remote access best practices - western cpe
TRANSCRIPT
Remote Access Best Practices Randy Johnston, M.C.S.
Course # 2164592, Version 2004, 2 CPE Credits
Course CPE Information
i
Course CPE Information
Course Expiration Date Per AICPA and NASBA Standards (S9-06), QAS Self-Study courses must include an expiration date that is no longer than one year from the date of purchase or enrollment.
Field of Study Computer Software & Applications. Some state boards may count credits under different categories—check with your state board for more information.
Course Level Overview.
Prerequisites There are no prerequisites.
Advance Preparation None.
Course Description A growing number of employees want to be able to work from anywhere, anytime, and on any device. This is one of the marketing messages of public cloud hosting providers, but internal networks can provide the same style of remote access by using Citrix, virtual desktop infrastructure, or remote desktop services. In this session, you'll learn the techniques that will give your users the best experience utilizing technology you currently have and find out what you should consider for future upgrades.
Course content and learning objectives © Copyright K2 Enterprises, LLC 2016, Reviewed 2020Review questions and final exam © Copyright Western CPE 2016, Reviewed 2020
Publication/Revision Date April 2020
Course CPE Information
ii
Instructional Design
This Self-Study course is designed to lead you through a learning process using instructional methods that will help you achieve the stated learning objectives. You will be provided with course objectives and presented with comprehensive information and facts demonstrated in exhibits and/or case studies. Review questions will allow you to check your understanding of the material, and a qualified assessment will test your mastery of the course.
Please familiarize yourself with the following instructional features to ensure your success in achieving the learning objectives.
Course CPE Information The preceding section, “Course CPE Information,” details important information regarding CPE. If you skipped over that section, please go back and review the information now to ensure you are prepared to complete this course successfully.
Table of Contents The table of contents allows you to quickly navigate to specific sections of the course.
Learning Objectives and Content Learning objectives clearly define the knowledge, skills, or abilities you will gain by completing the course. Throughout the course content, you will find various instructional methods to help you achieve the learning objectives, such as examples, case studies, charts, diagrams, and explanations. Please pay special attention to these instructional methods, as they will help you achieve the stated learning objectives.
Review Questions The review questions accompanying this course are designed to assist you in achieving the course learning objectives. The review section is not graded; do not submit it in place of your qualified assessment. While completing the review questions, it may be helpful to study any unfamiliar terms in the glossary in addition to course content. After completing the review questions, proceed to the review question answers and rationales.
Review Question Answers and Rationales Review question answer choices are accompanied by unique, logical reasoning (rationales) as to why an answer is correct or incorrect. Evaluative feedback to incorrect responses and reinforcement feedback to correct responses are both provided.
Glossary The glossary defines key terms. Please review the definition of any words you are not familiar with.
Index The index allows you to quickly locate key terms or concepts as you progress through the instructional material.
Course CPE Information
iii
Qualified AssessmentQualified assessments measure (1) the extent to which the learning objectives have been met and (2) that you have gained the knowledge, skills, or abilities clearly defined by the learning objectives for each section of the course. Unless otherwise noted, you are required to earn a minimum score of 70% to pass a course. If you do not pass on your first attempt, please review the learning objectives, instructional materials, and review questions and answers before attempting to retake the qualified assessment to ensure all learning objectives have been successfully completed.
Answer Sheet Feel free to fill the Answer Sheet out as you go over the course. To enter your answers online, follow these steps:
1. Go to www.westerncpe.com.2. Log in with your username and password.3. At the top right side of your screen, hover over “My Account” and click “My CPE.” 4. Click on the big orange button that says “View All Courses.” 5. Click on the appropriate course title. 6. Click on the blue wording that says “Qualified Assessment.” 7. Click on “Attempt assessment now.”
Evaluation Upon successful completion of your online assessment, we ask that you complete an online course evaluation. Your feedback is a vital component in our future course development.
Western CPE Self-Study 243 Pegasus Drive
Bozeman, MT 59718 Phone: (800) 822-4194
Fax: (206) 774-1285 Email: [email protected] Website: www.westerncpe.com
Notice: This publication is designed to provide accurate information in regard to the subject matter covered. It is sold with the understanding that neither the author, the publisher, nor any other individual involved in its distribution is engaged in rendering legal, accounting, or other professional advice and assumes no liability in connection with its use. Because regulations, laws, and other professional guidance are constantly changing, a professional should be consulted should you require legal or other expert advice. Information is current at the time of printing
Table of Contents
iv
Table of Contents
Remote Access Best Practices .............................................................................................. 0:00:00 What About Randy? .............................................................................................................. 0:00:21 Pictures .................................................................................................................................. 0:00:53 What About NMGI? ............................................................................................................. 0:01:25 About K2 Enterprises ............................................................................................................ 0:02:01 K2 Enterprises Websites ....................................................................................................... 0:02:18 Session Description ............................................................................................................... 0:02:35 Learning Objectives .............................................................................................................. 0:03:38 Five Variants of Remote Access ........................................................................................... 0:04:08 Key Methods of Remote Access ........................................................................................... 0:05:14 Browser-Based Options 1 ..................................................................................................... 0:06:05 Browser-Based Options 2 ..................................................................................................... 0:06:52 Browser-Based Options 3 ..................................................................................................... 0:09:23 Virtual Private Networks ...................................................................................................... 0:12:20 Client-Based VPN 1 .............................................................................................................. 0:13:55 Client-Based VPN 2 .............................................................................................................. 0:18:14 What is MyQuickCloud? ...................................................................................................... 0:21:43 Self Hosting by MyQuickCloud ........................................................................................... 0:22:25 My QuickCloud .................................................................................................................... 0:23:10 My QuickCloud Menus 1...................................................................................................... 0:23:33 My QuickCloud Menus 2...................................................................................................... 0:23:54 My QuickCloud Menus 3...................................................................................................... 0:24:07 Security ................................................................................................................................. 0:24:27 Remote Desktop Services: Remote Apps and Remote Desktops ......................................... 0:24:50 Remote Desktop Services ..................................................................................................... 0:26:06 RDS in a Nutshell ................................................................................................................. 0:27:43 RDS Example........................................................................................................................ 0:31:19 Citrix XenApp ....................................................................................................................... 0:31:55 Speeds and Feeds .................................................................................................................. 0:35:24 Virtual Desktop Infrastructure 1 ........................................................................................... 0:41:11 Virtual Desktop Infrastructure 2 ........................................................................................... 0:41:36 Which Is Virtualization? ....................................................................................................... 0:43:18 Traditional Servers—Without Virtualization ....................................................................... 0:44:33 The VMware ESX Server Hypervisor on Two Physical Servers Does the Same Work as 8-12 Physical Servers .................................................................................................................... 0:44:54 Adding a New VMware Host 1 ............................................................................................ 0:45:12 Adding a New VMware Host 2 ............................................................................................ 0:45:17 Adding a New VMware Host 3 ............................................................................................ 0:45:24 Zero Downtime with VMotion 1 .......................................................................................... 0:45:35 Zero Downtime with VMotion 2 .......................................................................................... 0:46:03 Zero Downtime with VMotion 3 .......................................................................................... 0:46:08 Zero Downtime with VMotion 4 .......................................................................................... 0:46:15 Zero Downtime with VMotion 5 .......................................................................................... 0:46:24 VDI with VMware ................................................................................................................ 0:46:46
Table of Contents
v
Remote Desktop Services vs. Virtual Desktop Infrastructure .............................................. 0:58:11 RDS vs. VDI ......................................................................................................................... 0:59:50 XenApp vs Citrix XenDesktop ............................................................................................. 1:00:43 Performance, Cost, Compatibility, Usability Strengths and Weaknesses ............................ 1:01:49 Strengths and Weaknesses 1 ................................................................................................. 1:01:59 Strengths and Weaknesses 2 ................................................................................................. 1:02:45 Strengths and Weaknesses 3 ................................................................................................. 1:03:04 Strengths and Weaknesses 4 ................................................................................................. 1:03:41 Strengths and Weaknesses 5 ................................................................................................. 1:05:10 How Do I Choose? ................................................................................................................ 1:06:04 Comparison of Remote Access Options ............................................................................... 1:07:24 What’s Most Important ......................................................................................................... 1:08:30 Hardware, Software, Licensing, and Deployment – Technical Considerations ................... 1:09:13 Technical Considerations ...................................................................................................... 1:09:43 Storage Considerations ......................................................................................................... 1:13:29 IOPs—Examples of IOPs Speeds ......................................................................................... 1:14:12 Concerns ............................................................................................................................... 1:18:49 Dozens of Right Ways to Implement Technology, Hundreds of Wrong Ways .................... 1:19:14 Sizing Technology—Minimally Acceptable, Stronger Is Better ......................................... 1:19:42 Technology Cookbook .......................................................................................................... 1:19:58 Anti-Virus, Firewalls, Security Policies Security Considerations ........................................ 1:20:21 Security Risks 1 .................................................................................................................... 1:21:07 Security Risks 2 .................................................................................................................... 1:21:49 Security Risks 3 .................................................................................................................... 1:20:33 So How Do I Mitigate These Risks?..................................................................................... 1:23:10 Mitigating Risks—Identifying the Risk 1 ............................................................................. 1:24:13 Mitigating Risks—Identifying the Risk 2 ............................................................................. 1:24:49 Mitigating Risks—Determining Acceptable Risk ................................................................ 1:25:40 Mitigating Risks—Implementing the New Plan ................................................................... 1:26:04 Key Items To Consider – Security Guidance ....................................................................... 1:26:39 Security ................................................................................................................................. 1:26:40 Antivirus Software ................................................................................................................ 1:28:25 Password Managers .............................................................................................................. 1:28:53 Needed No Matter What Solution......................................................................................... 1:29:42 Firewall ................................................................................................................................. 1:30:18 Communication Lines (Best to Worst) ................................................................................. 1:31:02 Considerations for Proper Protection: Mobile Device Management .................................... 1:32:37 Why Do Organizations Need to Manage Mobile Devices? .................................................. 1:32:48 What Are We Trying to Control? ......................................................................................... 1:33:36 Application Installation ......................................................................................................... 1:33:50 Data Access ........................................................................................................................... 1:34:16 Device Security ..................................................................................................................... 1:35:07 Connectivity to Corporate Resources ................................................................................... 1:35:44 Kill Switch Legislation for Smartphones .............................................................................. 1:36:42 Device Tracking .................................................................................................................... 1:37:08 What Types of Devices Should Be Included? ...................................................................... 1:37:34
Table of Contents
vi
Mobile Devices to Control .................................................................................................... 1:37:53 How Organizations Create an Effective Mobile Device Policy 1 ........................................ 1:38:04 How Organizations Create an Effective Mobile Device Policy 2 ........................................ 1:38:27 Create and Implement Appropriate Controls ........................................................................ 1:38:49 Mobile Device Policies ......................................................................................................... 1:39:25 Policy Enforcement Tools..................................................................................................... 1:40:31 Security Functionality Built into Mobile Technology .......................................................... 1:40:48 Security Configuration Tools ................................................................................................ 1:41:07 Microsoft Exchange Mobile Device Mailbox Polices .......................................................... 1:41:28 Android for Work ................................................................................................................. 1:41:56 Android for Work ................................................................................................................. 1:42:06 Mobile Device Management Software ................................................................................. 1:42:16 What Mobile Device Management Applications Offer 1 ..................................................... 1:43:04 What Mobile Device Management Applications Offer 2 ..................................................... 1:43:21 Device Security Software ..................................................................................................... 1:43:47 Summary 1 ............................................................................................................................ 1:44:58 Summary 2 ............................................................................................................................ 1:47:39 Thank you for being here!..................................................................................................... 1:48:55
Learning Objectives
1
Learning Objectives
Upon successful completion of this course, you will be able to: • Identify key methods of remote access, noting the characteristics of each, security risks,
strengths, and weaknesses• Recognize the various technical aspects and security considerations of configuring a
remote environment, noting the best software options to identify and mitigate risk• Identify policies and best practices for mobile device management relating to application
installation, data access, device security, connectivity to corporate resources, and devicetracking
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Remote Access Best Practices
Randy Johnston, M.C.S.CEO, Network Management Group, Inc.
Exec VP, K2 Enterprises
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
What About Randy?
• Inducted Accounting Hall of Fame, February 2011• 2004–2015 Accounting Today 100 Most Influential in Accounting
for twelve years• Top 25 Thought Leader 2011‐2016• 40‐plus years of technology experience• Author of articles on technology, including a monthly column in
CPAPractice Advisor• Top rated speaker for over 30 years• Author of six books• From Hutchinson, KS• [email protected] or [email protected]• 620‐664‐6000 x 112
2
2
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
3
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
What About NMGI?
• CRN top 100 technology company• MSPMentor top 100 company• NetCare: National CPA support services• NetRescue and NetStore: Backup appliances and web‐based backup
• Boutique technology and business continuity consulting: CPA firm technology assessments, paperless, accounting software selection (ERP, BI, HR, SaaS, CRM)
• WebCare and netHosting: custom website and cloud services
4
3
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
About K2 Enterprises
• Provides live and on‐demand continuing professional education (CPE) in 48 U.S. states and in Canada
• Largest provider of technology‐focused CPE for accountants and financial professionals in North America
• Services offered:– Live, in‐person presentations (conferences and seminars)– Webinars– On‐site training – On‐demand self‐study materials
• www.k2e.com for more information
5
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
K2 Enterprises Websites
• www.k2e.com ‐ CPE info
• www.CPAFirmTech.com – CPA firm info
• www.AccountingSoftwareWorld.com – Accounting software info
• www.TotallyPaperless.com – Paperless info
• https://www.youtube.com/user/K2Enterprises ‐ The K2 Enterprises YouTube channel with over 160 free technology training videos
6
4
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Session Description
Team members want to be able to work from anywhere, anytime on any device. This is one of the marketing messages of public Cloud hosting providers. Internal networks can provide the same style of remote access by using Citrix, virtual desktop infrastructure, or remote desktop services.
In this session, you will learn the techniques that will give your users the best experience using what you currently have, and what you should consider for future upgrades.
7
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Learning Objectives
• List key considerations when configuring Citrix, VDI, or RDS
• Identify how to implement procedures to secure mobile devices
• Identify how to secure your network edge from potential threats associated with remote access
8
5
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Five Variants of Remote Access
Web Based
VPN
Remote Access to Desktop
Citrix/ Virtualized Applications
Virtualized Desktops (VDI)
Cloud is at the Core
9
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Key Methods of Remote Access
• Browser‐based options (i.e., LogMeIn, GoToMyPC, etc.)• Client‐based VPN (i.e., SonicWALL, Cisco, etc.)• Microsoft Windows Server
– Remote app– Remote desktop services (formally terminal services)
• Citrix XenApp– Published apps– Published desktops
• Citrix XenDesktop• VMware View
DIY
VPN
RemoteApp & RemoteDesktopon Server
VirtualDesktopInfrastructure
10
6
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Browser‐Based Options
Simple, DIY Technology
11
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Browser‐Based Options
• This method depends on an agent to be installed on the respective device and is accessed through a web browser to remotely access the device
• Key players in this field are LogMeIn, GoToMyPC, TeamViewer, as well as several others
• Naturally, this requires the remote computer to be on and accessible (not in sleep or hibernation mode)
• Remote computer can run a desktop OS or a server OS, but these tools will not permit a local user and a remote user to do different things on the PC at the same time (single interactive session)– They can watch one another work in real time and upload/download files
12
7
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Browser‐Based Options
• Security is entirely up to the end‐user—but is monitored by the provider at some level– Weak or duplicated passwords equals weak security
– Still need antivirus on these machines
• Monthly plans available for single/multiple users, persistent client installed and runs 24x7x365
• Some opt to use GoToAssist or other services to connect only as needed with assistance from on‐site user
• New offering for public practice CPAs—Citrix ShareConnect
13
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Virtual Private Networks
Secure Servers and Data(Behind Firewall) The “forcefield” or “shield” around
the remote user is the encryption tunnel created by the VPN, which blockscommunication with anyone other thanthe VPN host servers/private cloud
VPN Tunnel Extends Firewall to Cover Remote Users
14
8
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Client‐Based VPN
• Client‐based VPN is a direct connection to the internal network from an external device via a VPN client
• Uses an encryption algorithm such as AES or DES to secure the connection to the end device, typically the firewall/UTM
• Once connected, the user is able to access network resources as if they were inside the network
• Multi‐user QuickBooks: MyQuickCloud, Pertino• Clientless options such as a PPTP server or SSL VPN are also available– They fundamentally will yield the same result
15
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Client‐Based VPN
Three most common types of VPNs1. IPSEC: Most secure, most difficult to configure
• Requires client installation, password, and/or certificate installation
• Many public networks (Starbucks, hotels, etc.) may block IPSEC VPN traffic
2. SSL: Easier to set up, less secure than IPSEC VPN • Fewer devices require a client app and some mobile devices do not support
• Dell SonicWALL has SSL VPN on their firewalls or dedicated SSL VPN appliances to provide remote connectivity
3. PPTP: Easiest to set up, least secure option • Built into Windows
16
9
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
What Is MyQuickCloud?
MyQuickCloud enables you to work on programs based on a PC at the same time as your clients or employees, without
disrupting anyone’s session.
17
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Self Hosting by MyQuickCloud
• Make use of your existing multi‐user license by working with your clients on the same company file, at the same time, from anywhere, using your current hardware and setup
• MyQuickCloud allows you and your clients/employees to work in real time, with all data files remaining on the host PC
• All data, screens, and input are encrypted in transit using 128 bit AES encryption over SSL/TLS encrypted connection
• Connect out to client PCs or allow clients to access your host computer
• Access printers either from your remote location or print to a printer attached to the host PC
18
10
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
My QuickCloudFrom your MyQuickCloud dashboard, you can access programs based on the “host” computers either by clicking on a single
application or accessing in virtual desktop mode.
19
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
My QuickCloud Menus
As the MyQuickCloud administrator, you have the ability to easily create users and edit usernames and passwords without contacting support.
20
11
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
My QuickCloud Menus
Share any program on the host PC and assign permission to access them easily with the users you’ve created.
Anyone Can Self‐Host and Share Programs
21
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
My QuickCloud Menus
You can have multiple hosts, so if you’re working with multiple clients, you can access them all from your MyQuickCloud dashboard. Work with all your clients versions of QuickBooks from anywhere!
22
12
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Security• State‐of‐the‐art SSL/TLS encryption mechanism to protect your data
– MyQuickCloud uses a powerful encryption mechanism (SSL: Secure Socket Layer) for all data transmitted from one computer to another. Only your computers have the keys to decipher the data, meaning that anybody getting hold of the data would not be able to decrypt it. Therefore you can access your desktop from anywhere—your home PC, from a public network, or a shared computer—secure in the knowledge that your data is completely safe.
• End‐to‐end encryption of all your data
– MyQuickCloud has 128‐bit Advanced Encryption Standard (AES) encryption built in. All data, including screen images, file transfers, keyboard and mouse input, and chat text is fully encrypted from end‐to‐end. The encryption key is unique for each connection. The access code itself resides on the host computer and is never transmitted or stored on our servers. For this reason, it is impossible, even with the most sophisticated devices, to intercept the data necessary to decode the encryption. Transmissions cannot be hacked or compromised in any way. This technology is used by all payment pages on the internet and is both secure and reliable.
23
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Remote Desktop Services:Remote Apps and Remote Desktops
24
13
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Remote Desktop Services
• Like the VPN option, remote desktop services (RDS)—formerly terminal services—uses a client to connect the user to the network. However, instead of a direct connection from the remote device to the network resources, the RDS client connects the user to a server or pool of servers inside the network
• Is a role included in almost all versions of Windows Server
• Client access licenses (CALs) are required for end‐user access to this feature
25
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
RDS in a Nutshell
• When using RDP/RDS, I am one of many users getting my apps from a server OS, which is providing:– Remote apps, which can be server hosted– Remote desktops, which show a server desktop
• Multiple users simultaneously accessing a terminal window from a single instance of a server OS
• More generic application support, less individual customization for printers, shares• Many legacy accounting apps do not support RDP/RDS deployment• Poor audio/video performance• Roughly analogous to taking the bus or other public transportation:
– Multiple users, single OS instance, limited application support– Easier to administer, less expensive licensing
Citrix XenApp / MS RDS
26
14
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
RDS Example
27
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Citrix XenApp
• Citrix XenApp uses the same concept and is basically an extension of RDS
• Requires RDS CALs, as well as user licenses for Citrix itself
• Is extremely robust when it comes to printer/scanner compatibility and support, user access and restrictions, and the ability to generically or specifically fine tune performance
• Either a desktop or application is “published” for users to access both internally or externally
28
15
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Speeds and Feeds
Sizing Microsoft RDS Citrix XenApp VDI
Public Practice
Line Speed 256‐512 kbps 128‐256 kbps 64‐128 kbps
Number of Users/Server 30 60 40
Industry Attendees
Line Speed 128‐256 kbps 64‐128 kbps 32‐64 kbps
Number of Users/Server 60 120 40
29
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Virtual Desktop InfrastructureUsually just called VDI
30
16
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Virtual Desktop Infrastructure(Citrix XenDesktop/VMware View)
• Similar to Citrix XenApp’s published desktop option
– However, VDI makes a desktop‐based operating system available, such as Windows 7 and Windows 8
• Unlike with Citrix XenApp, VDI users do not share the same VM simultaneously
• Users access a desktop that is part of a pool or statically assigned to each individual user
• Requires a large amount of infrastructure to run smoothly
31
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
What Is Virtualization?
• Creating an instance of an operating system (a “virtual machine” or VM), which runs on generic hardware using a virtual host application, which is called a hypervisor
• Most of your servers should be virtualized now, so you can move to a backup server in an emergency without time‐consuming reconfiguration
• Just as the cargo shipping container is loaded once and can be transported by truck, train, ship, or in some cases, aircraft, virtualization decouples the operating system from the underlying hardware—the same way that shipping containers uncoupled the freight container from the power unit (train/ship/tractor)
• The VMs can run anywhere—with minimal reconfiguration—which makes them wonderful in a disaster recovery scenario
32
17
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Traditional Servers—Without Virtualization
TRADITIONAL ENVIRONMENT – REQUIRES 12+ SERVERS
SERVER2
CITRIX1
ACTIVE DIR
SERVER3
CITRIX2
PRACTICE
BRANCH 1
SQL
EXCHANGE
LOANS
QUICKBOOKS
BRANCH 2
SERVER XSERVER1
…
FILE & PRINT CITRIX3
33
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
The VMware ESX Server Hypervisor on Two Physical Servers Does the Same Work as 8‐12 Physical Servers
VIRTUALIZED ENVIRONMENT
VMHOST1
CITRIX1
ACTIVE DIR
VMHOST2
CITRIX2
CITRIX3
BRANCH 1
SQL
EXCHANGE
LOANS
QUICKBOOKS
BRANCH 2
VM Host VM Host
34
18
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Adding a New VMware Host
VMHOST1
CITRIX1
DOMAIN CTRL
VMHOST2
CITRIX2
BRANCH 2
BRANCH 1
CITRIX4
EXISTING ENVIRONMENT
LICENSESERVER
LOANS
EXCHANGE
CITRIX3
35
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Adding a New VMware Host
VMHOST1
CITRIX1
DOMAIN CTRL
VMHOST2
CITRIX2
BRANCH 2
BRANCH 1
CITRIX4
VMHOST3
EXISTING ENVIRONMENT NEW HOST
LICENSESERVER
LOANS
EXCHANGE
CITRIX3
36
19
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Adding a New VMware Host
VMHOST1
CITRIX1
DOMAIN CTRL
VMHOST2
CITRIX2
BRANCH 2
BRANCH 1
CITRIX4
VMHOST3
EXISTING ENVIRONMENT NEW HOST
LICENSESERVER
LOANS
EXCHANGE
37
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Zero Downtime with VMotion
• Use VMotion to evacuate hosts– Move running applications to other servers without disruption
– Perform maintenance at any time of day
• Automate with DRS maintenance mode– Automates moving virtual machines to other hosts
– Automates rebalancing after maintenance complete
38
20
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
1. Activate Maintenance Mode for physical host
Zero Downtime with VMotion
• Use VMotion to evacuate hosts– Move running applications to other servers without disruption
– Perform maintenance at any time of day
• Automate with DRS maintenance mode– Automates moving virtual machines to other hosts
– Automates rebalancing after maintenance complete
39
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
1. Activate Maintenance Mode for physical host
2. DRS migrates running virtual machines to other hosts
Zero Downtime with VMotion
• Use VMotion to evacuate hosts– Move running applications to other servers without disruption
– Perform maintenance at any time of day
• Automate with DRS maintenance mode– Automates moving virtual machines to other hosts
– Automates rebalancing after maintenance complete
VMotionVMotion
40
21
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
1. Activate Maintenance Mode for physical host
2. DRS migrates running virtual machines to other hosts
Zero Downtime with VMotion
• Use VMotion to evacuate hosts– Move running applications to other servers without disruption
– Perform maintenance at any time of day
• Automate with DRS maintenance mode– Automates moving virtual machines to other hosts
– Automates rebalancing after maintenance complete
3. Shut down idle host and perform maintenance
41
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
1. Activate Maintenance Mode for physical host
2. DRS migrates running virtual machines to other hosts
Zero Downtime with VMotion
• Use VMotion to evacuate hosts– Move running applications to other servers without disruption
– Perform maintenance at any time of day
• Automate with DRS maintenance mode– Automates moving virtual machines to other hosts
– Automates rebalancing after maintenance complete
3. Shut down idle host and perform maintenance
4. Restart host and DRS automatically rebalances workloads
42
22
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
VDI withVMware
43
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Remote Desktop Services vs. Virtual Desktop Infrastructure
Remote Desktop Services
• Shared access to one server, runs server OS, and does not run a desktop OS
• Limited choice on apps
• More efficient than VDI, licensing less expensive
Virtual Desktop Infrastructure
• Each user runs a DESKTOP OS VM– No one else shares your W7/W8 VM,
although they may be nearly identical
• More flexible for app deployment
• Licensing, administration are harder, as a VM for each user is needed
44
23
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
RDS vs. VDI
Remote Desktop Services
• Can publish a single app or a desktop
• Products include
– Citrix XenApp
– MS remote desktop services (RDS)
– MS RDS running on VMware Horizon
Virtual Desktop Infrastructure
• Publishes desktop only
• Products include
– Citrix XenDesktop
– Microsoft virtual desktop infrastructure
– VMware Horizon/View
45
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
‐vs.‐
• Published desktop runs Server OS—could cause application/printer compatibility issues
• Ability to run app independent of desktop
• Reduces server load, lower total cost of ownership (TCO)
• Centralizes management (both)
• Runs Desktop OS, which enhances software and printer compatibility
• Creates a true desktop experience, customizable for the user in a virtual machine
• Software and printers don’t have to be identical for all users
46
24
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Strengths and WeaknessesPerformance, Cost, Compatibility, Usability
47
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Strengths and Weaknesses
• Browser‐based remote access
– Least expensive option in most cases
– Direct access to users’ daily use computer
– Can be used from anywhere without installing a client application
– Usually a poor graphical experience for the user
– Keyboard and mouse clicks aren’t always accurate
– Access security isn’t controlled by the firm/company and creates potential back door into data
48
25
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Strengths and Weaknesses
• Client‐based VPN
– Very cost effective
– Direct access to resources from anywhere
– Strong security and encryption options
– Easy to use and implement
– Slowest of all the options
49
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Strengths and Weaknesses
• Remote desktop services (formerly terminal services)
– Doesn’t require much bandwidth, but more than Citrix
– Easy to install
– Easy to use
– Easy to manage
– Moderate expense compared to the previously listed options
– Easy to scale
50
26
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Strengths and Weaknesses
• Citrix XenApp– Most robust of all the options
– Greatest compatibility with all types of devices (iPad, Android, Mac)
– Several additional security options
– Ability to use both local resources and remote resources concurrently and seamlessly
– Requires minimal amounts of bandwidth per user
– Most widely supported option
– Requires a specialized knowledge set to administer, maintain, and tune properly
– Requires additional licensing in addition to RDS
– Runs on a server OS (Windows Server 2008 R2/ WS2012)
51
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Strengths and Weaknesses
• VDI: Citrix XenDesktop and VMware View
– Allows users to use a desktop OS (Windows 7/8/8.1/10)
– Excellent software and printer support
– By far most expensive of the options
– Manufacturers recommend using dedicated hosts and storage just for the VDI environment
– A solid state drive (SSD) is required to achieve optimal (and in some cases acceptable) performance
– Requires an advanced level of hypervisor and storage management to properly implement, maintain, and scale
52
27
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
How Do I Choose?
• There are several factors that will determine which method, or in some cases methods, work best for you
• Budget
– User requirements
– Performance needs
– Application/printer/scanner compatibility
– Bandwidth
– Knowledge of current IT staff
53
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Comparison of Remote Access Options
Product:Browser‐Based
Solutions
Virtual PrivateNetwork
Win Server 12 Remote
Desktop Svcs
Citrix XenApp RDS on Win
Svr
Virtual Desktop Infrastructure
Cost: Very Low Low Low/Moderate Moderate Very High
Performance: LowLow/
ModerateHigh Best Moderate/High
App/Print Compatibility:
Very High Very High Moderate High Best
BandwidthRequired:
Moderate Very High Low/Moderate Low Moderate/High
Speed: Moderate Slow Fast Fast Fast
Security: Low Very High Moderate High Very High
IT Knowledge: Low Moderate ModerateModerate/
HighVery High
ProductsWebEx/
GoToMyPCSonicWALL/
CiscoWin Server 08/12 RDS
Citrix XenAppXenDesktop orVMW Horizon
54
28
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
What’s Most Important
• As you can see, each option has its own distinct advantage and disadvantage
– Browser‐based options are less expensive and easiest to maintain
o They also yield the worst overall performance and user experience
– VDI has top tier user experience and compatibility
oVDI is also by far the most expensive and difficult to administer and maintain
– Citrix and RDS have the greatest overall balance
oCitrix has the edge overall because of its granular tuning capabilities
55
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Technical ConsiderationsHardware, Software, Licensing, and Deployment
56
29
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Technical Considerations
• There are three main technical aspects to consider when architecting your remote environment– CPU
oNumber of cores
o Type of processor
o Speed of processor
– RAMoUsually the number of users will dictate this metric
– Storageo Fast storage will be required to get a smooth user experience
57
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Storage Considerations
• The speed of storage is by far the most overlooked aspect in most industries
• Many of the applications today are becoming extraordinarily disk intensive
• Most of the performance issues occurring today are directly related to the speed of the disks and lack of IOPs
• SSD drives are becoming a near necessity
58
30
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
IOPs—Examples of IOPs Speeds
• Input/output operations per second (IOPs)
– Defines how quickly the storage can process the data
• SAS spindle disk max IOPs is 180/disk, then you have to apply penalties for different types of RAID
• SSD yields about 20,000‐plus IOPs/disk—penalty
• This is the most critical component of VDI performance!
59
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Concerns
• Lack of expertise of installers, internal or external
• Cutting corners on critical hardware items (SAN, Firewall, switches)
• Knowledge of how to make applications work
60
31
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Dozens of Right Ways to Implement Technology, Hundreds of Wrong Ways
Component Good Better Best
Firewall True Firewall Security Services Managed
Gigabit Switch Layer 2‐Trunking Stacked Backplane Layer 3 Chassis
Cabling CAT 6A CAT 6AF CAT 7A
Server Tower Rack Xeon Rack Xeon
SAN iSCSI SATA Fiber Channel
Storage 15K Drives SSD Z‐Wave SSD
Workstation Core i5 8GB Core i7 8GB Core i7 16GB
Monitor Two 22” Three 24” One‐Two 27‐32”
Virtualization VMware ESXi VMware Essentials+ VMware Enterprise
Remote Microsoft RDS Citrix XenAppCitrix XenDesktop or VMWare View
61
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Sizing Technology—Minimally Acceptable, Stronger Is Better
Component 1‐15 10‐50 30‐200+
FirewallSonicwall TZ300w
Sonicwall TZ400w
Sonicwall NSA 2600
Switch HP 1820 HP 2920 HP 5400
Cabling CAT 6 CAT 6A CAT 6A
Server HP ML350 HP DL360 HP DL380
62
32
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Technology Cookbook
• Servers/workstations– Windows Server 2012 R2– Windows 8/10, Office 2013/6
• Infrastructure– VMware ESX HA and san—virtualize
servers– Citrix XenApp, XenDesktop, or VMware
Horizon View VDI– Backup appliances– SonicWALL NSA3600/TZ400w– Gigabit over CAT 6af– Shortel, Mitel, Avaya, Cisco, Trixbox,
Fonality, for VOIP phones– Sufficient UPS
• Security– Firewall gateway protection– Webroot, other antivirus– Disk Encryption—BitLocker PGP or data
encryption– Email encryption—Reflexion, ZixCorp, or
Protected Trust– Adobe Acrobat DC (document cloud)– Retention and other policies
• Mobile device management– Security– Apps
• Web– Portal, SEO, localization
63
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Security ConsiderationsAnti‐Virus, Firewalls, Security Policies
64
33
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Security Risks
• Depending on the method, there can be many different forms of security risks
– For this presentation, we address the most common
• By far the largest risk to a company utilizing remote access is to allow users to save passwords
– Saving passwords allows anyone with access to the device (short‐ or long‐term) to gain immediate access to all network resources the respective user has
– Not having a policy to prevent saved passwords places any data compromise responsibility solely on the organization
65
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Security Risks
• Mobile devices, though they are quickly becoming a near necessity in our industry, are one of the greatest risks to a company if not properly managed
– According to “Accounting Firm Operations and Technology Survey, 2015” 88% of those surveyed state they did not use any type of mobile device management software (MDM)
– This means if the device is lost or stolen (or even just left laying around) anyone with access to the device may have near unrestricted access to company and client data
66
34
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Security Risks
• Not implementing security altogether is surprisingly still a major issue across the board
– One of the largest reasons of security not being utilized is complexity pushback from the end‐users
– Another surprisingly large reason for not using security is IT either does not know how to properly implement secure remote access or does not know there is no security enabled by default
– Countless times, either security is minimalized or turned off altogether because IT didn’t know how to overcome application compatibility issues
67
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
So How Do I Mitigate These Risks?
• Naturally with all problems, the first thing to do is to identify them
– This can be done either internally or contracted out
• The next step is to determine which risks are acceptable/necessary
– IT is a world in which usability and security need a balance (think UAC in Windows), because of this it is near impossible to have 100% security
• Finally, a plan should be put together to determine how these risks will be eliminated, either by company policy, hardware, or software
68
35
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Mitigating Risks—Identifying the Risk
• As previously mentioned, finding risks can be completed either internally or by an external contractor
• There are several risks to look out for during this process– Organizational policies
o Process for physically removing devices (encryption, check‐out, etc.)
o Mandated password policy
– Antiviruso Is it installed everywhere
o Level of active protection
o There are a multitude of circumstances in which a virus can get from the remote device to the internal network
69
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Mitigating Risks—Identifying the Risk
• Password policies
– Are you allowing users to save their credentials
– Are you implementing strong passwords
– Do not allow users to share their passwords with anyone
• Encryption
– Always use secure connections when accessing remotely
– Encrypt all company devices that will leave the office
• Mobile devices
– Ensure that you have some level of control and security with mobile devices
70
36
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Mitigating Risks—Determining Acceptable Risk
• Should be handled carefully and thoroughly
• Executive management should always be involved
• User input should be considered
– User input should not directly dictate the end result
• An example of an acceptable risk may be to disable user access control (UAC) because an application does not work and/or is not supported when active
71
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Mitigating Risks—Implementing the New Plan
• Identifying the risk and putting a plan together does the financial institution no good if it is not implemented
• In most circumstances, it is not recommended to make several major changes all at once, as doing so makes it difficult to find the root cause when a problem emerges from the change
• Always keep management involved if the plan needs to be altered or diverted
• Test all changes extensively and ensure all issues are addressed in a manner that finds the greatest balance between security and usability
72
37
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Security GuidanceKey Items To Consider
73
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Security
• In data centers—NSA, U.S.A. Freedom Act (replaced some Patriot Act provisions)
• Malware—ZeusVM—Deutsche Bank, Wells Fargo, Barclays using steganography (disguises crucial configuration code in a digital photo)
• Encryption—less effective• Protection—sophisticated bad guys bypassing
– In firewalls—ASUS router exploit, files exposed– In antivirus
• Password managers
74
38
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Antivirus Software
• WebRoot
• VIPRE
• BitDefender
• AVG CloudCare
• Endpoint protection not as effective
– Symantec endpoint protection
– McAfee endpoint protection
75
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Password Managers
• LastPass 3.0 (free)/LastPass Premium($12/yr)
• RoboForm Everywhere 7/Desktop 7
• Password Depot
• Citrix Password Manager
• Windows Password Manager
• Dashlane
• Keeper 5.0
• MyLOK Personal
• Norton Identity Safe (free)
• PasswordBox
• KeePass (free)
76
39
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Needed No Matter What Solution
• Com line(s), firewall/switch, cabling/wireless
InternetInternet Redundant Com LinesCable/DSL/MPLS/T1
77
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Firewall
• SonicWALL
– Larger networks NSA 3600 $3995
– Small networks TZ300w $1000
– Homes TZSOHO $495
– Use high availability, automatic failover
• WatchGuard
• Cisco
• Fortinet
• CheckPoint
78
40
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Communication Lines (Best to Worst)
• Metro Ethernet
• MPLS (multiprotocol label switching)
• Verizon FIOS and AT&T U‐Verse GigaPower (fiber)
• Cable modem (Charter, Comcast, Cox, Time Warner)
• Digital Subscriber Line (DSL) and AT&T U‐Verse (DSL)
• Dialup over plain old telephone system (POTS)
79
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Mobile Device ManagementConsiderations for Proper Protection
80
41
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Why Do Organizations Need to Manage Mobile Devices?
• So many information workers carry mobile units and use them to store or access private information
• Business professionals simply need to understand the fact that a company ’s network is no longer contained within a physical location
• It has been extended, to include anyplace that company workers go while using portable devices
• Since the network is not in a place that can be physically secured, mobile device management tools and polices are needed to extend security to less controlled venues
81
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
What Are We Trying to Control?
There are many aspects of security for portable technology. For simplicity sake, we will group them into five categories:
1. Application installation
2. Data access
3. Device security
4. Connectivity to corporate resources
5. Device tracking
82
42
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Application Installation
• If a company provides a technology asset to an employee, such as a laptop computer, they must control the introduction of nonbusiness applications
• IT staffers that inspect devices often find a wide array of games or other applications that have been installed
• Added software can use unit resources, track information, and may lower overall device security
• Technology controls, such as limits on those with rights to install applications, can serve as the means to keep unauthorized software off of company owned devices
83
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Data Access
• There are two basic types of data we are concerned about:1. Data which is stored on a mobile device
2. Content retrieved with a mobile device
• Some of the best controls limit the amount and the nature of information that is actually resident on mobile units
• Additionally, policies that add security to carried content, such as the requirement of encryption or automatic data removal routines for devices, which are lost or stolen, should be deployed
• If information is not stored but is connected to and viewed, risk is reduced; however, policies that required periodic password changes as well as requirements to report lost units in a timely manner are needed
84
43
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Device Security
• Security measures resident on mobile technology are paramount
• Policies that should be viewed, not just as beneficial, but as a requirements include:
– The requirement of a password to unlock a smartphone
– Data removal routines
– Use of antivirus products for portable computing units (even smartphones)
85
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Connectivity to Corporate Resources
• Many people, in order to make connecting to corporate resources with mobile devices a bit less cumbersome, have the unit “remember” the username and password used to authenticate the user to the resource
• Moreover, they again, for ease of use reasons, do not have password locks on their tablets, laptops, or smartphones
• Rules restricting stored passwords for connectivity to corporate resources and controls, requiring device passwords, are an important security measure organization should consider
86
44
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Kill Switch Legislation for Smartphones
• The federal Smartphone Theft Prevention Act would require that all mobile phones sold in the U.S. include a “kill switch,” which would remotely erase data as well as render the phone inoperable if stolen
• A similar bill is now law in California
• We expect this law to be a de facto national requirement, as carriers will likely make this feature available to all users
• The closest thing to a kill switch already in the market is Apple’s Activation Lock feature available with iOS
87
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Device Tracking
• Most organizations and individuals would agree that the ability to track a lost or stolen device would be beneficial
• Policies requiring mobile device management tools, or other device tracking tools, should be a component of any set of internal controls designed for mobile computing devices
• Proxim has a tracking device for locating your mobile devices and even your keys
88
45
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
What Types of Devices Should Be Included?
• A large number of organizations have good or even excellent policies that govern the use of laptop computers, but these policies fail to address the ever‐increasing importance of smartphones and tablets
• Organizations should identify all mobile units that represent an area of risk and develop policies to keep them as safe as possible
• Mobile device management initiative should include both legacy phones and smartphones, tablets, phablets, ultrabooks, and laptops
89
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Mobile Devices to Control
90
46
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
How Organizations Create an Effective Mobile Device Policy
• Organizations that wish to create effective policies must first identify all of the devices in use by company workers
• As management defines included devices, they must be aware of not only company‐owned assets, but also portable technology that is owned by employees and used in conjunction with their work efforts
• These units, categorized as bring your own device (BYOD) tools, often connect to or store company or client‐owned data and represent a risk when they are lost, stolen, or otherwise compromised
91
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
How Organizations Create an Effective Mobile Device Policy
• Any policy that relates to technology must be reviewed regularly and updated to address changes in the tools used and the manner in which employees operate
• Organizations that created very strong, well thought out email polices three or four years ago may not have addressed mobile email on personal devices, because no one in the organization had mobile email on personal devices at that time—now they do
• A regular review of existing controls will highlight the need for updated rules and regulations
92
47
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Create and Implement Appropriate Controls
• After the organization has an understanding of the devices in use and of the data stored on them, an effective set of internal controls can be created
• Mobile controls can be broken into two categories1. Policies
2. Control‐oriented technology tools
• Each category is a necessary component of the mobile internal control structure, and an organization with a weakness in either area is inhibiting security
93
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Mobile Device Policies
• Policies are the rules that govern the use of mobile devices and the data stored on or accessed by them
• Rules such as, “Do not leave a device unattended in a public place,” “Do not view sensitive information in a location where others might see it,” or “Secure a laptop computer before traveling so it will not be damaged” are all steps that must be carried out by the end‐user
• There is no laptop application that sends an electric shock through the keyboard if the user is viewing payroll information on a crowded airplane
• Workers follow policies because they make sense or because they risk discipline if they do not comply
• Sample policies available94
48
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Policy Enforcement Tools
• There are technology tools that add security in an automated fashion
• They are installed onto a mobile device, and once configured, make it more secure
• One application segment, MDM software, is quickly becoming an important security add‐on for mobile devices of all types– These products can push automated policies, like a requirement to lock a device, which is not in use to all controlled units
• There are also policy configurators that can help enforce device usage rules
95
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Security Functionality Built into Mobile Technology
• One of the first and best lines of defense is the security capabilities built into the devices
• There are three major operating systems in use on portable technology units: 1) Apple’s iOS; 2) Google’s Android; and 3) Microsoft’s Windows – Each has security features that organizations should consider integrating into their policies
• Unfortunately, many users disable security functionality because it adds steps
96
49
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Security Configuration Tools
• Many organizations, both large and small, have policies in place that require the use of the security capabilities resident on mobile technology
• A number of software applications exist that can help organizations that wish to “force” policy use for mobile units
• Microsoft Exchange mobile device mailbox policies
• Apple Configurator tool now only on MacOS X
– iPhone Configuration Utility for Windows no longer available
97
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Microsoft Exchange Mobile Device Mailbox Polices
• Alphanumeric password required• Device password enabled• Device password expiration• IRM enabled• Maximum device password failed attempts• Maximum inactivity device time lock• Minimum device password complex characters• Minimum device password length• Require device encryption• Remote wipe
98
50
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Android for Work
• Announced in February 2015
• Built into Android 5 (Lollipop) and available through a downloadable app on Android 4+ devices
• Segregates business data in a work profile, which is encrypted and separate from personal apps and data
• Business data can be remotely wiped
• Apps are approved, configured, and deployed by IT and distributed by Google Play for Work
99
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Android for Work
• Significant external partnerships include the following:
100
51
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Mobile Device Management Software
• As an increasing number of mobile devices are placed into service for business organizations, the need to control these units also escalates
• The amount of risk related to mobile units is growing
• Because of this mounting risk, an application software segment, known as mobile device management, has emerged to give organizations and individuals the means to mitigate the threat
101
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
What Mobile Device Management Applications Offer
• MDM applications generally provide for wide‐area network distribution of forced configuration settings for mobile devices
• Strong MDM suites include tools to support mobile phones, smartphones, phablets, tablets, and laptops
• Additionally, other mobile devices that contain data storage capabilities, such as mobile printers and mobile point‐of‐sale tools, may also be covered by an MDM deployment
102
52
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
What Mobile Device Management Applications Offer
• One benefit of an MDM package is that it not only controls company‐owned technology units, but can also be used on BYOD devices, which connect to corporate resources
• Once deployed, an MDM product creates three types of controls:
1. Configuration governance
2. Device usage limits
3. After the fact tools
103
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Device Security Software
• Some of the products available include
– Air‐Watch
– MobileIron
– Good
– MaaS360 MDM
– XenMobile (by Citrix)
– Symantec MDM
– 3CX
– and many others…
104
53
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Summary
• There are many remote access methods and products from which to choose
• The most important factor is doing your research internally and finding what method and product combination works best for your company
• Finding a balance between usability and security is a crucial and commonly overlooked element when designing and implementing your strategy
105
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Summary
• Paying close attention to your users needs and issues will greatly contribute to the success of your deployment
• When purchasing hardware, pay close attention to the type and speed of the processor
• Picking the correct storage type and speed is equally as important and crucial for long‐term use
• If possible, avoid making multiple, significant changes all at once, this will ensure a smooth transition with minimal user impact
106
54
Copyright © 2016 K2 Enterprises, LLC. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited.
Remote Access Best Practices
Randy Johnston, M.C.S.CEO, Network Management Group, Inc.
Exec VP, K2 Enterprises
Thank You for Being Here!
55
Review Questions
56
Review Questions
The review questions accompanying this course are designed to assist you in achieving the course learning objectives. The review section is not graded; do not submit it in place of your qualified assessment. While completing the review questions, it may be helpful to study any unfamiliar terms in the glossary in addition to course content. After completing the review questions, proceed to the review question answers and rationales.
1. Which of the following statements regarding browser-based options is accurate?
a. The agent creates a virtual private network which is used to access a remote device.b. A browser-based option requires the remote computer to be on and accessible.c. The remote computer needs to run a server operating system in order to be remotely
accessed.d. The benefit (beyond remote access) is that the remote user and the local user can do
different things on the PC at the same time.
2. What is one of the biggest security risks with respect to a client-based VPN?
a. There is no encryption between the remote user and the client-based VPN.b. The client-based VPN is compromised by the remote user accessing the network.c. If a remote user accesses a client-based VPN from a home network, anyone on that
network can also gain access to the client-based VPN.d. Access to the client-based VPN requires a wireless connection which puts the remote
user at risk of cyber-eavesdropping.
3. Which of the following statements is accurate regarding RDS?
a. It requires more general application support and requires less customization thanother options.
b. Users will be accessing a single computer.c. Audio and video performance is a higher quality than most other remote options.d. Licensing can be expensive.
4. Which of the following is accurate regarding browser-based remote access?
a. It does not allow direct access to a user’s daily use computer.b. It requires all users to have the same printer configuration.c. It provides a higher graphic user experience than some other options.d. The mouse and keyboard clicks are not always accurate.
Review Questions
57
5. Which of the following statements about technology is accurate?
a. The best option for a firewall is True Firewall. b. A good option for the gigabit switch is CAT 7A. c. The best option for virtualization is VMware Enterprise. d. The best option for remote connection is Microsoft RDS.
6. Mobile controls can be broken down into:
a. Access controls and data retention controls. b. Policies and technology tools. c. Policies and data retention tools. d. Access controls and technology tools.
Review Question Answers and Rationales
58
Review Question Answers and Rationales Review question answer choices are accompanied by unique, logical reasoning (rationales) as to why an answer is correct or incorrect. Evaluative feedback to incorrect responses and reinforcement feedback to correct responses are both provided. Section 1 1. Which of the following statements regarding browser-based options is accurate?
a. The agent creates a virtual private network which is used to access a remote device. Incorrect. This method requires the agent to reside on the remote device in order to access it but it does not create a virtual private network.
b. A browser-based option requires the remote computer to be on and accessible. Correct. The agent is installed on the remote computer, that computer is on and accessible, and the user can remotely access it from a remote location.
c. The remote computer needs to run a server operating system in order to be remotely accessed. Incorrect. The remote computer can run a server OS or a desktop OS.
d. The benefit (beyond remote access) is that the remote user and the local user can do different things on the PC at the same time. Incorrect. The drawback is that the remote user and the local user cannot work at the same time.
2. What is one of the biggest security risks with respect to a client-based VPN?
a. There is no encryption between the remote user and the client-based VPN. Incorrect. Such a connection uses either AES or DES encryption.
b. The client-based VPN is compromised by the remote user accessing the network. Incorrect. The connection is encrypted.
c. If a remote user accesses a client-based VPN from a home network, anyone on that network can also gain access to the client-based VPN. Correct. This is a common weakness of the client-based VPN solution.
d. Access to the client-based VPN requires a wireless connection which puts the remote user at risk of cyber-eavesdropping. Incorrect. Connection does not require a wireless connection.
3. Which of the following statements is accurate regarding RDS?
a. It requires more general application support and requires less customization than other options. Correct. Since all users are accessing one server, the support is more general and requires less customization.
b. Users will be accessing a single computer. Incorrect. Users access a server. c. Audio and video performance is a higher quality than most other remote options.
Incorrect. Audio and video performance tends to be poor compared to other options. d. Licensing can be expensive. Incorrect. Licensing is usually inexpensive per user.
Review Question Answers and Rationales
59
4. Which of the following is accurate regarding browser-based remote access?
a. It does not allow direct access to a user’s daily use computer. Incorrect. This option does allow direct access to the user’s normal computer.
b. It requires all users to have the same printer configuration. Incorrect. The browser-based option provides flexibility for the user with printer configuration.
c. It provides a higher graphic user experience than some other options. Incorrect. This option results in a lower graphic user experience than some other options.
d. The mouse and keyboard clicks are not always accurate. Correct. With a browser-based option, the mouse and keyboard may not be as accurate as with other options.
5. Which of the following statements about technology is accurate?
a. The best option for a firewall is True Firewall. Incorrect. True Firewall is a good option but the best is a managed firewall.
b. A good option for the gigabit switch is CAT 7A. Incorrect. CAT 7A is the best option for a gigabit switch.
c. The best option for virtualization is VMware Enterprise. Correct. The good option is VMware ESXi, the better option is VMware Essentials + and the best option is the VMware Enterprise.
d. The best option for remote connection is Microsoft RDS. Incorrect. Microsoft is the good option but the best option is Citrix XenDesktop or VMWare View.
6. Mobile controls can be broken down into:
a. Access controls and data retention controls. Incorrect. The controls fall into one of two main categories: policies and technology tools.
b. Policies and technology tools. Correct. These are the two main components of mobile controls.
c. Policies and data retention tools. Incorrect. Data retention falls with the policies category.
d. Access controls and technology tools. Incorrect. Access controls could fall under both of the main categories of policies and technology tools.
Glossary
60
Glossary This is a glossary of key terms with definitions. Please review any terms with which you are not familiar. Advanced Encryption Standard (AES): An encryption algorithm that secures a connection between a remote user and the network. Browser-based options: A method of working remotely that depends on an agent to be installed on the respective device and is accessed through a web browser to remotely access the device. Central Processing Unit (CPU): Sometimes referred to simply as the central processor, but more commonly called processor, the CPU is the brains of the computer where most calculations take place. Client Access License (CAL): A license required for remote desktop services. Client-based VPN: A direction connection to the internal network from an external device via a VPN client. Data Encryption Standard (DES): An encryption algorithm which secures a connection between a remote user and the network. Hypervisor: A virtual host application used in virtualization. Input/output operations per second (IOPs): A common performance measurement used to benchmark computer storage devices like hard disk drives (HDD), solid state drives (SSD), and storage area networks (SAN). Internet protocol security (IPsec): A set of protocols that provides security for Internet Protocol. It can use cryptography to provide security. IPsec can be used for the setting up of virtual private networks (VPNs) in a secure manner. Also known as IP Security. Mobile Device Management (MDM): A technology tool which can be installed on mobile devices to manage device security. This software creates three types of controls: configuration governance, device usage limits, and after the fact tools. Multiprotocol Label Switching (MPLS): A type of data-carrying technique for high-performance telecommunications networks that directs data from one network node to the next based on short path labels rather than long network addresses, avoiding complex lookups in a routing table. MyQuickCloud: An application which allows multiple users to work on the same application on the same machine at the same time. POTS: An acronym for Plain Old Telephone System.
Glossary
61
Point-to-Point Tunneling Protocol (PPTP): A method for implementing virtual private networks. Remote Desktop Services (RDS): A method of remote computing in which the user connects to a server in order to work. It can include access to applications, data, and printers. Remote Direct Memory Access (RDMA): A technology that allows computers in a network to exchange data in main memory without involving the processor, cache, or operating system of either computer. Secure Sockets Layer (SSL): A method for implementing virtual private networks. Solid-state drive (SSD): A storage device containing nonvolatile flash memory, used in place of a hard disk because of its much greater speed. Steganography: A technology which disguises crucial configuration code in a digital photo. User Access Control (UAC): A feature that was designed to prevent unauthorized changes to a computer. When functions that could potentially affect the computer's operation are made, UAC will prompt for permission or an administrator's password before continuing with the task. Virtual Desktop Infrastructure (VDI): A method of multiple-user remote access where each user runs a desktop OS virtual machine. Virtual Machine (VM): A software computer that, like a physical computer, runs an operating system and applications. The virtual machine is comprised of a set of specification and configuration files and is backed by the physical resources of a host. Virtual Private Network (VPN): A method of remotely accessing a work station which creates and encryption tunnel between the user and the secure servers which blocks communication with anyone other than the VPN host server and the user. Virtualization: Creating an instance of an operating system (a virtual machine) which runs on generic hardware using a virtual host application that decouples the operating system from the underlying hardware. They can run anywhere with minimal reconfiguration. VMotion: A tool used to evacuate hosts which can move running applications to other servers without disruption and performance maintenance at any time during the day.
Index
62
Index A About K2 Enterprises ............................................................................................................ 0:02:01 Adding a New VMware Host 1 ............................................................................................ 0:45:12 Adding a New VMware Host 2 ............................................................................................ 0:45:17 Adding a New VMware Host 3 ............................................................................................ 0:45:24 Android for Work ................................................................................................................. 1:41:56 Android for Work ................................................................................................................. 1:42:06 Antivirus Software ................................................................................................................ 1:28:25 Anti-Virus, Firewalls, Security Policies Security Considerations ........................................ 1:20:21 Application Installation ......................................................................................................... 1:33:50 B Browser-Based Options 1 ..................................................................................................... 0:06:05 Browser-Based Options 2 ..................................................................................................... 0:06:52 Browser-Based Options 3 ..................................................................................................... 0:09:23 C Citrix XenApp ....................................................................................................................... 0:31:55 Client-Based VPN 1 .............................................................................................................. 0:13:55 Client-Based VPN 2 .............................................................................................................. 0:18:14 Communication Lines (Best to Worst) ................................................................................. 1:31:02 Comparison of Remote Access Options ............................................................................... 1:07:24 Concerns ............................................................................................................................... 1:18:49 Connectivity to Corporate Resources ................................................................................... 1:35:44 Considerations for Proper Protection: Mobile Device Management .................................... 1:32:37 Create and Implement Appropriate Controls ........................................................................ 1:38:49 D Data Access ........................................................................................................................... 1:34:16 Device Security ..................................................................................................................... 1:35:07 Device Security Software ..................................................................................................... 1:43:47 Device Tracking .................................................................................................................... 1:37:08 Dozens of Right Ways to Implement Technology, Hundreds of Wrong Ways .................... 1:19:14 F Firewall ................................................................................................................................. 1:30:18 Five Variants of Remote Access ........................................................................................... 0:04:08 H Hardware, Software, Licensing, and Deployment – Technical Considerations ................... 1:09:13 How Do I Choose? ................................................................................................................ 1:06:04 How Organizations Create an Effective Mobile Device Policy 1 ........................................ 1:38:04 How Organizations Create an Effective Mobile Device Policy 2 ........................................ 1:38:27
Index
63
I IOPs—Examples of IOPs Speeds ......................................................................................... 1:14:12 K K2 Enterprises Websites ....................................................................................................... 0:02:18 Key Items To Consider – Security Guidance ....................................................................... 1:26:39 Key Methods of Remote Access ........................................................................................... 0:05:14 Kill Switch Legislation for Smartphones .............................................................................. 1:36:42 L Learning Objectives .............................................................................................................. 0:03:38 M Microsoft Exchange Mobile Device Mailbox Polices .......................................................... 1:41:28 Mitigating Risks—Determining Acceptable Risk ................................................................ 1:25:40 Mitigating Risks—Identifying the Risk 1 ............................................................................. 1:24:13 Mitigating Risks—Identifying the Risk 2 ............................................................................. 1:24:49 Mitigating Risks—Implementing the New Plan ................................................................... 1:26:04 Mobile Device Management Software ................................................................................. 1:42:16 Mobile Device Policies ......................................................................................................... 1:39:25 Mobile Devices to Control .................................................................................................... 1:37:53 My QuickCloud .................................................................................................................... 0:23:10 My QuickCloud Menus 1...................................................................................................... 0:23:33 My QuickCloud Menus 2...................................................................................................... 0:23:54 My QuickCloud Menus 3...................................................................................................... 0:24:07 N Needed No Matter What Solution......................................................................................... 1:29:42 P Password Managers .............................................................................................................. 1:28:53 Performance, Cost, Compatibility, Usability Strengths and Weaknesses ............................ 1:01:49 Pictures .................................................................................................................................. 0:00:53 Policy Enforcement Tools..................................................................................................... 1:40:31 R RDS Example........................................................................................................................ 0:31:19 RDS in a Nutshell ................................................................................................................. 0:27:43 RDS vs. VDI ......................................................................................................................... 0:59:50 Remote Access Best Practices .............................................................................................. 0:00:00 Remote Desktop Services ..................................................................................................... 0:26:06 Remote Desktop Services vs. Virtual Desktop Infrastructure .............................................. 0:58:11 Remote Desktop Services: Remote Apps and Remote Desktops ......................................... 0:24:50 S Security1 ............................................................................................................................... 0:24:27
Index
64
Security 2 .............................................................................................................................. 1:26:40 Security Configuration Tools ................................................................................................ 1:41:07 Security Functionality Built into Mobile Technology .......................................................... 1:40:48 Security Risks 1 .................................................................................................................... 1:21:07 Security Risks 2 .................................................................................................................... 1:21:49 Security Risks 3 .................................................................................................................... 1:20:33 Self Hosting by MyQuickCloud ........................................................................................... 0:22:25 Session Description ............................................................................................................... 0:02:35 Sizing Technology—Minimally Acceptable, Stronger Is Better ......................................... 1:19:42 So How Do I Mitigate These Risks?..................................................................................... 1:23:10 Speeds and Feeds .................................................................................................................. 0:35:24 Storage Considerations ......................................................................................................... 1:13:29 Strengths and Weaknesses 1 ................................................................................................. 1:01:59 Strengths and Weaknesses 2 ................................................................................................. 1:02:45 Strengths and Weaknesses 3 ................................................................................................. 1:03:04 Strengths and Weaknesses 4 ................................................................................................. 1:03:41 Strengths and Weaknesses 5 ................................................................................................. 1:05:10 Summary 1 ............................................................................................................................ 1:44:58 Summary 2 ............................................................................................................................ 1:47:39 T Technical Considerations ...................................................................................................... 1:09:43 Technology Cookbook .......................................................................................................... 1:19:58 Thank you for being here!..................................................................................................... 1:48:55 The VMware ESX Server Hypervisor on Two Physical Servers Does the Same Work as 8-12 Physical Servers .................................................................................................................... 0:44:54 Traditional Servers—Without Virtualization ....................................................................... 0:44:33 V VDI with VMware ................................................................................................................ 0:46:46 Virtual Desktop Infrastructure 1 ........................................................................................... 0:41:11 Virtual Desktop Infrastructure 2 ........................................................................................... 0:41:36 Virtual Private Networks ...................................................................................................... 0:12:20 W What About NMGI? ............................................................................................................. 0:01:25 What About Randy? .............................................................................................................. 0:00:21 What Are We Trying to Control? ......................................................................................... 1:33:36 What is MyQuickCloud? ...................................................................................................... 0:21:43 What Mobile Device Management Applications Offer 1 ..................................................... 1:43:04 What Mobile Device Management Applications Offer 2 ..................................................... 1:43:21 What Types of Devices Should Be Included? ...................................................................... 1:37:34 What’s Most Important ......................................................................................................... 1:08:30 Which Is Virtualization? ....................................................................................................... 0:43:18 Why Do Organizations Need to Manage Mobile Devices? .................................................. 1:32:48
Index
65
X XenApp vs Citrix XenDesktop ............................................................................................. 1:00:43 Z Zero Downtime with VMotion 1 .......................................................................................... 0:45:35 Zero Downtime with VMotion 2 .......................................................................................... 0:46:03 Zero Downtime with VMotion 3 .......................................................................................... 0:46:08 Zero Downtime with VMotion 4 .......................................................................................... 0:46:15 Zero Downtime with VMotion 5 .......................................................................................... 0:46:24
Qualified Assessment
66
Qualified Assessment Remote Access Best Practices
Course # 2164592, Version 2004Publication/Revision Date:
April 2020
Course Expiration Date Per AICPA and NASBA Standards (S9-06), QAS Self-Study courses must include an expiration date that is no longer than one year from the date of purchase or enrollment.
Complete this assessment online at www.westerncpe.com and receive your certificate and results instantly!
1. With respect to security in a browser-based environment:
a. Security is managed by the web provider.b. As long as one password on one machine is strong, you will have strong security.c. Both computers can be vulnerable to attack based on the “weakest link” between the
two devices so it is important to have anti-virus on both machines.d. One the agent is installed on both computers, you will not need passwords.
2. One of the disadvantages of a virtual private network (VPN) is that:
a. It is more expensive than a browser-based method.b. It is more susceptible to being hacked than a browser-based method.c. The speed of communication is based solely on the speed of the connection.d. Communication is slowed due to the encryption and decryption between the host and
the remote user.
3. Which of the following common types of VPNs is built into windows?
a. IPSEC.b. SSL.c. DES.d. PPTP.
4. Which of the following allows the most users?
a. Citrix XenApp.b. Microsoft RDS.c. VDI.d. MyQuickCloud.
Qualified Assessment
67
5. Which of the following statements is accurate regarding VDI?
a. VDI does not require a large infrastructure to run smoothly so is great for smallbusinesses.
b. Users access a desktop that is part of a pool or is strategically assigned to them.c. Users must share the same VM.d. VDI uses a server operating system.
6. Which of the following has the best rank for app and print compatibility?
a. Browser-based solutions.b. Virtual desktop infrastructure.c. Virtual private network.d. Win Server 12 remote desktop.
7. What is the recommended number of processors per virtual machine?
a. 1.b. 4.c. 6.d. 10.
8. What is the most critical component of VDI performance?
a. RAM.b. Processor speed.c. Number of cores.d. IOPs.
9. Which of the following is cited as the best communication line?
a. Cable Modem.b. MPLS.c. Metro Ethernet.d. DSL.
10. Which of the following is a good risk-reduction policy for mobile devices but is not arequirement?
a. A policy to have a password to unlock the device.b. A policy to only view data on the device but not store it.c. A policy to use a data removal routine on the device.d. A policy to use antivirus products on devices.
Answer Sheet
68
Answer Sheet Remote Access Best Practices
Course # 2164592, Version 2004 2 CPE Credits
Date:
Name: Phone:
Address:
City: State: Zip:
Fax: E-mail*:*E-mail address MUST be unique (not shared with another CPA) for Western CPE to grade your assessment
Name of purchaser (if other than person taking assessment):
If course was purchased as part of the MEGA TAX LIBRARY please include $4/credit for grading:
VISA/MC/Discover/Amex # Exp.
Course expires 1 Year from date of
purchase or enrollment
Online Grading: visit www.westerncpe.com to complete your assessment online and receive your certificate of completion and results
instantly.
1. ___ 3. ___ 5. ___ 7. ___ 9. ___
2. ___ 4. ___ 6. ___ 8. ___ 10. ___
Course Evaluation
69
Course Evaluation Remote Access Best Practices
Course # 2164592, Version 2004
Thank you for taking the time to fill out this course and customer experience evaluation. Your responses help us to build better courses and maintain the highest levels of service. If you have comments not covered by this evaluation, or need immediate assistance, please contact us at 800.822.4194 or [email protected].
Course and Instructor Evaluation
1. Please answer the following related to the content of the course:
Strongly Disagree Disagree Neutral Agree Strongly
Agree
The stated learning objectives were met. O O O O O
The course materials were accurate, relevant, and contributed to the achievement of the learning objectives. O O O O O
The stated prerequisites were appropriate and sufficient. O O O O O
Based on 50 minutes per credit hour, the time to take this course accurately reflects the credit hours assigned to it. O O O O O
The instructor was knowledgeable and effective. O O O O O
2. Were there any questions you felt were confusing or had incorrect answers listed? If so, please give thequestion number and a brief description of the issue:
3. Please provide any additional comments specific to the educational content or author of this course:
Course Evaluation
70
4. Do you have ideas for future course topics? If so, please list them along with any known subject matter expertswe might contact to develop the course:
Customer Experience
5. Please rate your overall experience with Western CPE:
Unsatisfactory Improvement Needed
Meets Expectations
Exceeds Expectations Exceptional
If you interacted with our Customer Service team, please rate the quality of service you received.
O O O O O
If you purchased your course online, please rate the quality of your e-commerce experience.
O O O O O
“My Account” information includes the tools necessary to access courses and track those completed.
O O O O O
6. Please indicate the likelihood of your purchasing the listed course formats from Western CPE:
Not at all Not very likely Possibly Likely Highly
Likely
Self-Study O O O O O
Webcast OnDemand O O O O O
Live Webcast O O O O O
Resort Conference or Seminar O O O O O
Course Evaluation
71
7. Please use the box below to provide any additional comments related to your educational experience withWestern CPE.
8. If you are willing to provide a quote about this course, or Western CPE in general, that we may use in ourpromotional materials, please state it below. Be sure to include your name, title, city, and state.