With the VDI network, traditional operating systems are eliminated, yet user log on, secure policies, visibility and monitoring are required more than ever. Security for yesterday's network meant complex "application layer" elements of sign-on security such as LDAP directories, strong authentication, and single sign-on (SSO) systems. But with the emergence of VDI, today's security, namely network identity, is more simplified, centralized and driven by the network rather than the PC OS.
Policy and identity management are important network security considerations since users can connect to the data center from any location using a variety of devices. The access management and lack of identity features with old networks won't be up to par.
More and more secure government facilities are using advanced identity management over VDI, setting the table for similar deployments in the private sector with large mobile workforces. To this end, today's businesses looking to deploy VDI securely require a new model called identity-aware networking. Enterprise Strategy Group defines this as: "A policy-based network architecture that understands and acts upon the identity and location of users and devices."
Identity-aware networking is an integration effort where the network gathers information from multiple existing sources then enables IT managers to use this data to build and enforce access policies. The best of breed network has the intelligence to dynamically collect and update information about users, devices, and location as the users connect to the VDI infrastructure and just as importantly, enforce policies once they are on the network. The business, regulatory compliance, and security ROI benefits available with the identity-aware network become the new norm, carrying the burden away from those that had to maintain application-layer security.
Network-based identity for VDI is associated with things like IP and MAC addresses, VLAN tags and subnets which play a role in device authentication, VPNs and IPSEC. With VDI, network layer security takes over. It is based on a number of inputs, including the user-id and role of the user, specific device characteristics and capabilities, and user/device location. Identity-aware networking wants to know if the user is logging on from a trusted or untrusted network, or whether a user is accessing the network from a wired port or over Wi-Fi. Furthermore, network access policies may need to change from one location within a facility to the next.