Teradici Thin-Client Technology Enhances DLP Security with Low-Cost PC over IP Solution

By Frank Ohlhorst  |  Print this article Print


Desktop-as-a-Service Designed for Any Cloud ? Nutanix Frame

One of the quickest ways to plug data leaks is to eliminate the desktop PC and its associated IP traffic. Can Teradici’s remote desktop solution enhance data loss prevention while lowering costs and improving productivity?

Teradici has been focusing on technology that brings a low-latency, fast and graphics-intensive experience to a desktop user, all without having a PC nearby. The concept here is pretty simple—bridging a true PC or workstation computing experience over the network using existing IP technology (cables, switches, routers)—yet at the same time it’s a pretty tall order in today’s traffic cluttered infrastructure. Teradici's approach involved developing a chip set and high-performance graphics compression algorithms that make a PC over an IP network possible.

Shifting the burden of CPU processing power back to the data center from the desktop offers several easy-to-identify advantages, ranging from better control of expensive hardware, consolidation of space and centralized hardware support. Yet those advantages only scratch the surface of what Teradici has to offer a well-planned enterprise, many of which were unthought-of during the product's development.

To better comprehend what some of those advantages are, one has to understand exactly what Teradici’s technology is or isn’t.

Some classify what Teradici is doing as thin-client computing, zero client technology, remote PC access and a host of other names that don’t actually fit the Teradici mold. Teradici isn’t desktop virtualization, and it is not a technology that allows users to share virtualized machines; it also isn’t meant to be used as a remote (off-site) access solution. So, what exactly is Teradici about and why is there so much confusion about PC over IP (PCoIP)?

We looked at the company’s evaluation kit, which included a TERA Host PCIe card, TERA Portal, power supply, Teradici firmware, and various cables and connectors. The goal of the hardware was quite simple: Install the TERA PCIe host card into a PC; plug an Ethernet cable into the host card and then plug the TERA Portal into the same subnet; connect a monitor, mouse and keyboard; and then access the host PC remotely, over IP via the TERA Portal.

The TERA Host PCIe card works by interfacing with the host PC; the PC’s video output is connected to the TERA Host PCIe card; and the TERA Host Card handles converting video and user interaction into a specialized form of IP traffic. The TERA Portal speaks to the host PC over the IP network and handles displaying the PC’s video and user I/O functions. The hardware is pretty slick and worked well in our test environments.

We tried out the Host Card on several machines, including an HP xw6600 workstation, an AMD Phenom II-based white box system and an Intel Core i7 based white box.  The product worked flawlessly in each instance, and remote performance was excellent on our fast Ethernet subnet.

Out of the box, the target audience for the Teradici solution is for those users who need access to high-performance PCs for CAD/CAM or other demanding work. The idea is to provide those users with an acceptable experience, without placing an expensive workstation at their desks.

There are a few direct advantages to that scenario. First off, an expensive workstation PC is locked away safely. Secondly, that PC can also be housed in a low-dust, low-heat server room that offers stable electricity and local backup resources. That PC can also be maintained by IT staffers in the data center, eliminating trips to the various desks in the business.

Those are the obvious benefits here, but there are many not-so-obvious advantages to the Teradici solution, which can help secure computing environments.

Those benefits can materialize when integrators consider rewiring the IP network, which would improve security, speed and reliability. Simply put, data housed in IP traffic never needs to leave the data center. What an integrator could do with the Teradici PCoIP system is divide the network into two (or more) segments. The IP network in the data center would be used to connect the host PCs to an internal (to the data center) Gigabit Ethernet backbone, while the RJ-45 port on the Teradici host card would be connected to a separate IP network, which would only be responsible for delivering PCoIP traffic to the TERA Portal. The PCoIP traffic is highly compressed, encrypted and proprietary, preventing anyone from "sniffing" data packets from the subnet located at users' desktops.

The PCs, located back in the data center, will perform faster, thanks to the Gigabit Ethernet connectivity. The security advantages doesn’t end there—by eliminating the PC at a desktop/public location it becomes much more difficult for data to be stolen. Those deploying the TERA Portals should disable the USB ports on the units, which effectively enforces a DLP policy, where no peripherals can be plugged in to copy data. Also, without physical access to the PC, hard drives cannot be stolen (for the data), CDs cannot be burned (for copying data), and devices/software that capture data cannot be installed.

Combining an isolated backbone with a Teradici solution may very well be the best way to deploy DLP in highly sensitive environments, without hampering productivity and still giving users access to high-performance PCs.

Therein lies a big opportunity for solution providers, who can create super-secure solutions that offer both physical and DLP security. Those solution providers can make Teradici part of the puzzle, but also participate in the re-engineering of the IP network, sell the high-performance PCs for the data center, offer the peripherals (keyboard, monitor, mouse), and integrate data center-based security appliances, define security policies and provide the services to make it all work.

Currently, EVGA is selling the Teradici hardware for $399 MSRP, making it somewhat expensive. But if one was to consider the cost of securing the typical desktop for DLP purposes, the price isn’t that excessive. Samsung also sells a 19-inch LCD monitor, which incorporates the TERA Portal hardware, at a street price of under $500.




Frank Ohlhorst Frank J. Ohlhorst is the Executive Technology Editor for eWeek Channel Insider and brings with him over 20 years of experience in the Information Technology field.He began his career as a network administrator and applications program in the private sector for two years before joining a computer consulting firm as a programmer analyst. In 1988 Frank founded a computer consulting company, which specialized in network design, implementation, and support, along with custom accounting applications developed in a variety of programming languages.In 1991, Frank took a position with the United States Department of Energy as a Network Manager for multiple DOE Area Offices with locations at Brookhaven National Laboratory (BNL), Princeton Plasma Physics Laboratory (PPL), Argonne National Laboratory (ANL), FermiLAB and the Ames Area Office (AMESAO). Frank's duties included managing the site networks, associated staff and the inter-network links between the area offices. He also served at the Computer Security Officer (CSO) for multiple DOE sites. Frank joined CMP Technology's Channel group in 1999 as a Technical Editor assigned to the CRN Test Center, within a year, Frank became the Senior Technical Editor, and was responsible for designing product testing methodologies, assigning product reviews, roundups and bakeoffs to the CRN Test Center staff.In 2003, Frank was named Technology Editor of CRN. In that capacity, he ensured that CRN maintained a clearer focus on technology and increased the integration of the Test Center's review content into both CRN's print and web properties. He also contributed to Netseminar's, hosted sessions at CMP's Xchange Channel trade shows and helped to develop new methods of content delivery, Such as CRN-TV.In September of 2004, Frank became the Director of the CRN Test Center and was charged with increasing the Test Center's contributions to CMP's Channel Web online presence and CMP's latest monthly publication, Digital Connect, a magazine geared towards the home integrator. He also continued to contribute to CMP's Netseminar series, Xchange events, industry conferences and CRN-TV.In January of 2007, CMP Launched CRNtech, a monthly publication focused on technology for the channel, with a mailed audience of 70,000 qualified readers. Frank was instrumental in the development and design of CRNTech and was the editorial director of the publication as well as its primary contributor. He also maintained the edit calendar, and hosted quarterly CRNTech Live events.In June 2007, Frank was named Senior Technology Analyst and became responsible for the technical focus and edit calendars of all the Channel Group's publications, including CRN, CRNTech, and VARBusiness, along with the Channel Group's specialized publications Solutions Inc., Government VAR, TechBuilder and various custom publications. Frank joined Ziff Davis Enterprise in September of 2007 and focuses on creating editorial content geared towards the purveyors of Information Technology products and services. Frank writes comparative reviews, channel analysis pieces and participates in many of Ziff Davis Enterprise's tradeshows and webinars. He has received several awards for his writing and editing, including back to back best review of the year awards, and a president's award for CRN-TV. Frank speaks at many industry conferences, is a contributor to several IT Books, holds several records for online hits and has several industry certifications, including Novell's CNE, Microsoft's MCP.Frank can be reached at frank.ohlhorst@ziffdavisenterprise.com

Submit a Comment

Loading Comments...