Teleworker 1 – I took my new tablet home last night for the first time. But when I try to connect, I was asked about certificates then usernames and passwords and it even checked to make sure that my anti-virus was up to date before it would give me access to virtual desktop environment.
Teleworker 2 – Oh, you should have just called IT before taking your device home and they would have quickly applied the new remote access security policies; it then works automatically every time!
There are two major concerns for IT departments deploying remote virtual desktop to enable anytime, anywhere connectivity:
- Security, and
- Seamless usability.
IT Managers want to avoid scenarios where the helpdesk gets overloaded with calls due to staff being unable access services whilst out of the office. But they also need to ensure that valuable and secure data network integrity is not compromised when end users' desktops are hosted within the same data centre secure data such as customer credit card information.
Cisco have addressed these concerns with their latest security portfolio to deal with remote access or BYOD (Bring Your Own Device) policies. Cisco have released the AnyConnect client, Cisco ISE (Identity Services Engine) authentication control, Cisco Virtual Security Gateway and Cisco ASA firewall updates to ensure that remote workers still enjoy the freedom whilst they are provided with a level of security that is rarely even seen within the office itself.
In short, AnyConnect, ISE and the ASA ensure that the 1) users are who they say they are, and 2) they are supported using approved and up to date devices to connect securely to the corporate desktop.
The Virtual Security Gateway provides the vital added layer of security within the data centre for a virtual desktop (VDI) environment. The VSG provides security at port level to each virtual machine which allows organisations to adequately segregate user desktops from the more secure data that is hosted within the same data centre.
Most environments don’t even have this level of security within the office itself be it for virtual desktops or traditional host based operating systems. When was the last time you have connected your laptop to a wall port in the office and the network intelligently went through all of these checks before you even get a green link light on your network port?
David Murray is a Senior Network Consultant based in Logicalis' Brisbane office. As well as expertise in security, routing & switching and wireless infrastructure he has been instrumental in developing Logicalis' methodology for IPv4 to IPv6 migration.
