Virtual Desktops (VDI) gives companies the opportunity to make their IT systems more secure and optimise their capacities. The virtualisation software used must be precisely adapted to the circumstances and adjusted to the environment.
Highly secure VDI
We implemented desktop virtualisation for the first time more than ten years ago and added it to our portfolio. Since then we have successfully completed various projects with virtualisation programs from various manufacturers. This experience forms the basis of our well-founded, cross-vendor advice and makes it easier for us to implement highly secure VDI projects, even in grown IT infrastructures.
The basis of most approaches to desktop virtualisation is that the user desktop is not set up locally on the end device of the respective user, but is provided centrally by a server farm. Then the user only needs a simple box that provides the keyboard, mouse and monitor. This can be a thin client from HP or IGEL, a private PC, Mac, a tablet or smartphone.
This makes it possible for companies to manage these virtual environments by using layering technologies and to granularly distribute all programs and applications to the respective end users and patch them accordingly.
We would be happy to clarify together with you, whether VDI can be useful for your company or to show you how you can use LoginVSI to explore the maximum capacity of your virtual environment.
VDI in a Flightcase
Apparently, we convinced you to continue reading. Therefore, we simply assume that you are generally interested in VDI or even want to test a VDI environment. We are delighted to hear it!
This leads to many questions: Would you like to test one of the more popular virtualisation tools such as Citrix XenDesktop or VMware Horizon ? Would you rather give Workspot, Ericom or Parallels OpenRAS a chance? Where do layering technologies make sense? How performant should the test system be? Do I need special hardware for my Autocad users or other specialists? Where do I get it? And many other questions...
With our Flightcase, we eliminate almost all ambiguities, which we are happy to provide at net cost price. With “VDI in a Flightcase” you get a fully configured, high-performance hardware system including an AD domain with the virtualisation tool you want. Just give it a try!
PAM via VDI
Who in fact controls your administrators? And we don't necessarily mean your own IT team, but above all external service providers who access parts of your infrastructure from the outside.
This is mostly done by Privileged Access Management solutions (PAM) such as Wallix, Balabit or Cyberark. All of them really good solutions that actually always work with a “jump server”. And they are being paid for the number of endpoints to be accessed. The catch: You decide for a manufacturer; Thus a change is usually very expensive. The manufacturers know this and therefore they can also charge these astronomical prices.
Regardless of the prices, this was far too inflexible in some projects. We therefore use a VDI environment to which the external (and internal) administrators connect. Every administrator has his “own” virtual machine, on which he only sees the tools he is allowed to access. Access data, passwords, ssh-keys etc. are automatically made available in the background — they no longer appear in plain text. All actions on the respective desktop are recorded seamlessly and are retrospectively searchable.
Do the manufacturers/suppliers require their own support tools? That’s no problem, because whether an external administrator or technician should connect via Teamviewer, Anydesk, Pcvisit or whatever, only this application will be available on the respective desktop. In addition, your internal/external admins can, of course, connect via Citrix, Horizon or RDP, depending on which VDI solution you prefer. If you can stipulate that: Two/three factor authentication is not a problem.
The revision-proof data transfer from the outside to the inside is ensured by a multi-level antivirus concept. Also here, the respective administrator only sees the data that is intended for him.
We recommend a decoupled ActiveDirectory environment. And since we are in a DMZ in which the individual virtual desktops each have a fixed IP address, we can — depending on the hardware firewall used — define the access rights relatively easily based on AD group membership or IP addresses.
This solution is supported by: The whole system is only licensed according to the number of administrators — the number of endpoints is not of importance. So if you have 500 escalators, 50 CNC milling machines, 20 painting robots or a handful of external programmers who need constant or occasional access from outside, this is your solution.
The system has deliberately been created to be very manufacturer-independent: For example, if you no longer want to work with VMware Horizon, simply replace it with Citrix XenDesktop or Microsoft VDI. And you can do that with all four tools that we use in this environment.
Sounds easy? It is. Promised! Nor will it take us 4 weeks to give you a price for your environment.
But with that, the file transfer and the actions of the users are monitored: If you now also want to know whether the systems will behave in any strange way afterwards, you should still consider a SIEM solution.