Citrix makes desktop virtualization secure enough for secret environments

Using desktop virtualization in highly secret environments is very challenging. Desktop systems may only be allowed to communicate with certain servers over certain secure networks.

Using desktop virtualization in highly secret environments is very challenging. Desktop systems may only be allowed to communicate with certain servers over certain secure networks. Individuals may be limited to working with data that their role and security clearance allows. In the past, no commercial, off-the-shelf, VDI product was secure enough to satisfy all of the requirements presented by government agencies, contractors and suppliers. Without a great deal of work, commercial products just couldn't address the network, application and data isolation and access control required.

I had an opportunity to speak with a couple of folks (Peter Blum, Director of Product Management, and Raymond Chew, Senior Product Manager) from Citrix about addressing the security challenges found in enterprises and the extreme requirements found in government agencies. They detailed what sort of work had to be done to make commercial products address that level of security challenge. They also introduced me to XenClient 2 and XenClient XT.

Here's how Citrix describes the XenClient family of desktop virtualization products

XenClient is a client-side hypervisor that enables virtual desktops to run directly on client devices. By separating the operating system from the underlying hardware, desktop images can now be created, secured, deployed and moved across any supported hardware, greatly reducing the maintenance burden on IT and simplifying disaster recovery for laptop users. Optimized for Intel vPro XenClient delivers the high definition experience that users expect.

How Citrix describes XenClient XT

XenClient XT provides unprecedented levels of scalability, security and performance for local virtual desktops to provide an optimal experience for even the most demanding user types. Benefits include:

  • Multi-level desktop consolidation that delivers the extreme scalability to run a large number of securely isolated desktop computing environments on a single physical system.
  • Security without compromise by running graphically and computationally demanding workloads with extreme levels of security and performance—all while delivering an unmatched HDX user experience.
  • Extreme desktop isolation by using a thin, next-generation Type 1 client hypervisor with hardened components and network isolation service VMs, allowing multiple security domains and multiple networks on the same system.
  • Continued product innovation building on an actively maintained commercial off-the-shelf (COTS) solution with a rich ecosystem that includes Intel and major PC OEMs.

Snapshot analysis

In the past, government agencies and enterprises needing the highest levels of security, would have to place multiple secure workstations on a staff member's desk. Each of these workstations would be connected to separate security domains and would allow access to its own set of applications and data.

As one might expect, the installation, management and operational support for a veritable herd of workstations for each staff member was both costly and complex. Virtual desktop environments held out the hope of consolidating these separate application environments onto a single workstation. Unfortunately, the available commercial solutions weren't quite up to the task.

Citrix worked with its partner Intel to create hardware/software solutions that would pass muster.  Intel provided Intel® vPro™ microprocessors that provided the underpinnings for levels of security high enough to address the requirements. Citrix provided a bare metal, highly secure version of its XenServer server virtualization product that was optimized for a desktop environment and would make use of the features of the Intel microprocessor. XenClient XT is the result of these efforts.

If your organization needs to deliver an absolutely locked down desktop environment, this product might just be the ticket.

I've spoken with other suppliers offering bare metal hypervisors, including Virtual Computer and MokaFive. Each of them is presenting similar sounding messages. I would advise speaking with all of them to determine which product best fits your organization's needs.


You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All