Peripherals are supposed to be redirected in a virtualization environment, but they don’t always subscribe to plug ’n play. Even more important is the question of whether IT organizations should permit all peripherals for all users from a security and business perspective.
From a technical standpoint, the technologies that enable peripherals such as USB webcams and scanners to function properly are quite complex, and this is compounded by the myriad new peripherals that become available each day. Your average user doesn’t appreciate the virtual mappings and drivers that are necessary for peripherals to function properly. Further, users rarely understand that there is a new USB 3.0 standard or know that manufacturers continue to release not-so-perfect drivers. Yet, their expectation is to plug in that new USB device to the local workstation and see it automagically work properly in the virtual desktop or application as well.
Conversely, a multitude of COM port devices are still in use. Remember those? COM port devices are still commonly used in some industries, such as banking, and they will continue to exist for the foreseeable future. While a great many peripheral devices have transitioned to USB, virtualization technologies need to continue to support COM port devices going forward.
From the standpoint of virtual desktops, peripherals have a higher success rate because of the one-to-one physical desktop to virtual desktop ratio. However, where virtualized applications are used in a one-to-many architecture, where there are many users per server desktop, peripheral use becomes exponentially more complicated.
Let’s say you need a USB device to work in a Citrix XenApp environment. If it doesn’t automagically function in the user session, it may be necessary to attempt various tweaks, such enabling the Citrix USB device redirection rule and designating information from the hardware ID of the USB device from the user computer. Or installing another driver. Or appending the user profile. Or upgrading to Receiver 4.2 for USB 3.0 support. Or … ?
Even before focusing on the technical aspects of getting peripheral devices functioning, standards related to security and business requirements should be considered. For example, if USB thumb drives are allowed, could confidential data be sneaking out the door? Does the user really need the use of a specific peripheral as part of job requirements? If getting a specific peripheral device to function requires a significant amount of help-desk time, at what point does “best effort” cease because of the time investment?
From a security standpoint, IT organizations should consider whether specific peripheral devices provide an undesired medium for transferring or exporting data from the virtual app or desktop. Allowing all users to have access to all peripherals may not provide the desired level of security. Further, standards should be set regarding whether users really need the peripheral devices in order to do their jobs.
While most people think only of the technical challenges associated with getting peripherals to function in a virtualized environment, there are important security and business decisions that impact whether and how these devices should be permitted.