The security implementation of the security cloud service of the Ming Wanda Desktop cloud data

With the maturing of cloud computing and virtualization technology, desktop cloud is widely used as a solution to optimize the traditional office mode.

Desktop Virtualization is a technology that supports the enterprise-class implementation of remote dynamic access to desktop systems and data center unified hosting. The desktop image of each terminal is uniformly stored through a background server, and the desktop server is clouds by a terminal computer or thin client to open a personal virtual cloud desktop to work through a virtual cloud desktop. An image analogy is that today, we can access our mail systems, or personal desktops, from any device, anywhere, at any time, and in the future we can access our personal desktop systems on the web through any device, anywhere, any time.

Usually desktop virtualization technology, with the following features:

More flexible access and use: Terminal use is not limited to the company or desktop PC, users can be at home, the airport and other places through the network access to the company's internal personal desktop for personal office. For IT managers, there is no need for the complex problems of a single investigation, just in the room can be on the virtual desktop to troubleshoot problems, reduce the workload of operators, improve office efficiency.

Wider and simpler terminal equipment support: By using desktop virtualization, all computing processes and data storage are done in the cloud server, and for the terminal, only display, input, output, and so on can operate on the remote virtual desktop, which can support more terminal equipment to complete the work.

Terminal equipment procurement, maintenance costs are greatly reduced: this kind of it architecture simplification, the direct benefit is that the terminal equipment procurement cost reduction, through thin client as a desktop carrier of the cost is much cheaper than the standard PC, and for the life cycle of hardware devices, computing performance by the cloud server to decide, The terminal is decidedly small, which determines that the thin client's life cycle will be longer with traditional PC terminals.

Centralized management, unified configuration, Security: Because all data is centrally stored in the Enterprise data center, increasing the centralized application of data, administrators can in the data center for all desktops and applications for unified configuration and management. such as system upgrades, application installation, etc. Avoids the traditional management difficulty and high cost caused by the terminal distribution. Since only the final running image is passed, all data and calculations occur in the data center, the confidential data and information do not need to pass through the network, increased security, and the data can also be configured not to allow downloading to the client, to ensure that users do not take away, the dissemination of confidential information.

In view of the above characteristics, it is not difficult to find that desktop virtualization brings low cost and high efficiency while there is still a problem of security risks in traditional information storage, transmission and use. Ming Wanda After careful study, summed up in four aspects:

In the process of using the virtual terminal, because the account becomes the only control way that the control resource is allowed to use, it can use unauthorized information through identity, which leads to the leakage of secret information.

Using the cloud terminal of virtualization technology, the data unified archiving is stored on the core storage device, and the sensitive data is stored on the server (cloud), and there are some security hidden dangers such as unauthorized use and illegal access.

Under the virtualization it framework, the enterprise does not use the local data storage and call to store the data in the cloud, in this case, reduce the data leakage risk caused by the storage level, but increase the internal leakage of the data.

At the same time through the unified desktop cloud for the background storage and management, can not be implemented through the traditional switch VLAN logical division, for the department or the separation between the team can not be completed. At the same time, as an open interactive means, the data interaction has great convenience, and the leakage of data is also a huge risk point.

Although the technology of desktop virtualization is swept around the world with explosive speed, the technology of maintaining the security of virtual environment lags behind, which puts forward higher requirements for enterprise data security. Ming Wanda in the use of desktop virtualization in the process of identity authentication, data unified cloud storage, mobile storage media use, cloud desktop data, and other use of the risk points in the scene, combined with CHINASEC data security products, launched chinasec (security) Desktop Cloud data safety solution:

Map of the Department

Through the desktop virtual image data encryption function, to solve the cloud data centralized storage administrator priority access rights and virtual machine escape brings hidden dangers, to prevent the desktop cloud users of private data leaks.

Combined with PKI technology, two-factor cloud terminal authentication is used to avoid the risk of cloud terminal identity risk, and fine-grained access control improves the security of remote use cloud terminals.

Based on the security domain division of Cloud Terminals, the mechanism of traditional PC terminal relying on physical ports to partition virtual security domain is classified, which accords with the feature of Cloud Terminal's cross region, and strengthens the data transmission security control between cloud terminals.

The data dynamic boundary automatic encryption function realizes the data controllable interaction between the departments in the cloud, and prevents the cloud terminal data from leaking by mail, Web page or instant communication tool.

Programme features

The risk of unified storage is apportioned through encryption. Encrypt user virtual disk space or back-end real data storage space to achieve control over unauthorized users accessing disk space and administrators illegally accessing virtual machine storage space.

For the desktop cloud thin terminal data security, completely eliminate the outward route, can effectively control end users to use mail, instant chat tools, such as network transmission channels to avoid data leakage. At the same time can also audit the end-user data, can be traced to the post facto query.

Chinasec from the network layer of Transmission control, for the network card encapsulated packets encryption, so that the same group with the same secret key in the cloud desktop can be transparent decryption. This method can realize the virtual terminal isolation in the desktop cloud environment, and realize the division of Virtual security domain through the software method.

On the unified platform can support the common PC terminal, the cloud desktop and the fictitious terminal, the mobile intelligence terminal and the thing networking terminal and so on many kinds of terminal network coordinated management, can effectively deal with the enterprise IT structure rapid transformation and the extension, constructs the entire IT structure coordinated linkage data security system.

Ming Wanda from the Cloud Terminal, network, server, storage and other aspects of the overall consideration of desktop cloud data security issues, can be seamlessly integrated with desktop virtualization products, bringing new easy management and security of desktop virtualization experience, for the vast number of cloud customers bring more significant strategic advantages.