Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Desktop Virtualization Drives Security, Not Just Dollar Savings: Page 3 of 7

As current systems are phased out, look at what's available for VDI-optimized clients. The term "dumb terminal" evokes some bad memories, but today's thin VDI systems dodge two significant limitations of thin clients--limited memory and small CPUs. Desk-side hardware is modular, with few moving parts. No spinning hard disks or complicated driver sets.

The client-host operating system--an ultrasmall, embedded desktop hypervisor--doesn't dictate the applications that can run on the system. Users can make calls to one or more virtualized operating systems at the same time, run localized versions of those VMs, benefit from a physical desktop's horsepower, and gain added security via a hypervisor's intelligence and reliance on underlying hardware engineered specifically to provide solid virtualization.

Hypervisors are what makes virtualization possible, and that's just as true on the desktop as on the server. Because the hypervisor enforces virtual machine boundaries and resource requests, it's also the linchpin in the security stack and should be treated as such.

So it stands to reason that if the desktop hypervisor has a small footprint, is hardware-embedded, or functions as a virtual appliance itself, security is much improved. VMware is stepping down its hypervisor and service console from a sizable, and potentially more vulnerable, 2 GB to an entire platform baked into a 32-MB footprint, bootable from an embedded location, a USB key, or a CD-ROM. Once the hypervisor is on board at the desktop level, users can ask it to perform the work they need and the negotiation they require of it--including network authentication and machine isolation.

Chip manufacturers are at work here as well. Consider the Trusted Platform Module. Think of a TPM chip as a hardware-based lockbox where users can store credentials and certificates, manage keys, and encrypt e-mail and files. The VDI hypervisor can make use of this security mechanism, making calls to hardware instead of storing important information in software.