Virtual Desktop Interface and Remote Desktop Services
The need for mass adoption of remote work, in a short period, meant that many companies ended up opening security holes in their networks and applications. Remote work must first of all be safe, and choosing the technology that will support this new employment model is a strategic decision.
Terminal-server architectures date back to the beginnings of computing. RDS and VDI technologies were introduced on the Intel x86 platform in the 1990s, initially designed to provide remote access for system administrators.
VDI evolves for end-user use, gaining sophistication with content transmission acceleration technologies, remote printing techniques and access load management and identity management.
There are several software vendors for RDS and VDI, and there is a big difference in prices between these vendors. Among the advantages of this architecture are the large skilled workforce, and the reduced cost, compared to new generation solutions.
The new generation of technologies to support remote work is cloud-based. Cloud Workspace addresses remote work by publishing applications (not desktops) that are embedded in encrypted Http pages (https). This brings a number of benefits, such as eliminating the need for VPNs and open ports on firewalls, as well as more granular identity control aligned with Zero Trust concepts.
Whatever architecture you adopt to support remote work, it's important to be concerned about adding layers of cybersecurity to keep the environment secure. This can be done by contracting data protection services, MFA and PAM; that not only prevent cyber criminals from acting, but are also capable of providing a quick response; in case the worst happens.
RDS and VDI: VIRTUAL DESKTOP INTERFACE
Virtual desktop infrastructure (Virtual Desktop Infrastructure) and remote desktop (Remote Desktop Service) pertain to using the cloud to deliver and manage virtual desktops. Hosting desktop environments in a centralized way optimizes the management of the terminal park, in addition to being one of the techniques used to allow legacy applications (such as client-server) to work remotely with adequate performance. Users can access their virtual desktop from any device or location, and all processing is done in the cloud or on a dedicated server.
Remote Desktop Service (RDS) is Microsoft's platform for building individual application virtualization solutions, securely accessing Remote Desktop and mobile devices, and using applications and desktops from the cloud. VDI and RDS services are available with a choice of customer management or Matrix management.
In the case of management option by the customer, this is responsible for administering your console, creating access privileges and application settings.
If the customer chooses to manage the Matrix, the data center will be responsible for administering the console, and must have a user with platform administration credentials. If the administrative user of Matrix is disabled by the customer, he will be notified and no action will be taken until the access is corrected.
MATRIX CLOUD WORKSPACE
The Cloud Workspace solution allows your employees to access your company's applications remotely and securely. The new generation of technology for remote work eliminates the use of software on the terminal, such as VPN client, in addition to establishing Zero Trust security.
With quick installation and authentication integrated into your directory systems, it supports most ERPs and collaboration packages on the market, providing secure, simple and fast access to applications, so that employees use them as if they were physically on the company's network.
Virtual Workspace was developed using Akamai Zero Trust technology. The biggest advantage that the solution provides is not leaving the employee exposed to a variety of security risks arising from service packs, software and worker terminal configurations, opening up opportunities for attacks.
- Transmission security: it does not require opening ports on the firewall, nor establishing a VPN. The entire session is encrypted with AES 256 (not TLS-1.2) to ensure that data is not exposed to suspicious people on the network.
- Application Security: Edge servers automatically drop sessions from DDoS attacks at the network layer and inspect web requests to block threats such as SQL injections, XSS (cross-site scripting), and RFI (remote file inclusion).
- High performance at low cost: it uses the Akamai content delivery network, ensuring the lowest communication latency regardless of the user's geographic region.
- Multi-Cloud, Hybrid Cloud: Unified access and control for applications hosted in Matrix, in retail clouds (AWS, Azure, Google), or on customer premises.
- Keep users out of the corporate network: Block your firewall from all inbound traffic while making your infrastructure invisible to hackers.
- Centralize security and access control: Determine users' access rights, as well as the applications they are authorized to use, in the cloud and on-premises.
- Multi-Factor Authentication (MFA) for Enterprise Applications: Minimize unauthorized access by authenticating users through MFA over email, SMS, TOTP or Duo Security.
- Single sign-on for all enterprise applications: Seamlessly access on-premises, IaaS and SaaS applications;
- Authentication threading: Take advantage of unique authentication bridging, separating user authentication from application authentication.
- Full Audit of User Activity: Record customer information and actions of all users. As well as geolocation.
- On-premises server load balancing: Balance traffic across the internal infrastructure using a variety of load balancing algorithms.
- Simplified Access Management: A central point of entry and control through a single management portal.