DMZ and forward incoming View Client connection to a View Standard Server. We will look at this in the Chapter 2, Securing Your Base.
Transfer: The transfer server is a buffer service between the View Connection Server and local desktop images (check in and out). We will look at this in the Chapter 2, Securing Your Base.
View Composer: This is used to reduce the amount of storage used for the virtual desktops by creating View Linked Clones. It also reduces deployment time of desktops as not the full desktop has to be cloned.
View Persona Management: The Persona Manager helps with the synchronization of roaming profiles. It is an extra service that needs to be installed. We will look at this in Chapter 3, Securing the Connection.
View Client: The View Client comes for almost any operating system out there including iPad and Android. It enables the ability to connect to a View Connection Server. It comes in two versions: the normal one and the one that allows to checkout a desktop to a local computer.
Now after this short inventory, the following diagram illustrates how these components work together:
Downloading the color images of this book
We also provide you a PDF file that has color images of the screenshots/diagrams used in this book. The color images will help you better understand the changes in the output.
You can download this file from: http://www.packtpub.com/sites/default/files/downloads/0082EN_Graphics.pdf
In addition to this, we have several services that a View installation offers:
This short chapter holds the introduction to this book. It gives an overview of the View infrastructure elements, as well as defining the technical terms we will be using.
In the next chapter, we will start with a quick overview and definition of the View environment, followed by security considerations of the underlying vSphere environment. We will also talk about logging and SSL certificates, and build up a View Replication Server and then shortly discuss load balancing it.