SlideShare una empresa de Scribd logo

Evaluating thin client_security

N
Nick Turunov
TecnologíaEmpresariales
1 de 8
Descargar para leer sin conexión
IT@Intel White Paper Intel Information Technology Business Solutions April 2010 Evaluating Thin-Client Security in a Changing Threat Landscape Executive Overview Equivalent security controls Intel IT’s security team continually analyzes our computing model to determine can be, and are, implemented how it needs to evolve in response to an ever-changing threat landscape. Recent on PCs—without giving up the cyber-attacks on a number of high-profile targets provided added impetus to re-evaluate the security offered by thin-client models and whether using thin functionality that is sacrificed clients could help defend against similar attacks. with the thin-client model. We identified five attributes that are often We also considered other restrictions and perceived as security benefits in thin clients: costs of thin clients, including the inability to prevention of physical data loss, removal support mobile computing, highly interactive of administrative privileges, limitations on or compute-intensive applications, and installed applications, client integrity, and rich media such as video. Thin clients also ability to roll back to a known good state. require significant additional server capacity and network bandwidth. Some thin-client We determined that while these controls can models can also increase the risk of business contribute to a more secure environment, disruption if an outage occurs within the they would not have prevented the recent central network resources upon which the thin cyber-attacks from being successful. Toby Kohlenberg client depends. Senior Information Security Specialist, Intel IT Furthermore, we also observed that these Based on our analysis, we see thin clients controls are not unique to thin clients: as suitable for some niche uses. However, Omer Ben-Shalom Equivalent controls can be, and are, Intel’s environment is 80 percent mobile, and Principal Engineer, Intel IT implemented on PCs—without giving up the most of Intel’s users require the functionality functionality that is sacrificed with the thin- and flexibility of mobile business PCs. John Dunlop client model. Where such controls have not been Mobile business PCs also position us to take Enterprise Architect, Intel IT implemented holistically on either thin clients advantage of emerging technology trends or PCs, the reason is often because they place and service delivery models. Jerzy Rub unacceptable restrictions on user productivity, Information Risk and Security Manager, Intel IT not because of the client architecture.
IT@Intel White Paper Evaluating Thin-Client Security in a Changing Threat Landscape Contents BACKGROUND CLIENT SECURITY Executive Overview............................. 1 Intel IT supports a very large enterprise ANALYSIS environment, with about 83,500 We analyzed security controls Background ............................................ 2 employees spread across 61 countries. commonly associated with thin clients Client Security Analysis...................... 2 Intel depends on its employees for along with their value in the evolving Security Controls Typically business innovation that enables threat landscape. We assessed Associated with Thin Clients .......... 2 the company to grow and continue whether they would have prevented Mitigation Value of to create a competitive advantage. To or mitigated targeted zero-day attacks These Controls................................... 3 foster this innovation, Intel IT provides such as the recent exploits at other Availability of Security about 80 percent of employees with high-profile Web sites. We then Controls on PCs ................................. 4 mobile business PCs. analyzed whether similar controls can Thin-Client Security Concerns ....... 4 be applied to PCs. The cyber threat landscape has been rapidly Security In An Evolving evolving, with an increasing shift towards Threat Landscape ................................ 4 zero-day attacks, which target previously Security Controls Typically Meeting Intel’s Enterprise Needs .... 5 unknown vulnerabilities within hours of Associated with Thin Clients discovery. Some recent attacks on other high- We identified five main attributes that are Future Positioning ............................... 6 profile Web sites have exploited previously commonly perceived as security advantages Dynamic Virtual Client ...................... 6 unknown vulnerabilities in common client in thin clients: Conclusion .............................................. 7 software such as Web browsers. • Physical data loss prevention. With thin- For More Information .......................... 7 Intel IT’s security team continuously monitors client models, storage is restricted to the this threat landscape and regularly analyzes data center, reducing the risk of physical Acronyms ................................................ 7 data leaks. In addition, thin clients often how our business and compute models match up against it. Recent cyber-attacks on some lack ports for attaching external media or high-profile targets caused us to re-evaluate USB memory sticks, further reducing the the security offered by the thin-client model. ability to copy data directly from the client. We also wanted to investigate whether thin • Non-privileged users. User administrative clients could help defend against similar privileges are removed, reducing the attacks in the future. ability of exploits to change system files After analyzing these thin-client attributes, and settings. we examined whether similar controls can • Restrictions on user-installed be applied to PCs. Then we considered applications. Users are not able to install our findings from the perspective of the additional applications that would enlarge IT@INTEL overall Intel IT client strategy, taking into the attack surface of the client machine or IT@Intel is a resource that enables IT account enterprise user needs and emerging infect the system with malware. professionals, managers, and executives technology trends. to engage with peers in the Intel IT organization—and with thousands of other industry IT leaders—so you can gain insights into the tools, methods, strategies, and best practices that are proving most successful in addressing today’s tough IT challenges. Visit us today at www.intel.com/IT or contact your local Intel representative if you’d like to learn more. 2 www.intel.com/IT
Evaluating Thin-Client Security in a Changing Threat Landscape IT@Intel White Paper • Client integrity. All clients are maintained of users’ remaining privileges to gain • Client integrity. Applying consistent, in a consistent state, based on a known access to other systems and any data to up-to-date patches is generally easier configuration baseline. New patches can be which the user has access. Furthermore, with a centralized image, as used in the rapidly and consistently applied by patching removing users’ administrative rights has thin-client model. However, it would not server-based images. no protective effect if the exploited service have prevented the attacks, because • Ability to roll back to a known good is running as a system process rather than zero-day attacks target previously state. With thin clients, this can often be as a user process. unknown vulnerabilities. achieved by rebooting or reloading previous • Restrictions on user-installed • Ability to roll back to a known good versions of a single virtual container file. applications. These restrictions can help if state. Rolling back the client system using they prevent installation of non-essential a server-based client image would not Mitigation Value of applications that could be targeted. However, have helped in recent attacks. The initial These Controls recent exploits have targeted ubiquitous, compromise provided access to Web-based We found that while these controls can essential applications such as Web browsers. services and accounts, and rolling back contribute to a more secure environment, they Furthermore, it is much more difficult to the system after the compromise would would not have provided significant overall restrict users’ access to malicious Web sites not have removed this access. In addition, protection in the recent zero-day attacks. or prevent them from running undesirable since the attack exploited an unknown • Centralized data storage. Traditionally, Web services than it is to prevent them from vulnerability, the system could have been data theft involved using a device to copy installing software on a business PC. just as easily recompromised. data physically stored on the system. However, today’s thefts typically take place over networks, as shown in Figure 1. The restrictions imposed by thin clients do Modern Thief Using thin clients does not prevent nothing to prevent this. All thin clients have theft of data over networks. Internet Browser fast network connections and most have Internet connections. Attackers can use Data Server these fast networks to rapidly transmit data from the server through the firewall. • Non-privileged users. Removing users’ administrative rights may reduce the Traditional Thief Physical intellectual property impact of an infection and make it more theft can be prevented in some cases by using thin clients. difficult for malware to spread to new Terminal systems. However, it cannot always Data Transfer prevent the initial compromise, and unless Network extreme restrictions are imposed, attackers may still be able to avail themselves Figure 1. Thin clients can help prevent physical theft of data from clients; however they do not prevent theft over networks. www.intel.com/IT 3
IT@Intel White Paper Evaluating Thin-Client Security in a Changing Threat Landscape Availability of Security business PCs. Intel maintains standard, evidence is mandated in some cases. Rolling Controls on PCs centrally managed system and application a thin-client system back to a known good We determined that we could, and indeed do, images. These are updated regularly and build, by rebooting from a server-based image, provide equivalent controls on PCs—without used whenever rollback is necessary. may actually have the negative effect of giving up the functionality lost with the destroying this vital evidence on the client. Intel IT currently is able to quickly deploy thin-client model. We have not implemented patches to maintain client integrity, and the these controls holistically, but we have used most time-consuming aspect of the process individual controls where appropriate. is testing and validation of a new patch, not SECURITY IN AN EVOLVING To prevent physical data theft, Intel uses actually deploying it; the time required to test THREAT LANDSCAPE full disk encryption and enterprise rights and approve would not change in a thin-client As the threat landscape mutates management tools. These methods can be environment. With PCs, patches can be rolled toward targeted zero-day attacks, we supplemented with global domain policies or out in waves to increasing numbers of users need to adapt by taking a different physical system modifications to lock down, to mitigate potential problems introduced approach to security. In this landscape, encrypt, or restrict the use of USB memory with the patches; updating all clients at once IT security professionals need to and other external storage devices. In addition, can itself be a risk. assume that clients are vulnerable— folder redirection can be used to store data whether they are PCs or thin clients. in the data center, either exclusively or as a Thin-Client Security Concerns There are also security concerns related Frequently, attackers use custom malware; mirror of the data on the client. The latter to the thin-client model. Centralizing this is unlikely to be detected or prevented approach supports mobile computing. applications and data also centralizes the using traditional methods. Attacks typically The decision about whether to assign focus on ubiquitous components that threat: A network of thin clients provides administrative rights to users is not specific exist on both PCs and thin clients, such as many access points to servers storing shared to thin-client models. Many tools are available essential business applications, the OS, or data and applications, with the associated to remove the administrative privileges of parts of cloud-based services. risk that compromise can affect the entire IT mobile business PC users. If requirements infrastructure. Some thin-client models can Detection requires more sophisticated dictate that PC users receive administrative also increase the risk of business disruption if behavioral analysis for user access and rights rights, third-party software packages can be an outage occurs within the central network utilization, including a more balanced mix of used to manage these rights and to restrict resources upon which the thin client depends. detective and corrective controls. users from installing applications or carrying out other activities unless each action is Centralizing all data, including personal data, Both types of controls may actually be specifically permitted by IT administrators. introduces new privacy concerns, with an easier to implement using new platform Intel uses multiple methods to restrict increased risk of infringing government technologies—such as Intel® Virtualization administrative access and users’ rights. regulations in some countries. Thin- Technology (Intel® VT-x), Intel® Virtualization client models can also have unintended Technology for Directed I/O (Intel® VT-d), Centralized management of a common OS consequences for data leakage; for example, and Intel® Trusted Execution Technology or application image is not unique to thin- we have found that users of thin clients (Intel® TXT)—or separate physical hardware client computing. For example, streaming are more likely to print paper copies of rather than a shared virtualized server-based allows centrally managed OS and application information that can then be disclosed to environment, which is what the thin-client images to be shared by multiple desktop PCs, unauthorized parties. model essentially uses. and anticipated future capabilities include centrally managed virtualized clients that To respond to a security breach, security For example, an attack originating within are downloaded to users’ PCs. In addition, professionals need to know which systems one virtual machine (VM) running on a technologies from several companies can were compromised and when the compromise server may target another VM on that same be used to implement system rollback on first occurred. In fact, preservation of such server in what is known as a VM escape. 4 www.intel.com/IT
Evaluating Thin-Client Security in a Changing Threat Landscape IT@Intel White Paper Reliable preventative and detective controls, future enterprise needs. This analysis some personal applications (Intel, like many analogous to network or host-based intrusion was based on business requirements other companies, permits reasonable use of prevention systems (NIPS or HIPS), do not and technology trends as well as corporate resources in this way). yet exist in the VM management layer to security concerns. Another important advantage of mobile help protect against this sort of attack. By business PCs is that they support all service distributing the execution of the VMs to We found that mobile business PCs delivery models. Our strategy includes a separate client devices, or using technologies support the widest range of uses and growing number of services delivered from on the platform to provide the hardware therefore meet the requirements of most internal and external clouds, and we are isolation, the risk of this sort of attack is Intel employees. exploring new delivery models such as greatly diminished. Locally installed applications, combined application streaming. Equipping users with with local processing power, provide users mobile business PCs means they can run any with increased flexibility to work anywhere, mix of these models while continuing to use MEETING INTEL’S including locations without network access. conventional locally installed applications, as ENTERPRISE NEEDS This also means users retain some computing shown in Figure 2. capabilities in the event of a disaster. Mobile After determining that thin clients In contrast, thin clients have significant PCs support compute-intensive applications would not have prevented the recent limitations. Often, there is limited support for and rich media for communication, including zero-day industry attacks—and mobile computing or working offline, and users video and Voice over IP (VoIP), collaboration, that similar security controls can be cannot effectively run bandwidth-, graphics-, training, and research. Users can run a implemented with PCs—we analyzed or compute-intensive applications. wider choice of software applications, which clients best fit Intel’s current and including business applications as well as External Cloud Internal Cloud Software as a Service (SaaS) Applications Remote Access • Staffing • Travel and Portal Services • Messaging and Collaboration • Productivity Applications • Benefits • Stock Infrastructure • Security and Virtual Machine • Expense • Other SaaS Applications • Enterprise Applications Policy Control • Social Media/Web 2.0 • Hosted Web Applications • User Profile Management • Application Delivery and • Hosted Web Applications Management Service Delivery Models • Primary Data Storage • Workspace/Container Installation Kit/Software Provisioning and Management Provisioning, Streaming, Native Web, Rich Internet, Remote Execution Profile and Data Synchronization Peer-to-Peer Networking • Locally Installed Applications (Office Productivity, Antivirus, and More) • Offline Application Cache Mobile Business PC • Encrypted Data Cache Figure 2. Mobile business PCs can support all emerging service delivery models while continuing to run conventional locally installed applications www.intel.com/IT 5
IT@Intel White Paper Evaluating Thin-Client Security in a Changing Threat Landscape Our analysis has also shown that thin clients FUTURE POSITIONING client solutions that fit the needs of different require significant additional server capacity, enterprise users. Looking forward, our client strategy as well as increased bandwidth across the must continue to keep pace with Dynamic virtual client (DVC) is one option we network supporting the connected users. security requirements, enhance are considering. See “For More Information” Because of these limitations, we have employee productivity, and reduce IT at the end of this paper for discussions of determined that thin clients may be suitable costs. At the same time, we need to other solutions. for only specialized use cases, such as manage added complexities such as an call center terminals, shared kiosks, or increasing number of devices per user, Dynamic Virtual Client manufacturing controllers. However, for these a diversification of form factors, and DVC—a virtualized PC environment delivered on use cases, our analysis suggests that OS the adoption of consumer technologies demand to clients running native (Type 1) high- streaming to PCs may be a better fit for us within the enterprise. security hypervisors—is a key element of our than using thin clients. This is because PCs client strategy. This solution is shown in Figure 3. execute their workloads locally, providing We plan to take advantage of new technologies, We believe DVC will deliver several advantages, greater responsiveness and a better user computing models, and service delivery including device-independent mobility. experience; also, less server and network methods to reconcile these seemingly Users should be able to download and run capacity is required. conflicting requirements. We are planning a their virtual containers on a variety of client segmented approach that includes a range of hardware, with better separation of business and personal workspaces on the same system. Cloud Computing • Virtual Machine Policy Management Server • Streaming Management • Data Storage and Management Virtualized Virtualized Mini OS IT OS Virtualized Service Applications IT Applications Personal OS Voice over IP User Corporate Data User Applications User Personal Data Virtualized IT Client Service and Management OS Client Native Hypervisor BIOS/EFI supporting Intel® vPro™ Technology with Intel® Virtualization Technology Platform Hardware Figure 3. Intel IT is investigating a dynamic virtual client (DVC) solution. 6 www.intel.com/IT
For specialized niche uses where it is feasible Taking into account functionality and to implement all the required controls, we performance as well as enterprise security, ACRONYMS are considering OS streaming to provide we have found that mobile business PCs DMA direct memory access high-availability, fully managed, and tightly support the widest range of uses and DVC dynamic virtual client controlled desktop PCs. Streaming to PCs therefore meet the requirements of most HIPS host-based intrusion allows us to reap the benefits of centralized Intel employees. Because mobile business prevention system management, with server-based OS images PCs support all emerging service delivery NIPS network intrusion shared among many desktops, without the and computing models, they also position us prevention system performance sacrifices associated with thin for the future. The limitations of thin clients SaaS software as a service clients. With PCs, the workload executes make them suitable only for specialized niche Intel® TXT Intel® Trusted Execution locally, providing better performance; also, uses in our environment. Technology less server and network capacity is required. Intel® VT-d Intel® Virtualization Technology for Directed I/O FOR MORE INFORMATION Intel® VT-x Intel® Virtualization CONCLUSION Find additional IT@Intel white papers Technology We determined that while the controls at www.intel.com/IT. VM virtual machine often associated with thin clients VoIP Voice over IP can contribute to a more secure • “Enabling Device-Independent Mobility environment, they would not have with Dynamic Virtual Clients” provided protection against recent • “Better Together: Rich Client PCs and zero-day attacks. In addition, these Cloud Computing” controls are not unique to thin clients: • “Developing an Enterprise Client They can be, and are, implemented Virtualization Strategy” on PCs using other methods, without • “Improving Manageability with OS giving up the functionality that would Streaming in Training Rooms” be sacrificed with the thin-client model. For more straight talk on current topics from Intel’s IT leaders, visit www.intel.com/it.
This paper is for informational purposes only. THIS DOCUMENT IS Intel, the Intel logo, and Intel vPro are trademarks of Intel Corporation in the PROVIDED “AS IS” WITH NO WARRANTIES WHATSOEVER, INCLUDING U.S. and other countries. ANY WARRANTY OF MERCHANTABILITY, NONINFRINGEMENT, FITNESS * Other names and brands may be claimed as the property of others. FOR ANY PARTICULAR PURPOSE, OR ANY WARRANTY OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. Intel Copyright © 2010 Intel Corporation. All rights reserved. disclaims all liability, including liability for infringement of any proprietary rights, relating to use of information in this specification. No license, express Printed in USA Please Recycle or implied, by estoppel or otherwise, to any intellectual property rights is 0410/JLG/KC/PDF 322970-001US granted herein.

Recomendados

Cut Costs - Fight Recession
Cut Costs - Fight RecessionCut Costs - Fight Recession
Cut Costs - Fight RecessionMomir Boskovic
 
Virtualizing More While Improving Risk Posture – From Bare Metal to End Point
Virtualizing More While Improving Risk Posture – From Bare Metal to End PointVirtualizing More While Improving Risk Posture – From Bare Metal to End Point
Virtualizing More While Improving Risk Posture – From Bare Metal to End PointHyTrust
 
Whose View is it Anyway: Addressing Multiple Stakeholder Concerns
Whose View is it Anyway: Addressing Multiple Stakeholder ConcernsWhose View is it Anyway: Addressing Multiple Stakeholder Concerns
Whose View is it Anyway: Addressing Multiple Stakeholder Concernssferoz
 
Isc2conferancepremay15final
Isc2conferancepremay15finalIsc2conferancepremay15final
Isc2conferancepremay15finalMahmoud Moustafa
 
HyTrust and VMware-Providing a Secure Virtual Infrastructure
HyTrust and VMware-Providing a Secure Virtual Infrastructure HyTrust and VMware-Providing a Secure Virtual Infrastructure
HyTrust and VMware-Providing a Secure Virtual Infrastructure HyTrust
 
Apc by Schneider - 27mai2011
Apc by Schneider - 27mai2011Apc by Schneider - 27mai2011
Apc by Schneider - 27mai2011Agora Group
 
Virtualize More While Improving Your Cybersecurity Risk Posture - The "4 Must...
Virtualize More While Improving Your Cybersecurity Risk Posture - The "4 Must...Virtualize More While Improving Your Cybersecurity Risk Posture - The "4 Must...
Virtualize More While Improving Your Cybersecurity Risk Posture - The "4 Must...HyTrust
 
Pulse 2014.mobile first.security
Pulse 2014.mobile first.securityPulse 2014.mobile first.security
Pulse 2014.mobile first.securitySreeni Pamidala
 

Recomendados

Cut Costs - Fight Recession
Cut Costs - Fight RecessionCut Costs - Fight Recession
Cut Costs - Fight RecessionMomir Boskovic
 
Virtualizing More While Improving Risk Posture – From Bare Metal to End Point
Virtualizing More While Improving Risk Posture – From Bare Metal to End PointVirtualizing More While Improving Risk Posture – From Bare Metal to End Point
Virtualizing More While Improving Risk Posture – From Bare Metal to End PointHyTrust
 
Whose View is it Anyway: Addressing Multiple Stakeholder Concerns
Whose View is it Anyway: Addressing Multiple Stakeholder ConcernsWhose View is it Anyway: Addressing Multiple Stakeholder Concerns
Whose View is it Anyway: Addressing Multiple Stakeholder Concernssferoz
 
Isc2conferancepremay15final
Isc2conferancepremay15finalIsc2conferancepremay15final
Isc2conferancepremay15finalMahmoud Moustafa
 
HyTrust and VMware-Providing a Secure Virtual Infrastructure
HyTrust and VMware-Providing a Secure Virtual Infrastructure HyTrust and VMware-Providing a Secure Virtual Infrastructure
HyTrust and VMware-Providing a Secure Virtual Infrastructure HyTrust
 
Apc by Schneider - 27mai2011
Apc by Schneider - 27mai2011Apc by Schneider - 27mai2011
Apc by Schneider - 27mai2011Agora Group
 
Virtualize More While Improving Your Cybersecurity Risk Posture - The "4 Must...
Virtualize More While Improving Your Cybersecurity Risk Posture - The "4 Must...Virtualize More While Improving Your Cybersecurity Risk Posture - The "4 Must...
Virtualize More While Improving Your Cybersecurity Risk Posture - The "4 Must...HyTrust
 
Pulse 2014.mobile first.security
Pulse 2014.mobile first.securityPulse 2014.mobile first.security
Pulse 2014.mobile first.securitySreeni Pamidala
 
Computacenter success story
Computacenter success storyComputacenter success story
Computacenter success storyMartin Rutkowski
 
Curated Computing
Curated Computing Curated Computing
Curated Computing Dr. Jimmy Schwarzkopf
 
Cloud securityperspectives cmg
Cloud securityperspectives cmgCloud securityperspectives cmg
Cloud securityperspectives cmgNeha Dhawan
 
Automotive communication systems: from dependability to security
Automotive communication systems: from dependability to securityAutomotive communication systems: from dependability to security
Automotive communication systems: from dependability to securityRealTime-at-Work (RTaW)
 
Enterprise virtual machine on IBM Cloud
Enterprise virtual machine on IBM CloudEnterprise virtual machine on IBM Cloud
Enterprise virtual machine on IBM CloudIBM India Smarter Computing
 
Remote Access Management
Remote Access ManagementRemote Access Management
Remote Access Managementdavidzucker
 
Minicom in the Data Center
Minicom in the Data CenterMinicom in the Data Center
Minicom in the Data Centerdavidzucker
 
Client Pcs As Strategic Assets
Client Pcs As Strategic AssetsClient Pcs As Strategic Assets
Client Pcs As Strategic Assetsdigital.signage
 
Taking control of bring your own device byod with desktops as a service (daa ...
Taking control of bring your own device byod with desktops as a service (daa ...Taking control of bring your own device byod with desktops as a service (daa ...
Taking control of bring your own device byod with desktops as a service (daa ...Khazret Sapenov
 
Architecture
ArchitectureArchitecture
ArchitectureJulio Pari
 
Charisma CLOUD
Charisma CLOUDCharisma CLOUD
Charisma CLOUDTotalSoft
 
Cost Savings
Cost SavingsCost Savings
Cost Savingsirvin1969
 
More effective and more flexible security to lower your total cost of ownersh...
More effective and more flexible security to lower your total cost of ownersh...More effective and more flexible security to lower your total cost of ownersh...
More effective and more flexible security to lower your total cost of ownersh...InSync Conference
 
Cloud Security: Perception VS Reality
Cloud Security: Perception VS RealityCloud Security: Perception VS Reality
Cloud Security: Perception VS RealityKVH Co. Ltd.
 
Gaining efficiency and business value through effective management of your IT...
Gaining efficiency and business value through effective management of your IT...Gaining efficiency and business value through effective management of your IT...
Gaining efficiency and business value through effective management of your IT...IBM India Smarter Computing
 
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...Andris Soroka
 
Thinkpad l420
Thinkpad l420Thinkpad l420
Thinkpad l420Lenovo India
 
Empower Employee to Work Anyplace, Amytime
Empower Employee to Work Anyplace, AmytimeEmpower Employee to Work Anyplace, Amytime
Empower Employee to Work Anyplace, AmytimeAdvanced Logic Industries
 
Websense: A 3-step plan for mobile security
Websense: A 3-step plan for mobile securityWebsense: A 3-step plan for mobile security
Websense: A 3-step plan for mobile securityarms8586
 
DC Seminar Nairobi VMware Presentation
DC Seminar Nairobi VMware PresentationDC Seminar Nairobi VMware Presentation
DC Seminar Nairobi VMware PresentationPhares Kariuki
 
Обзор подходов IMB к построению динамической инфраструктуры обработки информации
Обзор подходов IMB к построению динамической инфраструктуры обработки информацииОбзор подходов IMB к построению динамической инфраструктуры обработки информации
Обзор подходов IMB к построению динамической инфраструктуры обработки информацииNick Turunov
 
Dell виртуализация – веление времени
Dell виртуализация – веление времениDell виртуализация – веление времени
Dell виртуализация – веление времениNick Turunov
 

Más contenido relacionado

La actualidad más candente

Computacenter success story
Computacenter success storyComputacenter success story
Computacenter success storyMartin Rutkowski
 
Cloud securityperspectives cmg
Cloud securityperspectives cmgCloud securityperspectives cmg
Cloud securityperspectives cmgNeha Dhawan
 
Automotive communication systems: from dependability to security
Automotive communication systems: from dependability to securityAutomotive communication systems: from dependability to security
Automotive communication systems: from dependability to securityRealTime-at-Work (RTaW)
 
Remote Access Management
Remote Access ManagementRemote Access Management
Remote Access Managementdavidzucker
 
Minicom in the Data Center
Minicom in the Data CenterMinicom in the Data Center
Minicom in the Data Centerdavidzucker
 
Client Pcs As Strategic Assets
Client Pcs As Strategic AssetsClient Pcs As Strategic Assets
Client Pcs As Strategic Assetsdigital.signage
 
Taking control of bring your own device byod with desktops as a service (daa ...
Taking control of bring your own device byod with desktops as a service (daa ...Taking control of bring your own device byod with desktops as a service (daa ...
Taking control of bring your own device byod with desktops as a service (daa ...Khazret Sapenov
 
Charisma CLOUD
Charisma CLOUDCharisma CLOUD
Charisma CLOUDTotalSoft
 
Cost Savings
Cost SavingsCost Savings
Cost Savingsirvin1969
 
More effective and more flexible security to lower your total cost of ownersh...
More effective and more flexible security to lower your total cost of ownersh...More effective and more flexible security to lower your total cost of ownersh...
More effective and more flexible security to lower your total cost of ownersh...InSync Conference
 
Cloud Security: Perception VS Reality
Cloud Security: Perception VS RealityCloud Security: Perception VS Reality
Cloud Security: Perception VS RealityKVH Co. Ltd.
 
Gaining efficiency and business value through effective management of your IT...
Gaining efficiency and business value through effective management of your IT...Gaining efficiency and business value through effective management of your IT...
Gaining efficiency and business value through effective management of your IT...IBM India Smarter Computing
 
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...Andris Soroka
 
Websense: A 3-step plan for mobile security
Websense: A 3-step plan for mobile securityWebsense: A 3-step plan for mobile security
Websense: A 3-step plan for mobile securityarms8586
 
DC Seminar Nairobi VMware Presentation
DC Seminar Nairobi VMware PresentationDC Seminar Nairobi VMware Presentation
DC Seminar Nairobi VMware PresentationPhares Kariuki
 

La actualidad más candente (20)

Computacenter success story
Computacenter success storyComputacenter success story
Computacenter success story
 
Curated Computing
Curated Computing Curated Computing
Curated Computing
 
Cloud securityperspectives cmg
Cloud securityperspectives cmgCloud securityperspectives cmg
Cloud securityperspectives cmg
 
Automotive communication systems: from dependability to security
Automotive communication systems: from dependability to securityAutomotive communication systems: from dependability to security
Automotive communication systems: from dependability to security
 
Enterprise virtual machine on IBM Cloud
Enterprise virtual machine on IBM CloudEnterprise virtual machine on IBM Cloud
Enterprise virtual machine on IBM Cloud
 
Remote Access Management
Remote Access ManagementRemote Access Management
Remote Access Management
 
Minicom in the Data Center
Minicom in the Data CenterMinicom in the Data Center
Minicom in the Data Center
 
Client Pcs As Strategic Assets
Client Pcs As Strategic AssetsClient Pcs As Strategic Assets
Client Pcs As Strategic Assets
 
Taking control of bring your own device byod with desktops as a service (daa ...
Taking control of bring your own device byod with desktops as a service (daa ...Taking control of bring your own device byod with desktops as a service (daa ...
Taking control of bring your own device byod with desktops as a service (daa ...
 
Architecture
ArchitectureArchitecture
Architecture
 
Charisma CLOUD
Charisma CLOUDCharisma CLOUD
Charisma CLOUD
 
Cost Savings
Cost SavingsCost Savings
Cost Savings
 
More effective and more flexible security to lower your total cost of ownersh...
More effective and more flexible security to lower your total cost of ownersh...More effective and more flexible security to lower your total cost of ownersh...
More effective and more flexible security to lower your total cost of ownersh...
 
Cloud Security: Perception VS Reality
Cloud Security: Perception VS RealityCloud Security: Perception VS Reality
Cloud Security: Perception VS Reality
 
Gaining efficiency and business value through effective management of your IT...
Gaining efficiency and business value through effective management of your IT...Gaining efficiency and business value through effective management of your IT...
Gaining efficiency and business value through effective management of your IT...
 
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
 
Thinkpad l420
Thinkpad l420Thinkpad l420
Thinkpad l420
 
Empower Employee to Work Anyplace, Amytime
Empower Employee to Work Anyplace, AmytimeEmpower Employee to Work Anyplace, Amytime
Empower Employee to Work Anyplace, Amytime
 
Websense: A 3-step plan for mobile security
Websense: A 3-step plan for mobile securityWebsense: A 3-step plan for mobile security
Websense: A 3-step plan for mobile security
 
DC Seminar Nairobi VMware Presentation
DC Seminar Nairobi VMware PresentationDC Seminar Nairobi VMware Presentation
DC Seminar Nairobi VMware Presentation
 

Destacado

Обзор подходов IMB к построению динамической инфраструктуры обработки информации
Обзор подходов IMB к построению динамической инфраструктуры обработки информацииОбзор подходов IMB к построению динамической инфраструктуры обработки информации
Обзор подходов IMB к построению динамической инфраструктуры обработки информацииNick Turunov
 
Dell виртуализация – веление времени
Dell виртуализация – веление времениDell виртуализация – веление времени
Dell виртуализация – веление времениNick Turunov
 
Megatrade артем вижуткин академия цод
Megatrade артем вижуткин академия цодMegatrade артем вижуткин академия цод
Megatrade артем вижуткин академия цодNick Turunov
 
Oracle exa2 biz_summit
Oracle exa2 biz_summitOracle exa2 biz_summit
Oracle exa2 biz_summitNick Turunov
 
бифит эб в кризис
бифит эб в кризисбифит эб в кризис
бифит эб в кризисNick Turunov
 
Cisco solutions for dc whiteboarding
Cisco solutions for dc whiteboardingCisco solutions for dc whiteboarding
Cisco solutions for dc whiteboardingNick Turunov
 

Destacado (6)

Обзор подходов IMB к построению динамической инфраструктуры обработки информации
Обзор подходов IMB к построению динамической инфраструктуры обработки информацииОбзор подходов IMB к построению динамической инфраструктуры обработки информации
Обзор подходов IMB к построению динамической инфраструктуры обработки информации
 
Dell виртуализация – веление времени
Dell виртуализация – веление времениDell виртуализация – веление времени
Dell виртуализация – веление времени
 
Megatrade артем вижуткин академия цод
Megatrade артем вижуткин академия цодMegatrade артем вижуткин академия цод
Megatrade артем вижуткин академия цод
 
Oracle exa2 biz_summit
Oracle exa2 biz_summitOracle exa2 biz_summit
Oracle exa2 biz_summit
 
бифит эб в кризис
бифит эб в кризисбифит эб в кризис
бифит эб в кризис
 
Cisco solutions for dc whiteboarding
Cisco solutions for dc whiteboardingCisco solutions for dc whiteboarding
Cisco solutions for dc whiteboarding
 

Similar a Evaluating thin client_security

Cloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityCloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityInternap
 
Simplifying Security for SMBs: Introducing Symantec Endpoint Protection Small...
Simplifying Security for SMBs: Introducing Symantec Endpoint Protection Small...Simplifying Security for SMBs: Introducing Symantec Endpoint Protection Small...
Simplifying Security for SMBs: Introducing Symantec Endpoint Protection Small...Symantec
 
Security in a Virtualised Computing
Security in a Virtualised ComputingSecurity in a Virtualised Computing
Security in a Virtualised ComputingIOSR Journals
 
eircom Managed Security
eircom Managed Securityeircom Managed Security
eircom Managed Securityeircom
 
Micro-Segmentation for Data Centers - Without Using Internal Firewalls
Micro-Segmentation for Data Centers - Without Using Internal FirewallsMicro-Segmentation for Data Centers - Without Using Internal Firewalls
Micro-Segmentation for Data Centers - Without Using Internal FirewallsColorTokens Inc
 
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...HyTrust
 
Secure Foundations: Why Red Hat Enterprise Linux is not just another Linux di...
Secure Foundations: Why Red Hat Enterprise Linux is not just another Linux di...Secure Foundations: Why Red Hat Enterprise Linux is not just another Linux di...
Secure Foundations: Why Red Hat Enterprise Linux is not just another Linux di...Lucy Huh Kerner
 
Protecting the movable Endeavor with Network-Based validation and Virtual Com...
Protecting the movable Endeavor with Network-Based validation and Virtual Com...Protecting the movable Endeavor with Network-Based validation and Virtual Com...
Protecting the movable Endeavor with Network-Based validation and Virtual Com...IOSR Journals
 
Secure and Scale Your Virtual Infrastructure While Meeting Compliance Mandates
Secure and Scale Your Virtual Infrastructure While Meeting Compliance MandatesSecure and Scale Your Virtual Infrastructure While Meeting Compliance Mandates
Secure and Scale Your Virtual Infrastructure While Meeting Compliance MandatesHyTrust
 
(ATS4-GS03) Partner Session - Intel Balanced Cloud Solutions for the Healthca...
(ATS4-GS03) Partner Session - Intel Balanced Cloud Solutions for the Healthca...(ATS4-GS03) Partner Session - Intel Balanced Cloud Solutions for the Healthca...
(ATS4-GS03) Partner Session - Intel Balanced Cloud Solutions for the Healthca...BIOVIA
 
ISACA GRC-CYBER CALL FOR PAPERS ABSTRACT v.3.0
ISACA GRC-CYBER CALL FOR PAPERS ABSTRACT v.3.0ISACA GRC-CYBER CALL FOR PAPERS ABSTRACT v.3.0
ISACA GRC-CYBER CALL FOR PAPERS ABSTRACT v.3.0Fabrizio Cilli
 
The Identity-infused Enterprise
The Identity-infused EnterpriseThe Identity-infused Enterprise
The Identity-infused EnterpriseNovell
 
The changing computer for small biz
The changing computer for small bizThe changing computer for small biz
The changing computer for small bizRamon Ray
 
White Paper: The Benefits of An Outsourced IT Infrastructure
White Paper: The Benefits of An Outsourced IT InfrastructureWhite Paper: The Benefits of An Outsourced IT Infrastructure
White Paper: The Benefits of An Outsourced IT InfrastructureAsaca
 
VMworld 2014: Virtualization 101
VMworld 2014: Virtualization 101VMworld 2014: Virtualization 101
VMworld 2014: Virtualization 101VMworld
 
Sccm 2012 overview - chris_estonina
Sccm 2012 overview - chris_estoninaSccm 2012 overview - chris_estonina
Sccm 2012 overview - chris_estoninaMicrosoft Singapore
 
The Cloud according to VMware
The Cloud according to VMwareThe Cloud according to VMware
The Cloud according to VMwareOpSource
 
IBM Smarter Business 2012 - BYOD: "So what?" – Enabling mobile and mixed endp...
IBM Smarter Business 2012 - BYOD: "So what?" – Enabling mobile and mixed endp...IBM Smarter Business 2012 - BYOD: "So what?" – Enabling mobile and mixed endp...
IBM Smarter Business 2012 - BYOD: "So what?" – Enabling mobile and mixed endp...IBM Sverige
 
#PCMVision: VMware NSX - Transforming Security
#PCMVision: VMware NSX - Transforming Security#PCMVision: VMware NSX - Transforming Security
#PCMVision: VMware NSX - Transforming SecurityPCM
 

Similar a Evaluating thin client_security (20)

Stream 3 - Cloud Computing
Stream 3 - Cloud ComputingStream 3 - Cloud Computing
Stream 3 - Cloud Computing
 
Cloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityCloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. Reality
 
Simplifying Security for SMBs: Introducing Symantec Endpoint Protection Small...
Simplifying Security for SMBs: Introducing Symantec Endpoint Protection Small...Simplifying Security for SMBs: Introducing Symantec Endpoint Protection Small...
Simplifying Security for SMBs: Introducing Symantec Endpoint Protection Small...
 
Security in a Virtualised Computing
Security in a Virtualised ComputingSecurity in a Virtualised Computing
Security in a Virtualised Computing
 
eircom Managed Security
eircom Managed Securityeircom Managed Security
eircom Managed Security
 
Micro-Segmentation for Data Centers - Without Using Internal Firewalls
Micro-Segmentation for Data Centers - Without Using Internal FirewallsMicro-Segmentation for Data Centers - Without Using Internal Firewalls
Micro-Segmentation for Data Centers - Without Using Internal Firewalls
 
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
 
Secure Foundations: Why Red Hat Enterprise Linux is not just another Linux di...
Secure Foundations: Why Red Hat Enterprise Linux is not just another Linux di...Secure Foundations: Why Red Hat Enterprise Linux is not just another Linux di...
Secure Foundations: Why Red Hat Enterprise Linux is not just another Linux di...
 
Protecting the movable Endeavor with Network-Based validation and Virtual Com...
Protecting the movable Endeavor with Network-Based validation and Virtual Com...Protecting the movable Endeavor with Network-Based validation and Virtual Com...
Protecting the movable Endeavor with Network-Based validation and Virtual Com...
 
Secure and Scale Your Virtual Infrastructure While Meeting Compliance Mandates
Secure and Scale Your Virtual Infrastructure While Meeting Compliance MandatesSecure and Scale Your Virtual Infrastructure While Meeting Compliance Mandates
Secure and Scale Your Virtual Infrastructure While Meeting Compliance Mandates
 
(ATS4-GS03) Partner Session - Intel Balanced Cloud Solutions for the Healthca...
(ATS4-GS03) Partner Session - Intel Balanced Cloud Solutions for the Healthca...(ATS4-GS03) Partner Session - Intel Balanced Cloud Solutions for the Healthca...
(ATS4-GS03) Partner Session - Intel Balanced Cloud Solutions for the Healthca...
 
ISACA GRC-CYBER CALL FOR PAPERS ABSTRACT v.3.0
ISACA GRC-CYBER CALL FOR PAPERS ABSTRACT v.3.0ISACA GRC-CYBER CALL FOR PAPERS ABSTRACT v.3.0
ISACA GRC-CYBER CALL FOR PAPERS ABSTRACT v.3.0
 
The Identity-infused Enterprise
The Identity-infused EnterpriseThe Identity-infused Enterprise
The Identity-infused Enterprise
 
The changing computer for small biz
The changing computer for small bizThe changing computer for small biz
The changing computer for small biz
 
White Paper: The Benefits of An Outsourced IT Infrastructure
White Paper: The Benefits of An Outsourced IT InfrastructureWhite Paper: The Benefits of An Outsourced IT Infrastructure
White Paper: The Benefits of An Outsourced IT Infrastructure
 
VMworld 2014: Virtualization 101
VMworld 2014: Virtualization 101VMworld 2014: Virtualization 101
VMworld 2014: Virtualization 101
 
Sccm 2012 overview - chris_estonina
Sccm 2012 overview - chris_estoninaSccm 2012 overview - chris_estonina
Sccm 2012 overview - chris_estonina
 
The Cloud according to VMware
The Cloud according to VMwareThe Cloud according to VMware
The Cloud according to VMware
 
IBM Smarter Business 2012 - BYOD: "So what?" – Enabling mobile and mixed endp...
IBM Smarter Business 2012 - BYOD: "So what?" – Enabling mobile and mixed endp...IBM Smarter Business 2012 - BYOD: "So what?" – Enabling mobile and mixed endp...
IBM Smarter Business 2012 - BYOD: "So what?" – Enabling mobile and mixed endp...
 
#PCMVision: VMware NSX - Transforming Security
#PCMVision: VMware NSX - Transforming Security#PCMVision: VMware NSX - Transforming Security
#PCMVision: VMware NSX - Transforming Security
 

Más de Nick Turunov

Kharkov conference 2011 q4 odrov s.
Kharkov conference 2011 q4 odrov s.Kharkov conference 2011 q4 odrov s.
Kharkov conference 2011 q4 odrov s.Nick Turunov
 
Huawei smart grid rus
Huawei smart grid rusHuawei smart grid rus
Huawei smart grid rusNick Turunov
 
Huawei smart grid rus
Huawei smart grid rusHuawei smart grid rus
Huawei smart grid rusNick Turunov
 
2011 ukraine channel sales business report
2011 ukraine channel sales business report2011 ukraine channel sales business report
2011 ukraine channel sales business reportNick Turunov
 
Kharkov conference 2011 q4 odrov s.
Kharkov conference 2011 q4 odrov s.Kharkov conference 2011 q4 odrov s.
Kharkov conference 2011 q4 odrov s.Nick Turunov
 
Aflex distribution
Aflex distributionAflex distribution
Aflex distributionNick Turunov
 
решения Eaton вадим харитонов
решения Eaton вадим харитоноврешения Eaton вадим харитонов
решения Eaton вадим харитоновNick Turunov
 
лаборатория касперского киберпреступность
лаборатория касперского киберпреступностьлаборатория касперского киберпреступность
лаборатория касперского киберпреступностьNick Turunov
 
комплексные решения по гарантированному электропитанию харитонов мегатрейд
комплексные решения по гарантированному электропитанию харитонов мегатрейдкомплексные решения по гарантированному электропитанию харитонов мегатрейд
комплексные решения по гарантированному электропитанию харитонов мегатрейдNick Turunov
 
генераторные установки нового поколения Ipt в.дюбанов
генераторные установки нового поколения Ipt в.дюбановгенераторные установки нового поколения Ipt в.дюбанов
генераторные установки нового поколения Ipt в.дюбановNick Turunov
 
блинов 2010 aten lcd_kvm_and over ip
блинов 2010 aten lcd_kvm_and over ipблинов 2010 aten lcd_kvm_and over ip
блинов 2010 aten lcd_kvm_and over ipNick Turunov
 
Stulz mission energy
Stulz mission energyStulz mission energy
Stulz mission energyNick Turunov
 
Stulz datacentre cooling
Stulz datacentre coolingStulz datacentre cooling
Stulz datacentre coolingNick Turunov
 
Saa s microsoft spla_kalachova
Saa s microsoft spla_kalachovaSaa s microsoft spla_kalachova
Saa s microsoft spla_kalachovaNick Turunov
 
Megatrade артем вижуткин академия цод
Megatrade артем вижуткин академия цодMegatrade артем вижуткин академия цод
Megatrade артем вижуткин академия цодNick Turunov
 
Ibm megatrade шиндак xiv v3.0
Ibm megatrade шиндак xiv v3.0Ibm megatrade шиндак xiv v3.0
Ibm megatrade шиндак xiv v3.0Nick Turunov
 
Conteg юрий шульга
Conteg юрий шульгаConteg юрий шульга
Conteg юрий шульгаNick Turunov
 
Bas consulting for_it_conference_(by_po)
Bas consulting for_it_conference_(by_po)Bas consulting for_it_conference_(by_po)
Bas consulting for_it_conference_(by_po)Nick Turunov
 
Alcatel lucent решения для бизнеса
Alcatel lucent решения для бизнесаAlcatel lucent решения для бизнеса
Alcatel lucent решения для бизнесаNick Turunov
 
Alcatel lucent 10 gbit
Alcatel lucent 10 gbitAlcatel lucent 10 gbit
Alcatel lucent 10 gbitNick Turunov
 

Más de Nick Turunov (20)

Kharkov conference 2011 q4 odrov s.
Kharkov conference 2011 q4 odrov s.Kharkov conference 2011 q4 odrov s.
Kharkov conference 2011 q4 odrov s.
 
Huawei smart grid rus
Huawei smart grid rusHuawei smart grid rus
Huawei smart grid rus
 
Huawei smart grid rus
Huawei smart grid rusHuawei smart grid rus
Huawei smart grid rus
 
2011 ukraine channel sales business report
2011 ukraine channel sales business report2011 ukraine channel sales business report
2011 ukraine channel sales business report
 
Kharkov conference 2011 q4 odrov s.
Kharkov conference 2011 q4 odrov s.Kharkov conference 2011 q4 odrov s.
Kharkov conference 2011 q4 odrov s.
 
Aflex distribution
Aflex distributionAflex distribution
Aflex distribution
 
решения Eaton вадим харитонов
решения Eaton вадим харитоноврешения Eaton вадим харитонов
решения Eaton вадим харитонов
 
лаборатория касперского киберпреступность
лаборатория касперского киберпреступностьлаборатория касперского киберпреступность
лаборатория касперского киберпреступность
 
комплексные решения по гарантированному электропитанию харитонов мегатрейд
комплексные решения по гарантированному электропитанию харитонов мегатрейдкомплексные решения по гарантированному электропитанию харитонов мегатрейд
комплексные решения по гарантированному электропитанию харитонов мегатрейд
 
генераторные установки нового поколения Ipt в.дюбанов
генераторные установки нового поколения Ipt в.дюбановгенераторные установки нового поколения Ipt в.дюбанов
генераторные установки нового поколения Ipt в.дюбанов
 
блинов 2010 aten lcd_kvm_and over ip
блинов 2010 aten lcd_kvm_and over ipблинов 2010 aten lcd_kvm_and over ip
блинов 2010 aten lcd_kvm_and over ip
 
Stulz mission energy
Stulz mission energyStulz mission energy
Stulz mission energy
 
Stulz datacentre cooling
Stulz datacentre coolingStulz datacentre cooling
Stulz datacentre cooling
 
Saa s microsoft spla_kalachova
Saa s microsoft spla_kalachovaSaa s microsoft spla_kalachova
Saa s microsoft spla_kalachova
 
Megatrade артем вижуткин академия цод
Megatrade артем вижуткин академия цодMegatrade артем вижуткин академия цод
Megatrade артем вижуткин академия цод
 
Ibm megatrade шиндак xiv v3.0
Ibm megatrade шиндак xiv v3.0Ibm megatrade шиндак xiv v3.0
Ibm megatrade шиндак xiv v3.0
 
Conteg юрий шульга
Conteg юрий шульгаConteg юрий шульга
Conteg юрий шульга
 
Bas consulting for_it_conference_(by_po)
Bas consulting for_it_conference_(by_po)Bas consulting for_it_conference_(by_po)
Bas consulting for_it_conference_(by_po)
 
Alcatel lucent решения для бизнеса
Alcatel lucent решения для бизнесаAlcatel lucent решения для бизнеса
Alcatel lucent решения для бизнеса
 
Alcatel lucent 10 gbit
Alcatel lucent 10 gbitAlcatel lucent 10 gbit
Alcatel lucent 10 gbit
 

Último

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 

Último (20)

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 

Evaluating thin client_security

  • 1. IT@Intel White Paper Intel Information Technology Business Solutions April 2010 Evaluating Thin-Client Security in a Changing Threat Landscape Executive Overview Equivalent security controls Intel IT’s security team continually analyzes our computing model to determine can be, and are, implemented how it needs to evolve in response to an ever-changing threat landscape. Recent on PCs—without giving up the cyber-attacks on a number of high-profile targets provided added impetus to re-evaluate the security offered by thin-client models and whether using thin functionality that is sacrificed clients could help defend against similar attacks. with the thin-client model. We identified five attributes that are often We also considered other restrictions and perceived as security benefits in thin clients: costs of thin clients, including the inability to prevention of physical data loss, removal support mobile computing, highly interactive of administrative privileges, limitations on or compute-intensive applications, and installed applications, client integrity, and rich media such as video. Thin clients also ability to roll back to a known good state. require significant additional server capacity and network bandwidth. Some thin-client We determined that while these controls can models can also increase the risk of business contribute to a more secure environment, disruption if an outage occurs within the they would not have prevented the recent central network resources upon which the thin cyber-attacks from being successful. Toby Kohlenberg client depends. Senior Information Security Specialist, Intel IT Furthermore, we also observed that these Based on our analysis, we see thin clients controls are not unique to thin clients: as suitable for some niche uses. However, Omer Ben-Shalom Equivalent controls can be, and are, Intel’s environment is 80 percent mobile, and Principal Engineer, Intel IT implemented on PCs—without giving up the most of Intel’s users require the functionality functionality that is sacrificed with the thin- and flexibility of mobile business PCs. John Dunlop client model. Where such controls have not been Mobile business PCs also position us to take Enterprise Architect, Intel IT implemented holistically on either thin clients advantage of emerging technology trends or PCs, the reason is often because they place and service delivery models. Jerzy Rub unacceptable restrictions on user productivity, Information Risk and Security Manager, Intel IT not because of the client architecture.
  • 2. IT@Intel White Paper Evaluating Thin-Client Security in a Changing Threat Landscape Contents BACKGROUND CLIENT SECURITY Executive Overview............................. 1 Intel IT supports a very large enterprise ANALYSIS environment, with about 83,500 We analyzed security controls Background ............................................ 2 employees spread across 61 countries. commonly associated with thin clients Client Security Analysis...................... 2 Intel depends on its employees for along with their value in the evolving Security Controls Typically business innovation that enables threat landscape. We assessed Associated with Thin Clients .......... 2 the company to grow and continue whether they would have prevented Mitigation Value of to create a competitive advantage. To or mitigated targeted zero-day attacks These Controls................................... 3 foster this innovation, Intel IT provides such as the recent exploits at other Availability of Security about 80 percent of employees with high-profile Web sites. We then Controls on PCs ................................. 4 mobile business PCs. analyzed whether similar controls can Thin-Client Security Concerns ....... 4 be applied to PCs. The cyber threat landscape has been rapidly Security In An Evolving evolving, with an increasing shift towards Threat Landscape ................................ 4 zero-day attacks, which target previously Security Controls Typically Meeting Intel’s Enterprise Needs .... 5 unknown vulnerabilities within hours of Associated with Thin Clients discovery. Some recent attacks on other high- We identified five main attributes that are Future Positioning ............................... 6 profile Web sites have exploited previously commonly perceived as security advantages Dynamic Virtual Client ...................... 6 unknown vulnerabilities in common client in thin clients: Conclusion .............................................. 7 software such as Web browsers. • Physical data loss prevention. With thin- For More Information .......................... 7 Intel IT’s security team continuously monitors client models, storage is restricted to the this threat landscape and regularly analyzes data center, reducing the risk of physical Acronyms ................................................ 7 data leaks. In addition, thin clients often how our business and compute models match up against it. Recent cyber-attacks on some lack ports for attaching external media or high-profile targets caused us to re-evaluate USB memory sticks, further reducing the the security offered by the thin-client model. ability to copy data directly from the client. We also wanted to investigate whether thin • Non-privileged users. User administrative clients could help defend against similar privileges are removed, reducing the attacks in the future. ability of exploits to change system files After analyzing these thin-client attributes, and settings. we examined whether similar controls can • Restrictions on user-installed be applied to PCs. Then we considered applications. Users are not able to install our findings from the perspective of the additional applications that would enlarge IT@INTEL overall Intel IT client strategy, taking into the attack surface of the client machine or IT@Intel is a resource that enables IT account enterprise user needs and emerging infect the system with malware. professionals, managers, and executives technology trends. to engage with peers in the Intel IT organization—and with thousands of other industry IT leaders—so you can gain insights into the tools, methods, strategies, and best practices that are proving most successful in addressing today’s tough IT challenges. Visit us today at www.intel.com/IT or contact your local Intel representative if you’d like to learn more. 2 www.intel.com/IT
  • 3. Evaluating Thin-Client Security in a Changing Threat Landscape IT@Intel White Paper • Client integrity. All clients are maintained of users’ remaining privileges to gain • Client integrity. Applying consistent, in a consistent state, based on a known access to other systems and any data to up-to-date patches is generally easier configuration baseline. New patches can be which the user has access. Furthermore, with a centralized image, as used in the rapidly and consistently applied by patching removing users’ administrative rights has thin-client model. However, it would not server-based images. no protective effect if the exploited service have prevented the attacks, because • Ability to roll back to a known good is running as a system process rather than zero-day attacks target previously state. With thin clients, this can often be as a user process. unknown vulnerabilities. achieved by rebooting or reloading previous • Restrictions on user-installed • Ability to roll back to a known good versions of a single virtual container file. applications. These restrictions can help if state. Rolling back the client system using they prevent installation of non-essential a server-based client image would not Mitigation Value of applications that could be targeted. However, have helped in recent attacks. The initial These Controls recent exploits have targeted ubiquitous, compromise provided access to Web-based We found that while these controls can essential applications such as Web browsers. services and accounts, and rolling back contribute to a more secure environment, they Furthermore, it is much more difficult to the system after the compromise would would not have provided significant overall restrict users’ access to malicious Web sites not have removed this access. In addition, protection in the recent zero-day attacks. or prevent them from running undesirable since the attack exploited an unknown • Centralized data storage. Traditionally, Web services than it is to prevent them from vulnerability, the system could have been data theft involved using a device to copy installing software on a business PC. just as easily recompromised. data physically stored on the system. However, today’s thefts typically take place over networks, as shown in Figure 1. The restrictions imposed by thin clients do Modern Thief Using thin clients does not prevent nothing to prevent this. All thin clients have theft of data over networks. Internet Browser fast network connections and most have Internet connections. Attackers can use Data Server these fast networks to rapidly transmit data from the server through the firewall. • Non-privileged users. Removing users’ administrative rights may reduce the Traditional Thief Physical intellectual property impact of an infection and make it more theft can be prevented in some cases by using thin clients. difficult for malware to spread to new Terminal systems. However, it cannot always Data Transfer prevent the initial compromise, and unless Network extreme restrictions are imposed, attackers may still be able to avail themselves Figure 1. Thin clients can help prevent physical theft of data from clients; however they do not prevent theft over networks. www.intel.com/IT 3
  • 4. IT@Intel White Paper Evaluating Thin-Client Security in a Changing Threat Landscape Availability of Security business PCs. Intel maintains standard, evidence is mandated in some cases. Rolling Controls on PCs centrally managed system and application a thin-client system back to a known good We determined that we could, and indeed do, images. These are updated regularly and build, by rebooting from a server-based image, provide equivalent controls on PCs—without used whenever rollback is necessary. may actually have the negative effect of giving up the functionality lost with the destroying this vital evidence on the client. Intel IT currently is able to quickly deploy thin-client model. We have not implemented patches to maintain client integrity, and the these controls holistically, but we have used most time-consuming aspect of the process individual controls where appropriate. is testing and validation of a new patch, not SECURITY IN AN EVOLVING To prevent physical data theft, Intel uses actually deploying it; the time required to test THREAT LANDSCAPE full disk encryption and enterprise rights and approve would not change in a thin-client As the threat landscape mutates management tools. These methods can be environment. With PCs, patches can be rolled toward targeted zero-day attacks, we supplemented with global domain policies or out in waves to increasing numbers of users need to adapt by taking a different physical system modifications to lock down, to mitigate potential problems introduced approach to security. In this landscape, encrypt, or restrict the use of USB memory with the patches; updating all clients at once IT security professionals need to and other external storage devices. In addition, can itself be a risk. assume that clients are vulnerable— folder redirection can be used to store data whether they are PCs or thin clients. in the data center, either exclusively or as a Thin-Client Security Concerns There are also security concerns related Frequently, attackers use custom malware; mirror of the data on the client. The latter to the thin-client model. Centralizing this is unlikely to be detected or prevented approach supports mobile computing. applications and data also centralizes the using traditional methods. Attacks typically The decision about whether to assign focus on ubiquitous components that threat: A network of thin clients provides administrative rights to users is not specific exist on both PCs and thin clients, such as many access points to servers storing shared to thin-client models. Many tools are available essential business applications, the OS, or data and applications, with the associated to remove the administrative privileges of parts of cloud-based services. risk that compromise can affect the entire IT mobile business PC users. If requirements infrastructure. Some thin-client models can Detection requires more sophisticated dictate that PC users receive administrative also increase the risk of business disruption if behavioral analysis for user access and rights rights, third-party software packages can be an outage occurs within the central network utilization, including a more balanced mix of used to manage these rights and to restrict resources upon which the thin client depends. detective and corrective controls. users from installing applications or carrying out other activities unless each action is Centralizing all data, including personal data, Both types of controls may actually be specifically permitted by IT administrators. introduces new privacy concerns, with an easier to implement using new platform Intel uses multiple methods to restrict increased risk of infringing government technologies—such as Intel® Virtualization administrative access and users’ rights. regulations in some countries. Thin- Technology (Intel® VT-x), Intel® Virtualization client models can also have unintended Technology for Directed I/O (Intel® VT-d), Centralized management of a common OS consequences for data leakage; for example, and Intel® Trusted Execution Technology or application image is not unique to thin- we have found that users of thin clients (Intel® TXT)—or separate physical hardware client computing. For example, streaming are more likely to print paper copies of rather than a shared virtualized server-based allows centrally managed OS and application information that can then be disclosed to environment, which is what the thin-client images to be shared by multiple desktop PCs, unauthorized parties. model essentially uses. and anticipated future capabilities include centrally managed virtualized clients that To respond to a security breach, security For example, an attack originating within are downloaded to users’ PCs. In addition, professionals need to know which systems one virtual machine (VM) running on a technologies from several companies can were compromised and when the compromise server may target another VM on that same be used to implement system rollback on first occurred. In fact, preservation of such server in what is known as a VM escape. 4 www.intel.com/IT
  • 5. Evaluating Thin-Client Security in a Changing Threat Landscape IT@Intel White Paper Reliable preventative and detective controls, future enterprise needs. This analysis some personal applications (Intel, like many analogous to network or host-based intrusion was based on business requirements other companies, permits reasonable use of prevention systems (NIPS or HIPS), do not and technology trends as well as corporate resources in this way). yet exist in the VM management layer to security concerns. Another important advantage of mobile help protect against this sort of attack. By business PCs is that they support all service distributing the execution of the VMs to We found that mobile business PCs delivery models. Our strategy includes a separate client devices, or using technologies support the widest range of uses and growing number of services delivered from on the platform to provide the hardware therefore meet the requirements of most internal and external clouds, and we are isolation, the risk of this sort of attack is Intel employees. exploring new delivery models such as greatly diminished. Locally installed applications, combined application streaming. Equipping users with with local processing power, provide users mobile business PCs means they can run any with increased flexibility to work anywhere, mix of these models while continuing to use MEETING INTEL’S including locations without network access. conventional locally installed applications, as ENTERPRISE NEEDS This also means users retain some computing shown in Figure 2. capabilities in the event of a disaster. Mobile After determining that thin clients In contrast, thin clients have significant PCs support compute-intensive applications would not have prevented the recent limitations. Often, there is limited support for and rich media for communication, including zero-day industry attacks—and mobile computing or working offline, and users video and Voice over IP (VoIP), collaboration, that similar security controls can be cannot effectively run bandwidth-, graphics-, training, and research. Users can run a implemented with PCs—we analyzed or compute-intensive applications. wider choice of software applications, which clients best fit Intel’s current and including business applications as well as External Cloud Internal Cloud Software as a Service (SaaS) Applications Remote Access • Staffing • Travel and Portal Services • Messaging and Collaboration • Productivity Applications • Benefits • Stock Infrastructure • Security and Virtual Machine • Expense • Other SaaS Applications • Enterprise Applications Policy Control • Social Media/Web 2.0 • Hosted Web Applications • User Profile Management • Application Delivery and • Hosted Web Applications Management Service Delivery Models • Primary Data Storage • Workspace/Container Installation Kit/Software Provisioning and Management Provisioning, Streaming, Native Web, Rich Internet, Remote Execution Profile and Data Synchronization Peer-to-Peer Networking • Locally Installed Applications (Office Productivity, Antivirus, and More) • Offline Application Cache Mobile Business PC • Encrypted Data Cache Figure 2. Mobile business PCs can support all emerging service delivery models while continuing to run conventional locally installed applications www.intel.com/IT 5
  • 6. IT@Intel White Paper Evaluating Thin-Client Security in a Changing Threat Landscape Our analysis has also shown that thin clients FUTURE POSITIONING client solutions that fit the needs of different require significant additional server capacity, enterprise users. Looking forward, our client strategy as well as increased bandwidth across the must continue to keep pace with Dynamic virtual client (DVC) is one option we network supporting the connected users. security requirements, enhance are considering. See “For More Information” Because of these limitations, we have employee productivity, and reduce IT at the end of this paper for discussions of determined that thin clients may be suitable costs. At the same time, we need to other solutions. for only specialized use cases, such as manage added complexities such as an call center terminals, shared kiosks, or increasing number of devices per user, Dynamic Virtual Client manufacturing controllers. However, for these a diversification of form factors, and DVC—a virtualized PC environment delivered on use cases, our analysis suggests that OS the adoption of consumer technologies demand to clients running native (Type 1) high- streaming to PCs may be a better fit for us within the enterprise. security hypervisors—is a key element of our than using thin clients. This is because PCs client strategy. This solution is shown in Figure 3. execute their workloads locally, providing We plan to take advantage of new technologies, We believe DVC will deliver several advantages, greater responsiveness and a better user computing models, and service delivery including device-independent mobility. experience; also, less server and network methods to reconcile these seemingly Users should be able to download and run capacity is required. conflicting requirements. We are planning a their virtual containers on a variety of client segmented approach that includes a range of hardware, with better separation of business and personal workspaces on the same system. Cloud Computing • Virtual Machine Policy Management Server • Streaming Management • Data Storage and Management Virtualized Virtualized Mini OS IT OS Virtualized Service Applications IT Applications Personal OS Voice over IP User Corporate Data User Applications User Personal Data Virtualized IT Client Service and Management OS Client Native Hypervisor BIOS/EFI supporting Intel® vPro™ Technology with Intel® Virtualization Technology Platform Hardware Figure 3. Intel IT is investigating a dynamic virtual client (DVC) solution. 6 www.intel.com/IT
  • 7. For specialized niche uses where it is feasible Taking into account functionality and to implement all the required controls, we performance as well as enterprise security, ACRONYMS are considering OS streaming to provide we have found that mobile business PCs DMA direct memory access high-availability, fully managed, and tightly support the widest range of uses and DVC dynamic virtual client controlled desktop PCs. Streaming to PCs therefore meet the requirements of most HIPS host-based intrusion allows us to reap the benefits of centralized Intel employees. Because mobile business prevention system management, with server-based OS images PCs support all emerging service delivery NIPS network intrusion shared among many desktops, without the and computing models, they also position us prevention system performance sacrifices associated with thin for the future. The limitations of thin clients SaaS software as a service clients. With PCs, the workload executes make them suitable only for specialized niche Intel® TXT Intel® Trusted Execution locally, providing better performance; also, uses in our environment. Technology less server and network capacity is required. Intel® VT-d Intel® Virtualization Technology for Directed I/O FOR MORE INFORMATION Intel® VT-x Intel® Virtualization CONCLUSION Find additional IT@Intel white papers Technology We determined that while the controls at www.intel.com/IT. VM virtual machine often associated with thin clients VoIP Voice over IP can contribute to a more secure • “Enabling Device-Independent Mobility environment, they would not have with Dynamic Virtual Clients” provided protection against recent • “Better Together: Rich Client PCs and zero-day attacks. In addition, these Cloud Computing” controls are not unique to thin clients: • “Developing an Enterprise Client They can be, and are, implemented Virtualization Strategy” on PCs using other methods, without • “Improving Manageability with OS giving up the functionality that would Streaming in Training Rooms” be sacrificed with the thin-client model. For more straight talk on current topics from Intel’s IT leaders, visit www.intel.com/it.
  • 8. This paper is for informational purposes only. THIS DOCUMENT IS Intel, the Intel logo, and Intel vPro are trademarks of Intel Corporation in the PROVIDED “AS IS” WITH NO WARRANTIES WHATSOEVER, INCLUDING U.S. and other countries. ANY WARRANTY OF MERCHANTABILITY, NONINFRINGEMENT, FITNESS * Other names and brands may be claimed as the property of others. FOR ANY PARTICULAR PURPOSE, OR ANY WARRANTY OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. Intel Copyright © 2010 Intel Corporation. All rights reserved. disclaims all liability, including liability for infringement of any proprietary rights, relating to use of information in this specification. No license, express Printed in USA Please Recycle or implied, by estoppel or otherwise, to any intellectual property rights is 0410/JLG/KC/PDF 322970-001US granted herein.