Sun and Oracle Channel Sun How to Buy Log In United States [Change] English
Sun Inner Circle: For Business & Technology Leaders Sun Inner Circle: For Business & Technology Leaders

Strengthening Data Security with Desktop Virtualization


Virtualized desktop environments can reduce costs, improve user access, and protect information

Related Resources
»  Sun Virtualization Solutions
»  Sun Desktop Virtualization
»  Virtual Desktop Webcast
»  Sun Virtual Desktop Infrastructure Software
»  Sun Secure Global Desktop Software
»  Sun Ray Thin Clients

Organizations have invested heavily in security infrastructures to protect enterprise information stored in the datacenter. While multiple firewalls, SSL, user authorization systems, and even encryption have fortified datacenter security, another area remains vulnerable for many enterprises — the desktop.

Hundreds or thousands of PCs and laptops can easily pose a security liability. A diligent employee in accounting may decide to bring her laptop home to continue working on a financial spreadsheet — but if the laptop is lost or stolen along the way, the entire enterprise can be put at risk. Multiply this scenario by all the other instances in which information is stored locally, and the scope of potential security problems is alarming, as evidenced by the number of high-profile breaches in recent years.

Virtual desktop environments can strengthen enterprise security by eliminating the need to store data on laptops or PCs and storing it instead where it can be best secured and managed by IT professionals — in the datacenter. And desktop virtualization can deliver related benefits to IT and business as well:

  • Reduce IT costs to administer and maintain laptops or PCs
  • Cut power consumption by replacing power-hungry laptops and PCs with energy-efficient thin clients
  • Improve flexibility and information access for an increasingly mobile and widespread workforce
  • Provide centralized, server-based backup to guard against data loss or corruption

Three Approaches to Desktop Virtualization
As with datacenter server virtualization, desktop virtualization allows organizations to get more out of existing hardware, wherever it may be located, which can lower operating costs. The trick is to make sure that desktop virtualization keeps data in the datacenter where it belongs and that the appropriate users can easily access the data.

Desktop virtualization generally falls into three categories — sharing an operating system among many users on a single server, using dedicated blades for each user, and virtualizing the entire desktop environment.

Virtualized Desktop Solutions
  • Sharing an operating system on a single server: This approach can work well if users are all using the same operating system and applications are designed for multi-user access on a server operating system. Yet many business applications, especially those written in-house, are not designed to be used by multiple users simultaneously or installed on server operating systems. These applications either run into issues as files are accessed or simply do not run at all in such environments.
  • Using dedicated blades for each user: With this approach, a blade PC in the datacenter is dedicated to each user and reduces the possibility that users will store data on laptops or desktop PCs. At first glance, the low cost of blades makes this approach appealing, and it is attractive from a manageability standpoint. But when a user is not accessing data held on the blade, the hardware remains idle — and trades the inefficient utilization of a desktop PC for even more usage inefficiency on the blade.
  • Taking the dedicated virtual machine approach: Dedicated virtual machines are similar to server virtualization and can provide IT with the most security oversight. This approach has the additional advantage of allowing IT administrators to use existing desktop administration skills and tools, allowing for quick conversion from a traditional PC environment to a virtual desktop environment. Once the desktop is centralized in the datacenter, the organization can choose from a wide variety of low-power consumption client devices (like Sun Ray virtual display clients), or continue using its existing desktop PCs as simple clients until they are no longer useful.

Sun’s Dedicated Virtual Machine Approach
Sun’s Virtual Desktop Infrastructure Software (Sun VDI Software), in conjunction with the Sun Virtual Desktop Connector beta, takes the latter dedicated virtual machine approach to allow administrators to centralize desktop environments and provide access from a wide variety of client devices.

A key component of Sun's portfolio of virtual desktop solutions, Sun VDI software allows administrators to statically or dynamically assign virtual desktop environments to users that can then be accessed from nearly any modern client device, including Windows PCs and laptops and Sun Ray virtual display clients.

Once an organization opts to centralize its desktop environment with Sun VDI Software, access is seamless across all supported client devices. This means that a user can, for example, access his or her virtualized Windows XP desktop from a Sun Ray client at the office and then go home and access that same desktop environment from a Mac or PC. This ability to shift a desktop session between Sun Ray devices and other supported client devices is a key differentiator for Sun VDI Software.

Sun Virtual Desktop Solutions

Sun Virtual Desktop Solutions Keep Data in the Datacenter
Sun is a pioneer in desktop virtualization, having deployed Sun Ray clients and centralized desktops to Sun corporate users for nearly a decade. In this environment, users can freely move between Sun offices around the world carrying only their Java Card identification badges. When users arrive at a Sun office, they simply insert their Java Card into any available Sun Ray client and receive instant access to their work desktop environments, including any applications they may have running and all their documents and data. And with Sun VDI Software, this capability can extend to devices other than Sun Ray clients as well.

To achieve this secure yet mobile access to the desktop environment, Sun VDI Software leverages a three-tiered architecture:

VDI Architectures-Overview
  • The client tier consists of desktop systems such as Sun Ray clients, PCs, or laptops running the Solaris, Windows, or Linux operating systems or Mac OS X-based computers.
  • The access tier infrastructure consists of Sun VDI Software and the Solaris OS and brokers connections between client devices and the virtual desktop tier. Depending on infrastructure requirements, organizations can connect directly to the Sun VDI Software servers (for example, in a trusted LAN environment) or, for remote deployments or a more secure LAN option, leverage secure connections by using VPN infrastructure or built-in SSL capabilities.
  • The virtual desktop tier comprises all the hardware and virtualization software and storage for desktop images, and currently runs on VMware Infrastructure 3 software, x64 servers (such as Sun Fire servers), and Sun StorageTek storage. A single server can host a large number of completely separate desktop OS instances, often many more virtual machines than in a typical server virtualization deployment.

Once the virtual desktop architecture is in place, a virtual machine can be cloned and provided to a user within minutes, saving both IT and the end user vast amounts of time setting up and maintaining desktop environments. Security safeguards in Sun VDI Software include SSL/TLS encryption with up to 256-bit cyphers, allowing users to connect with confidence at home or on the road.

For Sun Ray clients, a software VPN client compatible with Cisco VPN 3000 deployments is built into the Sun Ray client hardware. With critical data and applications stored on centralized servers with backup capabilities and secure connections, the risk of data being lost, stolen, or corrupted on a laptop or PC is virtually eliminated.

Reuters Strengthens Data Security with Desktop Virtualization
The Reuters international news agency is using Sun desktop virtualization solutions to strengthen security and reduce administration costs. Like any company, Reuters has financial and personnel data it needs to protect. But as a news agency, the company also needs to protect developing news exclusives and the names of sources, which can be vulnerable when stored on laptops or PCs.

To enhance security, Reuters recently launched a pilot virtual desktop program in its Beijing bureau in the People's Republic of China. The bureau replaced its existing network with over 500 virtual desktops based on Sun technology, and Reuters plans on implementing thousands more in other bureaus throughout the world.

While protecting story ideas and sources was a key concern for Reuters, the company also was looking for a way to secure data in the event of a disaster. Should desktops in a bureau office suddenly go down, journalists and editors will still be able to access their data, which is held in datacenters with redundant storage. Security is further enhanced because each virtual desktop environment is isolated from the others. In the event that one virtual machine is hit by a virus, it is unlikely to infect other virtual machines, and the problem can be quarantined and addressed by IT staff in the datacenter.

At the University of Maryland, IT Manages More with Less
For cost-conscious organizations, desktop virtualization can manage growing pains in a way that traditional desktop environments cannot. At the University of Maryland, the school’s administrators worried about how to manage over 10,000 aging PCs, each consuming between 60 to 90 watts of power. A hiring freeze compounded the problem, making it increasingly difficult for IT staff to manage growing numbers of desktop systems.

Sun helped overcome these issues with a combination of energy-efficient server hardware and Sun virtual desktop solutions. By gradually phasing in Sun Ray clients, the school was able to reduce utility costs because the Sun Ray clients consume 10 times less energy than traditional PCs — or about as much power as a nightlight.

At the University of Maryland, Sun Ray clients reduced utility costs because they consume 10 times less energy than traditional PCs — or about as much power as a nightlight.

Ending Desktop Sprawl Increases End-User Capabilities
With the ability to provide users with desktops virtually anywhere with little security risk, IT can become more responsive in providing end users with applications. At Sun, where desktop virtualization has been the norm for years, users simply use any one of about 30,000 Sun Ray clients deployed around the world. And with this kind of access now available to multiple devices and operating systems, end users can find even more ways to be productive.

In addition to providing access to more kinds of applications and operating systems, the flexibility of virtual desktop solutions can reduce the cost of software development and administering and maintaining hundreds or thousands of laptops or PCs. Entire environments can be created — and torn down — on the fly. Or, users can access familiar proprietary productivity software, while also using open-source applications for emailing and Web browsing.

It’s all made possible by ending desktop sprawl — and keeping data in the datacenter where it belongs.