By using virtual templates, one of the VDI’s many features, it’s possible to create a work environment with various levels of access based on each category of worker. For example, IT workers don’t have the same access needs as machine operators or process specialists. Access to each virtual environment will be limited to their respective groups.
Updating a virtual template is easy and can be done while employees are still using the current template. Next time users log out or their session times out, they will simply be switched to the newer version of the working environment.
While access to a virtual environment requires an Internet connection, the client device does not need to be powerful to run the software. This is because it will run on the company’s servers rather than on the user’s device.
The virtual desktop can “auto-delete” when a remote session is ended. Viruses or ransomware have no chance of surviving, which makes this deployment model ideal for production networks or those containing sensitive data. VDI virtual desktops can be used as jump servers. A jump server acts as a connection hub to other workstations.
Since users have to connect to the VDI environment first, there is no direct connection between their computer and the production network, which increases cybersecurity. Because of this network architecture, dangerous files often found on local computers will not infect the production network.
The VDI solution can be used in combination with managed file transfer (MTF) technology to transfer files located on the production network or to send updates securely. Files can be scanned by antivirus software during transfer and be blocked if malware is detected.
In addition to the antivirus scan, MFT technology leaves an audit trail of all files transferred in and out of the production network. Therefore, we can check the logs when looking for a particular file transfer or for a file transfer made by a specific user.
VDI technology is compatible with remote access solutions that work by invitation. With this remote access model, the invitations are sent from within the network to the outside world. As a result, intruders cannot easily find their way inside the SCADA/production network due to the presence of closed inbound ports in the firewall.
In addition, technical support teams will only be able to access the network on request. It also means that there is no need to create temporary users when help is needed, which makes the process much easier. For some remote support solutions, sessions can be recorded and managed from within the SCADA network with a Web-based interface. When the help session is over, it is important to ensure that the remote access has been closed. For added safety, a timeout should be set for remote support sessions.
Because the virtual environment can be managed from centralized software, workstations and PCs do not have to be managed individually, which makes it much easier to perform software updates, new deployments and virus control.
When looking for a secure remote access solution for a SCADA/production network, VDI technology is a good choice. It has many security benefits, facilitates management and maintenance, and is fully customizable to meet the requirements of most environments.