Your datacenter is becoming your desktop.
The idea that I’m typing this into a machine that lives in a server rack somewhere in a Silicon Valley datacenter is a nuance of the transition to virtual desktops that we don’t think about all that much. I can tell you this with confidence because in the last three years of presenting at our Executive Briefing Center, the number of customers that have engaged in a discussion around what security means when the end user is able to run any desktop application inside the datacenter is few and far between. Most, quite simply, are not thinking about it.
As my friends from the end-point security world will quickly tell you – the Internet is a cesspool of nasty apps that want in. In a traditional desktop world, it’s annoying but we put our mission critical apps behind extra firewalls in a datacenter. In the virtual desktop world, those apps are a subnet over and we’re both behind the firewall.
The gap is that we tend to think about datacenter security from an outside-in perspective. Users on the outside want to access applications are that inside. For Citrix XenDesktop, we put up a firewall and then place a Citrix NetScaler right behind it. In addition to secure remote access for ICA, NetScaler addresses advanced traffic management requirements like support for multiple datacenter resilience, consolidation of ADC functions, and full native ICA protocol support. The native ICA support is especially key for properly integrating secure authentication and native single sign-on to the XenDesktop web interface. Once we bless the traffic and send it over to XenDesktop, we step aside and let XenDesktop do its thing.
But do we want that? The thought of a casual desktop user running a web browser (any web browser!) with free access to datacenter resources behind the firewall is absolutely terrifying. So when we partnered up with Palo Alto Networks, the leader in next-generation firewall security, they told us to step aside they’ve got our back.
Palo Alto Networks, it turns out, has been building up a steady list of customers that run XenDesktop and recognized that those web browsers were scary business. So they developed a prescriptive solution that ties identity, application level policies, and tight network firewalling together with virtual desktops to make sure that those users are not only protected from malicious content on the web (amongst numerous other Internet protocols), but are also properly secured with user and application policies so they don’t go idly surfing into the rest of the datacenter unfettered.
The result is NetScaler in the front for securing inbound users from the Internet trying to access desktops, and Palo Alto for egress web browsing headed back towards the Internet. The combination is a best-in-class security solution that protects both sides of XenDesktop, and your datacenter.
My desktop is in the datacenter; but NetScaler + Palo Alto Networks filters out the filthy packets.