In Part IV we discussed the challenges of Application Delivery, and how Application Virtualization could offer alternatives.
Application Delivery can present difficulties in ensuring applications are installed in different environments, can be complex to manage and introduce compatibility issues that delay deployment and increase costs. Application Virtualization offers a number of advantages for providing access to applications over traditional Application Deployment; but it is not without caveats. Application Virtualization process of creating a virtualized application can be complex; it can require an infrastructure to be in place and there is also an interesting consideration as to whether application can adversely impact a hosted virtual desktop implementation.
Perhaps, those weren’t the answers you were looking for. Perhaps, you considered it a boring conversation anyway.
In this conclusion of the two-part trilogy, we’ll discuss Application Virtualization solutions, and what they can offer you. We look at solutions from Citrix, Endeavours Technologies, InstallFree, Microsoft, Spoon, Symantec, UniDesk and VMWare. We’ll also consider the question “is it a choice between Application Delivery vs Application Virtualization?” to reduce the cost to your business of application deployment.
The Virtualization Security Podcast on 9/16 was the first in a series of Virtual Desktop Security discussions we will be having. The special guest panelist was Bill McGee from Trend Micro who helped us to understand their implementation of Deep Security 7.5’s Anti-Virus and Anti-Malware (AV collectively) within the virtual desktop.
Trend Micro’s product makes use of enabling technology within vShield Endpoint to provide offloaded AV and Anti-Malware scanning of virtual machines using only one set of rules and one VM to do the actual scanning. Removing the per VM rule set and processing that currently takes place within the VM.
Browsers are the user workspace of the future. The issue with “traditional” applications are many and complex covering topics like deployment, updates, security and management. If you can move all of that headache to a centralized service and have users access that by firing up their device’s web browser then your troubles will be over. But an issue with web-based applications is, as with any application, the capabilities of the service grow to accommodate new functions and additional requirements. Applications may move to be hosted in “the cloud”, but there is will always be a need to ensure that the end device has an environment to run that web service in a secure, consistent and productive way. Browsers may well be the workspace of the future – but that future will still browsers to be updated, managed and maintained.
It is likely your business is moving to a post Windows XP environment. Perhaps you are updating traditional desktops or migrating to virtual desktop environment on Windows 7, or even a presentation virtualization environment based on Windows 2008 R2. Moving operating systems, means moving browser version. Microsoft would say this is a “Good Thing” – as they consider Internet Explorer (IE) 8 to be their best browser yet although to be fair, they’re hardly likely to say IE8 is bloated and overly complex.
There are still a good number of companies who have found that they cannot standardize on one browser for all users en masse without impacting on business functions. One application, or even a critical component of one application may not work if the browser for IE8 or IE7. At the same time, as users become more web aware, there is the demand of users to have more than just one browser available.
Can you support multiple browsers in your environment? How can you run IE6 in a Windows 7 or Windows 2008 environment? Will moving to a VDI infrastructure allow you to look back while moving forward and indeed, is the lack of support for different browsers – specifically different versions of IE – simply a temporary issue, resolved by focusing on changing the web delivery services so that they support the most recent browser? Ultimately, is one browser enough?
Since I blogged ThinApp – Licensing Issues – Ethics do not ship with the code I have been thinking about the security aspects of VMware ThinApp and similar virtualization technologies such as Microsoft App-V.
I came up with a set of questions to which I searched for some answers:
- ThinApp creates a self contained application within its Bubble. Is it possible for this Bubble to contain a Virus, RootKit, or Worm that could then infect the system on which it runs?
- ThinApp contains a set of libraries that could be less secure than those on the operating system on which the ThinApp Bubble is running. Can the system libraries override those within the Bubble?
- ThinApp contains a mechanism to update the ThinApp Bubble called AppSync, what is the security surrounding AppSync? Could an attacker include a attack payload within such a download?
In essence could ThinApp be used to subvert existing system security?
The recent VMware Communities Podcast had ThinApp engineers on the call. Their mantra when presented with questions on licensing was “