Putting VDI Security Concerns to Bed and……….

September 12, 2012 - 0 Comments

………..New Cisco Data Center Security Enhancements

The workplace is changing fast. Workers are becoming increasingly mobile. The introduction of employee-owned consumer devices like tablets, is becoming the norm; in fact, the average number of devices used by knowledge workers is between 3 and 4 and rising. While IT organizations acknowledge the productivity, business agility and cost benefits these developments can bring, they are also concerned by the associated challenges. Not surprisingly, numerous industry research papers point to device, application and data security, and regulatory compliance as the biggest challenges for mobility and BYOD projects.

To address these security concerns many IT organizations are applying desktop virtualization or virtual desktop infrastructure (VDI) technologies to ensure management and protection of the applications, data and content centrally in the data center, regardless of which device is used. But how can IT ensure that VDI deployments themselves are secure?

Today, Cisco announced new data center security enhancements that further protect VDI deployments. These new innovations enable more scalable, secure access to hosted virtual desktops and more robust protection of data center resources. These innovations also ensure that business critical applications and virtual desktops hosted within the data center can be better protected from other virtual desktops that have become compromised or infected. (Read also today’s blog from John N. Stewart , Cisco Sr.VP, Chief Security Officer  “Does Virtualization Improve Security ? “)

Deploying a data center infrastructure that has the built-in security capabilities to address these challenges needs to be an integral part of any VDI design. The Cisco VXI Smart Solution  is a comprehensive, secure desktop virtualization solution that addresses these security concerns in both Citrix XenDesktop and VMWare View deployments; you can find more information on the designs here.

For customers considering VDI deployments, today’s announcement provides several key benefits:

  1. More secure, scalable, pay-as-you go virtual desktop access: System administrators and security professionals must take care to protect the virtual desktops and applications hosted in the data center against all threats. The Cisco Adaptive Security Appliance (ASA) 9.0 Platform is a major update to the ASA firewall operating system. It delivers among many other things greater data center security and VPN performance, pay as you grow scale and greater context awareness. As you grow virtual desktop initiatives from initial pilots to full scale enterprise wide deployments, ASA can grow with you, all the way up to 320 Gbps to support many thousands of virtual desktop sessions. Scaling is achieved through clustering technology, which allows IT to manage a stack of ASAs as a single logical device. This latest version also supports single-sign-on (SSO) for virtual desktops and provides multi-tenant security to support – for example –  isolation of virtual and native device access on the same ASA. These new ASA capabilities are complemented  by  Cisco AnyConnect 3.1 that enables enhanced device access for BYOD deployments.
  2. Providing inter-zone security for hosted virtual desktop deployments:
    Mission critical web and application servers using the same data center infrastructure and network as virtual desktops can now present a much larger attack surface for any compromised virtual desktops. Inter-virtual-machine and inter-virtual-desktop traffic now pose a more important security consideration that IT managers need to address.  Today Cisco is announcing the Cisco ASA 1000V, a purpose-built ASA firewall for multi-tenant virtual and cloud environments. A single ASA 1000V instance can protect many disparate virtual desktop workgroups and application workloads with different appropriate security policies. Built on the industry-leading Cisco Nexus 1000V Series switch and complementing the Cisco Virtual Security Gateway (VSG) ,  ASA 1000V reduces deployment complexity and improves scalability to provide end-to-end security for virtual and physical desktop deployments.

While desktop virtualization is inherently more secure than native device deployments, the bottom line is that you must carefully plan your security architecture for virtual desktop deployments.

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.