Secure VDI Sign On: From a Factor of Four, to One
Virtual Desktop Infrastructure (VDI) deployments have been growing. Today we look at a diversified market where fully blown solutions are offered alongside more niche ‘point functionality’ products. But what customers really want right now from a VDI solution is the power to use secure single sign on access for users accessing applications and data stores over remote connections.
Today we have a problem. When a user signs in to a VDI offering there are as many as four login processes to pass:
1. Device login
2. Remote access login
3. Login to the VDI solution
4. Login to the VDI desktop itself
This scenario is annoying (some would even say ‘unacceptable’) given the needs of the modern mobile workers. But while this process must be capable of being governed by a single sign on option, the question of security still remains of paramount importance.
Plus, operation needs to be ‘seamless and transparent’ i.e. anything which feels clunky or suffering from poor usability will not wash with demanding users today. A key part of successfully rolling out a VDI solution will be providing users with something that they can be “bothered” to use properly and follow the required security process controls.
Allied to these usability concerns is performance i.e. if a VDI solution’s applications suffer from latency over a reasonably good network connection, they will not be successful in the long term. This means that a VDI should also offer tools to determine how much bandwidth a given implementation will need. F5's BIG-IP Application Delivery Controller technology works to offer application delivery tools that optimise network traffic for a particular VDI installation.
Running on F5’s TMOS operating system, BIG-IP Local Traffic Manager (LTM) improves the performance of all networked applications. VDI installations use more network communications than most networked applications, so BIG-IP LTM does more to improve their performance. Adding in the advanced capabilities of BIG-IP add-on modules for security, WAN optimisation and web acceleration can significantly reduce the need for additional infrastructure.
As obvious as it may sound, you can’t implement a VDI solution that runs at a level lower than the current installation already in place; so any newly adopted VDI offering needs to not only be a step forward, it also has to physically perform its central function effectively and actually be able to work remotely away from the office.
Naturally, the VDI market will change as it matures: new vendors will enter, old vendors will evolve, and new operating systems may even fold in (at the OS level) some functionality that is currently offered only by VDI vendors. F5 ADCs are vendor-agnostic - and will continue to support top-tier VDI vendors such as Microsoft, VMware and Citrix with devices that are knowledgeable in the overall network and application ecosystem.