To get security news and tips delivered to your inbox, click here to
One way for IT to dip their toe in the cloud computing waters is by providing internal users with a corporate hosted application service that IT controls. This gives IT the ability to monitor usage patterns and could reduce operating expenses. The key capability of an application service is to deliver compliant applications and desktops to end users with performance close to what would be experienced if the applications were locally installed.
The well-known benefits of a virtual datacenter are centered around application density – the greater the yield in applications per server, the fewer servers are required with resultant savings in power, cooling, real estate and IT management. The ability to consolidate datacenters and reduce the number of servers is the major market driver for VMware ESX and VMotion functionality. However, endpoint virtualization actually shifts some processing onto datacenter servers so the cost savings are different than with server virtualization. The emerging benefits of endpoint virtualization are focused on controlling endpoints from the datacenter with major benefits in enhanced security, endpoint management savings and freedom of device choice for end users. The ability for end users to always run clean copies of Windows applications, regardless of device or location, are the major market drivers for Citrix Delivery Center and Microsoft Terminal Services.
virtual desktop, app delivery controller includes security benefits: Citrix Systems' Receiver
simplifies secure VDI deployments; NetScaler VPX offers portable Web application firewall combined
with application acceleration and network features.
Video: Who should secure virtual IT environments? Security blogger Chris Hoff and Citrix CTO Simon Crosby discuss whether security companies or virtualization vendors should be responsible for the security of virtual environments.
Virtualization security moves to the fore in 2009: Virtualization platform vendors such as VMware and Citrix.
The unveiling of Citrix Receiver and Citrix Dazzle builds a tangible example of how enterprises can create a corporate application service. IT hosts an application selection service based on the iTunes look and feel from which end users select the IT-provided application packages and desktops they need to do their jobs. Receiver software transparently chooses the optimal mechanism for the user to run the application, determining if the application should be streamed for local processing or can be virtualized to run in the datacenter with a localized user interface. Mostly importantly for security teams, whether the user is on a company laptop, home computer or personal iPhone, the user can run an approved copy of a Windows application. IT achieves authenticated access control to applications, security-conscious configurations of desktops, applications and browsers, control of sensitive data, and centralized auditing to monitor acceptable use policies without having to micromanage endpoints. Virtualization can change traditional security approaches -- a disruptive concept for IT and security teams.
Most organizations look to application services for remote users and repetitive task workers such as data entry positions, bank tellers and employees working from home where the endpoint is shared or otherwise not easily managed. The application services approach broadens the appeal to office workers as well as the remote work force.
VMware vSphere is excellent and recommended for datacenter applications, but is disappointing for virtualized desktops and endpoint applications. Medium-tier organizations find Microsoft Terminal Services to be a good, an easy to manage option for basic application remote display functionality. SMB organizations allocate a server in the equipment room for a single point of application installation, patching, and upgrade; end users click on an icon to remotely execute the application. Technically savvy staff may use Parallels Virtual Desktop Infrastructure to build their own tools for endpoint security. Citrix installed base now has a head start in delivering application services to their user community. Endpoints are viewed as the weakest link in the security profile. Virtualizing endpoints via application services can get IT out of the business of managing and securing endpoints.
Eric Ogren is founder and principal analyst of the Ogren Group, which provides industry analyst services for vendors focusing on virtualization and security. Prior to founding the Ogren Group, Eric served as a security industry analyst for the Yankee Group and ESG. Ogren has also served as vice president of marketing at security startups Okena, Sequation and Tizor. He can be reached by sending an email to firstname.lastname@example.org.