A recent blog post by Brian Madden compares the security differences between Type 1 and Type 2 hypervisors. Brian writes that Type 1 bare-metal hypervisors are “possibly more secure due to the smaller attack surface of the hypervisor.” But he’s quick to point out that neither Type 1 nor Type 2 hypervisors are a one-size-fits-all solution.
After reading Brian’s blog, I thought about MokaFive’s approach to security. The problem with security is that you can’t talk in absolutes: the discussion depends on both the use case and its associated risk profile. If you are completely intolerant of risk, then you have to ignore the benefits of most Internet-based computing and keep your computer offline, locked up in a dark room. But in the real world, you have to support mobile and offline workers so they can be productive, and with that comes some risk. This is true of any computing model, but it’s important to mitigate that risk by choosing the best technology for your needs.
Let’s specifically look at the BYOC model where organizations want to enable computing on employee-owned machines. While there are many models to deliver specific applications from the cloud using technologies such as terminal services or even app streaming, these don’t provide the full usability of the entire desktop environment. So, what are the options for BYOC? There is VDI, but it provides no offline access and contrary to popular belief is not completely secure, either. While the VDI desktop lives in the datacenter, IT has no way to control the endpoint machine accessing the VDI session. Those endpoints could have keyloggers or screenscrapers that can siphon data from the VDI session.
In contrast, with the client-side models, a fully encapsulated VM is delivered to the endpoint, either directly on baremetal (with Type 1 hypervisor), or on top of an existing OS (with Type 2 hypervisor). There is almost unanimous agreement that a Type 1-based model will not work for BYOC, since no user will allow IT to forklift their personal machine. Only when Type 1s are shipped with OEM machines will this model will become viable for BYOC.
Net-net, a Type 2-based client-side model, where a fully managed, encapsulated VM is delivered on top of the user’s existing OS, is ideally suited for BYOC. It provides users access to the corporate environment anytime, online or offline, without impinging on their personal machine environment.
MokaFive supports a Type 2 model today while allowing you to grow to a Type 1 approach in the future. We leverage the MokaFive player residing on the client to provide additional protection against risks associated with BYOC. I have outlined below our approach with seven layers of security that protect against your concerns:
1. Host checker
- Checks for basic performance characteristics of the machine. It can also be extended to check for any other security characteristics of the host (such as configuration and execution status of anti-virus software) prior to the launch of the virtual desktop.
2. VM encapsulation
- Encapsulates a full, locked down OS controlled by IT. This allows IT to completely control the patch level and GPO security settings.
3. VM encryption
- Encrypts image with AES 256, including the base image and all user data. We also intercept all I/O that the hypervisor writes to disk or to memory, and this data is compressed and encrypted.
4. Tamper resistance of both code and policies, and copy protection
- Attempts to alter the executable or configuration will disallow the Player from running. Also, by policy, IT can disallow users from moving images from one machine to another.
5. AD authentication / Two-factor authentication (RSA or PKI)
- Integrates with Active Directory to enforce users’ authentication prior to virtual image access. Optionally, IT can configure RSA SecurID or PKI as a second authentication factor for additional security.
6. SSL
- Communicates with the server over SSL. Clients validate the server’s SSL certificates against a Certificate Authority.
7. Policies
- Enables administrators to have fine grained, centralized control of operational and security polices, such as peripheral access, and ability to drag and drop files from host to guest or vice versa.
Simply put, MokaFive is one of the few vendors that provides a secure, fully managed virtual desktop model for a BYOC model. Stay tuned: in an upcoming blog, we will talk about BYOC best practices.
.png)
Purnima Padmanabhan, VP of Products and Marketing
No comments:
Post a Comment