Dell, once the quintessential 'box-shifter', has in recent years followed the industry trend towards (to borrow a phrase) a devices-and-services model in pursuit of continued profit, as margins on mainstream hardware shrink to wafer-thin levels. Hardware doesn't come much more mainstream than the business desktop PC, and to differentiate its offerings from the competition Dell now offers a bundle of security solutions under the Dell Data Protection (DDP) banner. Executives from the company were in London this week to announce a new addition to the DDP portfolio, show off a couple of recently launched OptiPlex all-in-one PCs, and discuss the latest desktop virtualisation offerings from Wyse (a Dell company).
OptiPlex AIOs: 3030 & 9030
Dell's latest all-in-one (AIO) business desktops are the 19.5-inch OptiPlex 3030 (from £439 ex. VAT/$799) and the 23-inch OptiPlex 9030 (from £689 ex. VAT/$899), both optionally available with touchscreens and discrete GPUs.
The redesigned Core i3/i5-based 3030 model is thinner than its predecessor, despite the presence of a newly integrated power supply. USB ports, often the source of data leaks, can be turned off via the BIOS, or locked down with a port cover. Other physical security features include a lock slot and a plate lock for attaching the computer to a desk. Dell also stresses the OptiPlex 3030's green credentials, citing the use of carbon-negative AirCarbon packaging and closed-loop recycled plastic in the chassis.
The top-end (vPro) Core i5/i7-based 9030 model offers tool-free access, a height-adjustable, pivotable 23-inch screen, a Lync-certified HD webcam and dual-monitor capability. There's also support for Dell's Hardware Crypto Accelerator (see below), which along with a Trusted Platform Module (TPM) chip and the DDP suite makes this "the most secure commercial all-in-one desktop in its class", according to Dell.
Dell Data Protection
The security of business data is a perennially hot topic and Brett Hansen, Dell's executive director of client solutions software, was keen to emphasise the scale of the problem at the London briefing. Hansen quoted Dell research reporting that 87 percent of organisations have experienced a security breach in the past 12 months and that 62 percent of IT decision makers feel that traditional anti-malware solutions are not up to the job.
A large part of the security problem is down to so-calledor APTs, which use 'under-the-radar' vectors such as zero-day attacks, spear-phishing emails, watering-hole attacks or weaponised email attachments to stealthily breach a company's network before activating — often after considerable delay — and stealing valuable assets.
The Dell Data Protection (DDP) solution bundle, which is available on the company's business-class laptops, workstations and desktops, takes a three-pronged approach to user and endpoint security: file-level encryption (using technology from 2012 Dell acquisition Credant Technologies); authentication (via FIPS-certified TPM chips, fingerprint readers and smartcard readers); and malware prevention (using secure virtual container technology from Dell partner Invincea).
The basic DDP offering has been available for a year, and Hansen was bullish about the growth in licensed endpoints that Dell has seen in this period — especially in mid-market organisations, where, he says, the need is greatest.
The latest DDP development provides integration between Dell's file-level encryption offering and Dropbox for Business (DfB) — the fruit of a partnership announced towards the end of last year. The new DDP/DfB solution will support separate (encrypted) work and personal folders, with 'one-click wipe' available to IT managers when they need to decommission an employee's work (but not personal) folder. Also supported, uniquely, is 'one-click sharing' of encrypted Dropbox documents between authorised users; if an attempt is made to share with an unauthorised recipient, the sender gets an alert with IT-department advice on how to proceed.
Hansen also stressed that the combination of another DDP component, Dell's Hardware Crypto Accelerator (HCA), and the TPM chip is the only commercially available disk encryption system with FIPS 140-2 Level 3 certification. This 'gold-standard' solution, available with 3Gbps self-encrypting drives (SEDs) on the OptiPlex 9030 (see above), allows encryption keys to be stored on the TPM, independently of the encrypted data, which is rendered irretrievable if the drive is removed from the system.
Wyse virtual desktop solutions
An effective security strategy is to deliver virtual desktops to thin clients and other endpoints, keeping applications and data safely in the data centre. However, as Jeff McNaught, executive director and chief strategy officer for cloud client computing, pointed out, desktop virtualisation can be expensive, complex to configure and limited in functionality. McNaught highlighted the breadth of the Dell/Wyse desktop virtualisation offering, with 15 reference architectures — from servers to endpoints — covering user populations from 50 to 50,000, and supporting Citrix, VMware, Microsoft, Quest (vWorkspace) and Wyse (WSM) technology. A Dell/Wyse technology MacNaught was keen to showcase was the Virtual Desktop Accelerator (VDA), which can ameliorate packet loss and latency on long WAN links — allowing, for example, a bank in Australia to access virtual desktops on a London-based server and still get an acceptable user experience.
Another recent desktop virtualisation development McNaught discussed was the Datacenter for Virtual Workstations, a server, storage and connectivity combo that leverages high-end Nvidia GPU technology and makes it available in a virtual desktop environment. "This solution allows our customers to have all their secret data in the data centre, where it belongs, and deliver it thousands of miles away in a full CAD/CAM environment so that engineers on a low-cost connection can work on the project — but none of that data ever lands on their storage...none of that data can be taken off the thin clients that they use."
Wyse offers several thin client devices (pictured above), including the high-end 7000 Series, which is designed for virtual workstation duties and can support up to six displays, the all-in-one Wyse-ThinOS-based 5000 Series, and the dongle-format, (security-hardened) Android-based Cloud Connect that plugs into any display device with an HMDI/MHL port.