Security and compliance in the home-office environment

The isolation paradigm forced by the COVID-19 crisis is changing permanently the way of working and studying.

Many employees and students have shifted to working or learning from home, encouraged by their companies and schools which have not only recognized the immediate need, but also the benefits of the home-office environment, for several reasons.

Those changes are to remain as the new “normal” either on a full or part-time basis. That brings a new challenge for the IT industry to solve: how to provide remote users the IT resources they need, at their home.

Looking at the most fundamental resources (computer, systems, and applications) how to deliver and manage those resources ensuring security, reliability, performance, compatibility, in a way that employees, students, teachers, can perform from their home as they would within the organization’s premises? And how to make such a change quickly and smoothly with minimal costs, disruptions, and effort?

As IT administrators must face this challenge, to reach a workable solution for such an abrupt increase in the number of remote users, they look at the technologies available in the market. Here we will address two different concepts, VDI/DaaS and the IDV concept implemented by Phantosys.

 

VDI / Desktop as a Service

As a server-based environment, systems and software are hosted in a data center or cloud provider, and users access those resources from an endpoint terminal (a thin client) through the Internet. This solution is called VDI (Virtual Desktop Infrastructure) and its cloud-based offer, often labeled DaaS (Desktop as a Service).

Intense marketing promotion from big IT brands, the sense of urgency due to the Covid crisis, and the lack of known alternatives have been pushing decision-makers into this disruptive transition. One problem is that testing those solutions with a significant number of users in a real scenario is unlikely to be possible, because of the technical requirements and effort for initial setup. And, once the transition is made, it would be difficult and costly to get back to a PC-based environment, even if the costs are higher and the user experience poorer than anticipated.

Experience shows that the balance between the pros and cons of such an approach depends on the case, but clearly, it has many tradeoffs, compatibility issues, and performance limitations, and heavily relies on both the backend and client-side infrastructure and network connections.

The overall cost of that choice is not easy and straightforward to be determined, due to “hidden” components or unpredictable costs that can only be added later according to changes in demands. For instance, the price for a low-end client system with limited functionality is much lower than the cost to reach a performance level that can match the average personal computer. More often than not, users have different needs over a period, to perform different tasks. Thus, a basic VDI client or DaaS instance might be enough for working with an office suite and cloud-hosted applications, but not for many other tasks, especially when graphics, videos, and communications applications are required.

Although the VDI/DaaS solution vendors promote it as a cost-effective PC replacement with the convenience of being accessible from anywhere by any device, in reality, it’s not that simple (or cost-effective) to adapt users and migrate Local systems to Remote-access systems.

This is a fact: even VDI/DaaS advocates do not cease to use and rely on a Local OS, applications, and files, on their Notebook/PC.

 

Phantosys / IDV (Intelligent Desktop Virtualization)

Phantosys’ unique virtualization concept was developed in the early 2000s, but it was much later when the IT enterprise market recognized the need to evolve beyond the common concept of server-based computing, as the sole answer for better management and security, and started to praise new solutions using a different approach. Some references: Infoworld, TechRepublic.

Being one of the most influential developers of computing platforms, Intel published a so-called “evolutionary framework called Intelligent Desktop Virtualization, or IDV — in which the overall system of managing user computing is made significantly more intelligent”. According to Intel’s vision, “IDV maximizes the user experience while also giving IT professionals the control they need — all within an economically viable framework”. Intel’s concept uses 3 tenets to distinguish IDV:

  • Tenet 1: Manage Centrally with Local Execution
  • Tenet 2: Deliver Layered Images Intelligently
  • Tenet 3: Use Device Native Management

Phantosys is a perfect match to all those tenets and adds several other important security features, such as disk access control and encryption, device blocking, IP settings control, automatic system backup, instant recovery, among other functions. Easy and quick to deploy a large-scale trial, Phantosys is certainly worth a test for any company, but especially the ones in the need of an effective management system for home users, with minimum disruptions, effort, and costs.

Even though there has been hardly any marketing promotion, over its 15-year development history, Phantosys has been gaining consistent market share, year after year, with over 2 million devices managed across more than 6,000 companies, in several countries. It’s considered a great choice for roaming users, for its edge-computing virtualization architecture, which enables centralized management of completely autonomous systems, on any type of PC or Notebook.

Employees can use their own Notebook/PC to access systems and data provided by the company’s IT department, and students can access ready-to-use systems provided by schools including specialized software applications. In either case, those users can perform their work on an entirely isolated system (via Phantosys virtual disks) right on their PC/NB computing resources, without any connection to personal systems installed on the same computer.

Phantosys users soon forget or even uninstall their PC/Notebook’s local OS, once they verify that systems provided by Phantosys are completely autonomous, secure, easily updated, and instantly recoverable, and have the same performance as a standard local OS.


Normal Operation

Disaster Recovery

 

A comparison between Phantosys and VDI/DaaS for home-office environments

 Phantosys IDVVDI or DaaS
Desktop System and ApplicationsReside on the user’s device. Even if the network or server is down, the local cached systems are fully functional.Reside on the central servers or cloud provider. If the server-side service or connection is down, the users cannot perform any work.
User habits and transitionNo transition in user habits or operation change in comparison to standalone systems.Change in user habits and training required to access remote desktops, configure client-side functions and settings.
System selectionThe unique layered disk storage mechanism allows computers to choose and boot from totally different systems (such as Win10, Win7, Linux) or variations of the same OS layer (such as basic Office environment or CAD Engineering environments) all within the same management system, at no extra cost. Also, they can easily switch to an upgraded version of OS/software, or roll back to a previous version, just by a simple reboot.Limited capability of selections. depending on the support provided by the VDI vendor or DaaS provider. The more selections offered to the user, the higher the cost.
Internet bandwidthUsage of local-cached systems prevents any need for network transfers between the IDV server and the client, therefore the whole bandwidth is available for the user’s access to Internet contents. Compliant systems customized by the IT administration and provided by Phantosys will ensure proper security.The Internet broadband connection is the only way a user can access their working desktop and applications. Thus, performance, security, and reliability depend on 2 different connections, from the user’s home to the virtual desktop provider, and from that point to the network and Internet resources.
PerformanceHigh performance, NO DELAY in graphics, video/audio streaming. All systems and software applications make use of local computing resources, the same way as a standalone desktop system. Most modern PC/Notebooks have a powerful CPU and graphics card, spare RAM, high speed SSD, which can be used at their full capacity without any restrictions.Performance depends on several factors, including server-side resources, network connections/ latency, remote desktop protocols, etc. That is why DaaS “performance packages” are often 4-5X more expensive and still, not enough for many applications. If the user has a good-performance computer, all that power will be wasted when using remote desktops.
Use of peripheralsNo change in configuration or use of any peripherals, such as printers, scanners, webcams, audio devices, or any other. Phantosys systems will connect to local devices exactly the same way as a standalone system.Compatibility issues for many peripherals and required applications. Not only a challenge to implement workarounds, but also subject to be affected by changes and updates. For home-office users, that can be difficult to manage.
Specific license requirementsRequire only regular volume license agreements because systems and applications run on local computers, not on servers.Additional license requirements may include access licenses to remote desktop OS, secure login services, enterprise communications, and so on.
Network securityPhantosys can manage and lock the IP configuration for the computer right at the power-ON event, even before a system is selected for boot. Systems provided by Phantosys can be set to use a unique IP configuration to match the organization’s security policies.The network configuration of the underlying local OS (used to access the remote desktops) is not part of the VDI or DaaS scope.
Local system securityUsers just turn on their computer and the (managed/compliant) virtualized system will boot as a local OS. And, if they have a personal system installed on their computer, at power-on they can choose to boot either the personal OS or the virtualized systems provided by Phantosys. After the chosen system is running, it is entirely isolated from the other systems, which remain invisible/inaccessible.When using their home-office computers, the way for a user to access their VDI/DaaS system is through a remote desktop session initiated from a local OS. There is still the need for a functional local OS, usually not managed by the company/school, which still poses a security risk. And, since their local OS is still available when the remote desktop is running, most users will continue to perform several tasks from their local OS due to the performance or compatibility issues of remote desktops.
MobilityAs Phantosys systems are cached in the Notebook/PC, they can be autonomously used anywhere: at home, at the company/school, during trips, no matter if there’s an Internet connection.Mobility is bound to the availability of a reliable Internet connection.
Data leakagePhantosys has the option to block ports, Wi-Fi, Bluetooth, local disks, and media devices (such as USB drives), to prevent data leakage and malware contamination.Access to local devices can be blocked.
Data theftEven when data is stored in a local-cached Phantosys system or data disk, as those contents are not stored in a regular disk/partition, they cannot be accessed externally. This means that data is always secure, even if a device is stolen.Data is on the data center or cloud. The user is only granted access as per his/her privileges.
Server-side risksEven if a Phantosys server is compromised, that will not affect the client systems, because they use virtual disks synced to each computer’s local storage, which can be instantly recovered on each individual client, no matter which content they store (Windows OS, Linux OS, or data). Basic security is enough because systems and data are scattered across the edge devices.A major issue or attack on server-side resources could result in a serious disruption for any organization that has chosen to migrate all their systems and data from their individual computers to a central site/service. Additional layers of enterprise-level security must be included to protect the entire desktop infrastructure, which adds more cost.
Client recoveryManual or every-reboot recovery modes are available for Phantosys virtual disks, and such choices can be managed on the server and client sides. An optimal strategy is to set the System disk for automatic recovery and the Data disk for manual recovery, to the last healthy local snapshot.Virtual machine’s concepts of persistent and non-persistent disks can be applied, but users do not have capabilities for on-demand recovery.
Data BackupEntire images of disks can be backed up to the server, or data backups can be performed by several choices of applications contained in the managed systems.Data backup is automated.
Total CostsSetup is simple, with hardly any changes for client computers or infrastructure, and there are flexible options for deployment to meet different scenarios. An entry-level server or even an ordinary PC can manage hundreds of clients, easily clustered to manage thousands. With Phantosys, TCO really is just about the license subscription. No hidden costs!Just look at a VDI or DaaS proposition, and try to understand all the pricing components… One thing is clear: any fee or subscription is tied to limits (in computing power, storage, and network traffic) which makes it difficult to predict actual costs. Setup is rather complex and requires high-cost services for deployment and maintenance.
Scroll Up