How do you balance user expectations with the need for security?
Q6:
XenDesktop enables users to access desktops and applications from any location or device, while IT uses policies
that control where data is kept. XenDesktop can prevent data from residing on end points, centrally controlling
information in the data center. In addition, XenDesktop can ensure that any application data that must reside on
the end point is protected with XenVault technology. Extensive access control and security policies ensure that
intellectual property is protected, and regulatory compliance requirements are met.
Microsoft Desktop Virtualization helps secure confidential corporate data by centralizing desktops in the data
center, removing applications and data from the end point. The following technologies enable the scenario:
Microsoft VDI Suite: Removes applications and data from end point devices and locks them down in the data
center. Reduces the risk of having sensitive data exposed to unauthorized users.
RDS Session Virtualization RemoteApp: Applications and data live in the data center; only encrypted
keyboard and mouse strokes transmit over the network. This helps eliminate the risk of laptop data theft.
Windows Thin PC TPC Windows Embedded thin clients: Windows TPC enables IT to repurpose existing
PCs as thin clients for access to centralized desktops. This reduces the attack surface and thereby improves
security. Alternatively, IT can purchase Windows Embedded–based thin clients to achieve the same benefit.
System Center Configuration Manager and Forefront* Endpoint Protection: These help ensure
the security and compliance of VDI clients. Configuration Manager remediates and provides continuous
enforcement mechanisms on physical and personal virtual desktops, while also providing visibility into
noncompliant machines in pooled virtual scenarios. Forefront Endpoint Protection builds on Configuration
Manager to provide consolidated vulnerability management and antimalware protection to Microsoft VDI in a
single solution.
Scense is designed with user freedom in mind. Scense is not designed for locking down desktops and restricting
functionality. The starting point for a Scense user is a fully functional Windows desktop with all applications and
other IT resources needed to do the job.
Next, the administrator can enforce security policies and restrict functionality in real time. Applications can be
blocked in real time or made unavailable in certain locations, time frames, or other contextual variables. Folder
redirection can be enforced, or standard Windows functionality can be locked down completely.