Secure Remote Access to Production Networks: The Advantages of VDI Technology
6 May, 2020 | Blog
Production networks are very complex infrastructures. Since maintaining these networks requires expertise from multiple groups of specialists, external resources are often required. In addition, due to various constraints, in-house specialists aren’t always available on site. So, remote access to the business and production networks is a must.
However, remote access to sensitive networks like supervisory control and data acquisition (SCADA) systems or production networks should not be taken lightly. Any misuse of this access could affect production, cause major financial loss, or even put employees at risk. Therefore, securing these networks must be a priority, and remote access must be simple to control and easy to use.
The virtual desktop infrastructure (VDI) solution meets these criteria. There are many ways to deploy a VDI solution to give employees access to business and production/SCADA networks. Remote access needs are different for every company and the VDI solution can be customized to any network environment.
This blog post presents some of the advantages of the VDI solution.
By using virtual templates, one of the VDI’s many features, it’s possible to create a work environment with various levels of access based on each category of worker. For example, IT workers don’t have the same access needs as machine operators or process specialists. Access to each virtual environment will be limited to their respective groups.
Updating a virtual template is easy and can be done while employees are still using the current template. Next time users log out or their session times out, they will simply be switched to the newer version of the working environment.
While access to a virtual environment requires an Internet connection, the client device does not need to be powerful to run the software. This is because it will run on the company’s servers rather than on the user’s device.
The virtual desktop can “auto-delete” when a remote session is ended. Viruses or ransomware have no chance of surviving, which makes this deployment model ideal for production networks or those containing sensitive data. VDI virtual desktops can be used as jump servers. A jump server acts as a connection hub to other workstations.
Since users have to connect to the VDI environment first, there is no direct connection between their computer and the production network, which increases cybersecurity. Because of this network architecture, dangerous files often found on local computers will not infect the production network.
The VDI solution can be used in combination with managed file transfer (MTF) technology to transfer files located on the production network or to send updates securely. Files can be scanned by antivirus software during transfer and be blocked if malware is detected.
In addition to the antivirus scan, MFT technology leaves an audit trail of all files transferred in and out of the production network. Therefore, we can check the logs when looking for a particular file transfer or for a file transfer made by a specific user.
VDI technology is compatible with remote access solutions that work by invitation. With this remote access model, the invitations are sent from within the network to the outside world. As a result, intruders cannot easily find their way inside the SCADA/production network due to the presence of closed inbound ports in the firewall.
In addition, technical support teams will only be able to access the network on request. It also means that there is no need to create temporary users when help is needed, which makes the process much easier. For some remote support solutions, sessions can be recorded and managed from within the SCADA network with a Web-based interface. When the help session is over, it is important to ensure that the remote access has been closed. For added safety, a timeout should be set for remote support sessions.
Because the virtual environment can be managed from centralized software, workstations and PCs do not have to be managed individually, which makes it much easier to perform software updates, new deployments and virus control.
When looking for a secure remote access solution for a SCADA/production network, VDI technology is a good choice. It has many security benefits, facilitates management and maintenance, and is fully customizable to meet the requirements of most environments.
This content is for general information purposes only. All rights reserved ©BBA