What is Virtual Desktop Infrastructure (VDI)?

Desktop virtualization eliminates the need for employees to have physical access to corporate devices – it allows remote workers to connect to cloud-based or on-prem infrastructure that hosts virtualized corporate computers. This enables an organization to maintain control over its systems and data while allowing employees to work from anywhere.

Schedule a Demo

What is Virtual Desktop Infrastructure (VDI)?

How Does Virtual Desktop Infrastructure (VDI) Work?

Virtual desktop infrastructure (VDI) uses virtual machines (VMs) to provide access to virtual desktops to remote users. Access to these VMs is managed by a connection broker, which receives requests from remote users and provides them with access to a VM. This setup provides the remote user with the ability to control a machine hosted on the enterprise network.

VDI can be implemented in a couple of ways. One option is to allow users to have dedicated, persistent machines: a virtual machine is assigned for their use, and they access the same one for every session. This allows them to retain state across sessions but requires more overhead.

The other option is to have single-use, non-persistent virtual desktops. A remote user will be assigned a virtual desktop upon connection, and the state of the machine will be discarded after they close the connection. This approach has a lower overhead but means that any state data (documents, etc.) must be stored elsewhere.

Benefits of VDI

VDI enables an organization to host all of its employee desktops in one location, which provides several advantages, including:

  • Remote Access: VDI enables an employee to access their corporate computer from anywhere. This is useful for workers that may have them working both in and out of the office.
  • Device Flexibility: Bring your own device (BYOD) policies are increasingly popular since they allow employees to work from the devices that they are most comfortable with. With VDI, an employee can work from a personal laptop or other device but have access to corporate software and the functionality of a corporate machine.
  • Reduced Overhead: With VDI, the number of devices running on corporate infrastructure is limited to those currently needed by employees. This minimizes resource consumption for corporate desktops.
  • Data and Endpoint Security: With VDI, all data storage and processing is performed on a system under the control of the organization or a managed service provider. This makes it easier to ensure that sensitive data is not exposed on an endpoint and provides an organization with the ability to protect desktops against malicious content.

Risks of Virtual Desktop Infrastructure

While VDI has numerous advantages, it also comes with some security risks, including:

  • Unauthorized Access: VDI is designed to work with remote users, meaning that it can be accessed from anywhere if someone has the appropriate credentials. With the growth of credential stuffing attacks and rising numbers of data breaches, the potential for an attacker to gain unauthorized access to virtual desktops is increasing.
  • Minimal Resources: The VMs used in VDI are designed to use a minimal amount of processing power and storage. This makes it difficult to run conventional endpoint security solutions on them, potentially exposing them to compromise.
  • Centralized Infrastructure: With VDI, an organization’s entire workforce is reliant upon the VDI connection broker to gain access to the systems that they use to do their jobs. If this connection broker is the victim of a denial of service (DoS) attack, then the entire organization may be unable to work.

Protecting Virtual Desktops with EPP

The virtual desktops provided by VDI are still endpoints, meaning that they have the same security risks as traditional endpoints. If virtual desktops are infected with malware, they have the potential to cause significant damage to an organization during the user’s session or across multiple sessions in the case of persistent, dedicated virtual desktops.

This means that, with VDI, an organization needs to ensure that VDI endpoints are protected against cyber threats by endpoint security solutions. An endpoint protection platform (EPP) is an effective way of accomplishing this without incurring significant overhead costs like a traditional signature-based antivirus would.The use of machine learning and prevention-focused security controls makes it possible to block both known and novel attacks with much lower resource consumption than traditional approaches.

An EPP is designed to detect anomalous behavior on an endpoint, enabling it to identify and respond to both known and novel threats. An endpoint detection and response (EDR) solution complements this by giving visibility into advanced attacks and providing investigation tools and remediation support for these advanced attacks.

Check Point’s Harmony Endpoint combines the capabilities of EPP and EDR into a single endpoint security solution, making it the ideal way to secure VDI. To learn more about the capabilities of Harmony Endpoint, check out this product tour. You’re also welcome to schedule a personalized demo to learn how the combination of VDI and Harmony Endpoint provides secure, efficient corporate computing.

Recommended Resources

×
  Feedback
This website uses cookies to ensure you get the best experience. Got it, Thanks! MORE INFO