Citrix makes desktop virtualization secure enough for secret environments

Citrix makes desktop virtualization secure enough for secret environments

Summary: Using desktop virtualization in highly secret environments is very challenging. Desktop systems may only be allowed to communicate with certain servers over certain secure networks.

SHARE:

Using desktop virtualization in highly secret environments is very challenging. Desktop systems may only be allowed to communicate with certain servers over certain secure networks. Individuals may be limited to working with data that their role and security clearance allows. In the past, no commercial, off-the-shelf, VDI product was secure enough to satisfy all of the requirements presented by government agencies, contractors and suppliers. Without a great deal of work, commercial products just couldn't address the network, application and data isolation and access control required.

I had an opportunity to speak with a couple of folks (Peter Blum, Director of Product Management, and Raymond Chew, Senior Product Manager) from Citrix about addressing the security challenges found in enterprises and the extreme requirements found in government agencies. They detailed what sort of work had to be done to make commercial products address that level of security challenge. They also introduced me to XenClient 2 and XenClient XT.

Here's how Citrix describes the XenClient family of desktop virtualization products

XenClient is a client-side hypervisor that enables virtual desktops to run directly on client devices. By separating the operating system from the underlying hardware, desktop images can now be created, secured, deployed and moved across any supported hardware, greatly reducing the maintenance burden on IT and simplifying disaster recovery for laptop users. Optimized for Intel vPro XenClient delivers the high definition experience that users expect.

How Citrix describes XenClient XT

XenClient XT provides unprecedented levels of scalability, security and performance for local virtual desktops to provide an optimal experience for even the most demanding user types. Benefits include:

  • Multi-level desktop consolidation that delivers the extreme scalability to run a large number of securely isolated desktop computing environments on a single physical system.
  • Security without compromise by running graphically and computationally demanding workloads with extreme levels of security and performance—all while delivering an unmatched HDX user experience.
  • Extreme desktop isolation by using a thin, next-generation Type 1 client hypervisor with hardened components and network isolation service VMs, allowing multiple security domains and multiple networks on the same system.
  • Continued product innovation building on an actively maintained commercial off-the-shelf (COTS) solution with a rich ecosystem that includes Intel and major PC OEMs.

Snapshot analysis

In the past, government agencies and enterprises needing the highest levels of security, would have to place multiple secure workstations on a staff member's desk. Each of these workstations would be connected to separate security domains and would allow access to its own set of applications and data.

As one might expect, the installation, management and operational support for a veritable herd of workstations for each staff member was both costly and complex. Virtual desktop environments held out the hope of consolidating these separate application environments onto a single workstation. Unfortunately, the available commercial solutions weren't quite up to the task.

Citrix worked with its partner Intel to create hardware/software solutions that would pass muster.  Intel provided Intel® vPro™ microprocessors that provided the underpinnings for levels of security high enough to address the requirements. Citrix provided a bare metal, highly secure version of its XenServer server virtualization product that was optimized for a desktop environment and would make use of the features of the Intel microprocessor. XenClient XT is the result of these efforts.

If your organization needs to deliver an absolutely locked down desktop environment, this product might just be the ticket.

I've spoken with other suppliers offering bare metal hypervisors, including Virtual Computer and MokaFive. Each of them is presenting similar sounding messages. I would advise speaking with all of them to determine which product best fits your organization's needs.

Topics: Virtualization, Emerging Tech, Hardware

About

Daniel Kusnetzky, a reformed software engineer and product manager, founded Kusnetzky Group LLC in 2006. He's literally written the book on virtualization and often comments on cloud computing, mobility and systems software. In his spare time, he's also the managing partner of Lux Sonus LLC, an investment firm.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

7 comments
Log in or register to join the discussion
  • RE: Citrix makes desktop virtualization secure enough for secret environments

    Dan,

    Don't get too infatuated with the marketing BS from Citrix. Multi-level systems for the black badge departments in the government using virtualization have been around for over 15 years from Sun and SCO. In fact that is where the Virtual Bridges type-1 hypervisor (which you for some reason don't mention) comes from.

    Jim
    Austin2638
    • RE: Citrix makes desktop virtualization secure enough for secret environments

      @Austin2638 thanks for your comment. No single post can be seen as an attempt to present a comprehensive review of the market.

      Dan K
      dkusnetzky
    • yes

      @Austin2638

      Where does Idaho rank? We have been living in Montana for the past 5 years and I am not supri<a href=http://www.meusexshop.com>sexy shop</a>to find it #3 on the "worst" list. Considering a<a href=http://www.produtodesexshop.com.br>sexshop</a>move to Idaho to escapthe high cost of living a low income in MT. There may not be a sales tax here but they get you if you own property!
      filhomarques
  • OK...From the article, it is still unclear

    So Citrix has a bare metal hypervisor. In and of itself, that is a laudable goal. However, that does not equate with a greater level of security. What exactlty is Ctrix doing that putatively makes it more secure than any other Type I hypevisor?
    Your Non Advocate
    • RE: Citrix makes desktop virtualization secure enough for secret environments

      @facebook@... I'll leave it up to Citrix to explain how their technology works. In a nutshell, they've worked with several government agencies and Intel to make optimized use of Intel's Vpro technology in the hypervisor to lock down the hypervisor and the virtual machines it is supporting.

      As I pointed out in the post, other suppliers have also followed a similar path.

      Dan K
      dkusnetzky
  • RE: Citrix makes desktop virtualization secure enough for secret environments

    I agree that a Type-1 hypervisor provides a foundation upon which a number of security enhancements can be implemented. Once you move to an architecture that separates the application operating system (OS) from the hardware, you have the ability to restrict/monitor/encrypt/etc the operating system container. The hypervisor along with hardware mechanism such as Intel TXT really do provide a level of security that is unattainable with a native OS.

    Peter Marconi - Virtual Computer
    peter_marconi
  • RE: Citrix makes desktop virtualization secure enough for secret environments

    Thanks! i need this <a href="http://eltestvocacional.com/">test vocacional</a>
    hueillo