• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 696
  • Last Modified:

XenDesktop risks

What areas should auditors/security focus on when reviweing designs for the implementation of xendesktop for desktop virtualisation, are there any specific areas of concern or that audit/security should focus? In design or configuration?

What are the main risks to xendesktop and desktop virtualisation, and appropriate controls to plug these risks.
0
pma111
Asked:
pma111
  • 6
  • 5
2 Solutions
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Performance Bottlenecks, can the hosts maintain the demand.

As for the desktops themselves, they carry the same risks as physical desktops, and should be managed the same, only the delivery mechanism is different.
0
 
pma111Author Commented:
How can "Performance Bottlenecks, can the hosts maintain the demand" be audited against though, especially in design stage. What should you look for for some assurances.
0
 
pma111Author Commented:
>>they carry the same risks as physical desktops

Be also interested if you could expand on the risks to desktops in your view, are you talking about patching of desktop apps?
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Check that the number of virtual desktops, has been sized correctly against the infrastructure!

OS Security Updates is one area, Applications Updates another, but also OS setup, enabling firewalls per desktop, security permissions per desktop
0
 
pma111Author Commented:
Ok thanks, albeit I wont be doing this myself, but "Check that the number of virtual desktops, has been sized correctly against the infrastructure!" is there any general good practice or methodology for measuring the desktop:host ratio based on your past experience?
0
 
pma111Author Commented:
>>security permissions per desktop

Is this on the virtual desktop itself, or are you talking about access to local shares etc, user permissions on the desktop, i.e group memberships?

Or is this from a data theft perspective, i.e. who could pinch the whole desktop, who can access that dektop? Where are such configured?
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
user permissions exist on physical and virtual desktops. Both are the same.

Or is this from a data theft perspective, i.e. who could pinch the whole desktop, who can access that dektop? Where are such configured?

- XenDesktop Configuration and SAN
0
 
pma111Author Commented:
just to sweep up:

Ok thanks, albeit I wont be doing this myself, but "Check that the number of virtual desktops, has been sized correctly against the infrastructure!" is there any general good practice or methodology for measuring the desktop:host ratio based on your past experience?
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Yes, Tevron Citratest

http://www.tevron.com/default.asp
0
 
pma111Author Commented:
>> XenDesktop Configuration and SAN

Can you provide a link or something to where in the xendesktop config the user perms/security perms are set?

Also what is the real risk to a xenapp desktop if another user/hacker got unauthorised access to it? If anything....
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
There are no specific risks to the XenDesktop product, but all VDI products in general.

Sorry, not currently at a XenDesktop Client.
0
 
basrajCommented:
Few things I can think about:

1. Xendesktop should have a security in place in form of Citrix Netscaler or Access Gateway which provides smart access, security and many features
2. When a user access from a non-corporate devices, Citrix netscaler or AGW, will put some restrictions like disabling local client drives, prevent printing, USB and other locks. You can define the smart access, end-point scanning through these products.
3. XenDesktop comes with policies where you can still restrict the above with policies but in an outside world the above products are recommended.

Once everything is setup in proper way, XenDesktop is fast and secure.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Network Scalability - Handle Complex Environments

Monitor your entire network from a single platform. Free 30 Day Trial Now!

  • 6
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now