VPNs Enable Desktop Virtualization

By Bernd Reder

As the workforce becomes increasingly mobile, the methods by which users access critical business tools must evolve in kind. In the past, the desktop environment and all of the resources it hosted were only accessible if an individual was sitting right in front of his or her computer. But now, with the advent of laptops, tablets and smartphones, we’re seeing a paradigm shift—one in which digital assets are no longer imprisoned by local hard drives.

Virtual desktops allow employees to remotely access their traditional systems from any location, eliminating device storage concerns as well as numerous other headaches for IT managers. For example, if the IT department had to install a suitable desktop environment on every device used by every employee throughout the company, then provide technical support and roll out regular patches for each one, the workload would likely far exceed the department’s capacity.

A Central Virtualized Desktop

With virtual desktops, individuals working off-site can still access all the tools held within their office work stations, from the operating systems to essential applications and associated data. Not only is this more convenient for them, but it is more practical and less cumbersome for IT administrators. All sensitive information and tools are housed and managed in a secure location, mitigating the risks to company data if a security breach compromises an employee’s mobile device.

All of the company resources being accessed remotely are stored in secure data centers. Rather than having to constantly update and patch the myriad of tablets and smartphones that workers use while outside the office, IT managers can focus on deploying security measures that govern remote access privileges. Though this doesn’t completely eliminate the possibility of an attack against an employee’s mobile device affecting the organization, it greatly reduces those risks—more so than any alternative—and better equips IT personnel to safeguard important information.

According to a survey from U.K.-based market research firm Visiongain, more than half of U.S. respondents are either planning to virtualize their desktops or are considering exploring this option within the next 12 months. Visiongain also states that the world market for Virtual Desktop Infrastructure (VDI) products reached $11.6 billion in 2012, and predicts annual growth of almost 15 percent through 2015.

Where VPNs Come Into Play

Paramount to any VDI is a secure link between the virtual desktop and the device being used by an off-site worker to access it. As such, VPNs are indispensable. They ensure that data is transported across a secured, encrypted connection.

However, this is far from a “one-size-fits-all” solution. On-the-go employees will often use various mediums to connect to their virtual desktops, including public Wi-Fi networks at airports and hotels or local networks at the offices of current or prospective clients. A company’s VPN system has to be configured to securely handle all of these options if users are going to be able to safely and efficiently access their virtual desktop environments. What’s more, VPNs must be able to seamlessly handle transitions from one medium to the next, such as LAN to Wi-Fi, so that the connection is not lost or processes are not interrupted at inopportune times. If access proves problematic, the benefits of VDI begin to dissipate.

In order for companies to tap into the benefits of virtualized desktops, they must invest in robust VPN solutions that account for all possibilities and automatically initiate the proper security settings based on the communication medium an employee is using. Whether in a coffee shop with public Wi-Fi or another office location within the same organization, the VPN should be able to manage them all. Such a task is perfectly fitted to a dynamic personal firewall. Where run-of-the-mill VPN systems might fail, expertly developed and well-matured solutions will not.

February Feature of the Month: Integrated Support for 3G / LTE Cards, Part Two

This is Part Two of our February Feature of the Month series. Last week, we honored the all-new Access Point Name (APN) feature in NCP’s entry and enterprise IPsec VPN clients.

Enterprises today are facing significant challenges related to remote computing due to their increasingly fragmented geographies. For instance, companies are not only contending with how to enable automated roaming between their solutions on premises and remote hotspots, but they are also responsible for making sure this seamless roaming is secure for employees working off-site.

To meet these industry needs, NCP engineering has enhanced its client suite to support integrated 3G cards, which ensure secure network connections for mobile workers when used in conjunction with the NCP Secure Enterprise VPN Server. NCP has combined 3G / 4G and VPN connection setup into a single, graphical user interface, simplifying the installation and deployment processes for both IT personnel and individual users.

Additionally, the NCP Secure Enterprise Client allows devices to automatically transition between a variety of communication mediums, including Wi-Fi, xDSL, LAN, ISDN and WWAN, making it easy for users to connect to their corporate networks from any location. Since the solution dynamically redirects the VPN tunnel without disrupting mobile computing sessions, employees are guaranteed uninterrupted connections to their networks.

Beyond that, for enhanced protection, the solution automatically recognizes secure and insecure networks to connect to while users are roaming. With its Friendly Net Detection feature, the IPsec VPN client then activates the appropriate firewall and security policies without the end user needing to lift a finger.

Want to learn more about the NCP Secure Enterprise Client’s integrated support of 3G / LTE cards? Additional information can be found here. 

February Feature of the Month: Integrated Support for 3G/LTE Cards, Part One

With workforce mobility on the rise, remote employees are consistently in the market for easy-to-use VPN solutions that can safely connect their mobile devices to the corporate network. And given employees have a variety of mobile operators to choose from, corporations want to make it easy for users to switch in and out between these providers in order to maintain productivity on the go.

To meet these demands, NCP has rolled out an all-new Access Point Name (APN) feature in its entry and enterprise IPsec VPN clients. This automated configuration eliminates the need to manually update each device’s mobile access point when switching out SIM cards from a previous mobile operator. By analyzing the SIM card’s provider ID and using it to define the corresponding APN, identifying the appropriate dial-up parameter takes next to no time at all, allowing the user to get up and running on the network safely and easily.

Want to learn more about this feature and the NCP Secure Client’s integrated support of 3G/LTE cards? More information can be found here.

Q&A On SSL VPNs, Part Two: Joerg Hirschmann

This is part two in our Q&A series on SSL VPNs. Earlier this week, we shared insight from Rainer Enders, CTO, Americas at NCP engineering, on the inception of SSL VPN and its key differentiators.

Q: What are the core strengths of SSL VPN, and when might enterprises choose to go with this protocol over IPsec VPN?

Joerg Hirschmann: The pre-installed, SSL approach is ideal for situations in which one doesn’t require transparent connections for secure remote access. For instance, SSL VPN is an optimal solution when enterprises must grant limited access to external associates or partners needing connections only to specific applications (e.g. web-based) or administrative access to specific machines through RDP or SSH sessions. However, the ideal secure remote access solution takes a hybrid approach combining the strengths of both SSL and IPsec.

Q: What about choosing to go with software solutions versus hardware appliances?

Joerg Hirschmann: A software solution is the ideal fit for a virtualized central environment, whereas appliances are usually a better fit in branch offices or a smaller environment without virtualization in place.

If you have any questions on VPNs, the IPsec and SSL protocols or anything else related to secure remote access, send them to editor@vpnhaus.com. 

 Joerg Hirschmann is CTO at NCP engineering GmbH. 

Q&A On SSL VPNs, Part One: Rainer Enders

This is part one in our Q&A series on SSL VPNs.

Q: When SSL VPN followed IPsec VPN into the world of remote access, what was its initial purpose? How did it differentiate?

Rainer Enders: SSL VPN was introduced to address various shortcomings of IPsec VPN, such as usability, interoperability and scalability. In particular, the IPsec client-based approach was regarded as a process that was difficult to manage from both administrators’ and users’ perspectives.

When SSL was initially introduced, it was considered a client-less technology. The terminology “client-less” was created to differentiate from the IPsec client-centric approach. Obviously, SSL VPN is not client-less, as a client is still involved and is typically in the form of a web browser. Therefore, the key differentiator between the two approaches is that the SSL VPN client comes pre-installed on all OS platforms in the form of the browser, whereas IPsec VPN is separate software that, in many cases, must be installed.

Q: When should companies use a browser-based SSL VPN for secure remote access? How does this differ from applications of a Thin Client SSL VPN?

Rainer Enders: When deploying SSL VPN, great care must be taken to implement and secure the digital signature architecture. Web proxy and thin client SSL are restricted to certain access modes, and as such, should only be used in projects with limited scope with compliant access environments. SSL VPN should not be used for high security environments, as there are more points of attack and vulnerabilities.

Rainer Enders is CTO, Americas, at NCP engineering.

Stay tuned for more expert insight on SSL VPNs later this week from Joerg Hirschmann, CTO at NCP engineering GmbH.