Ceedo Client Workspace
description
Transcript of Ceedo Client Workspace
© 2012 All rights reserved to Ceedo.Flexible Desktops. Dynamic Workplace.
Ceedo Client WorkspaceConcept and Technology Overview
Ceedo Client Workspace Virtualization Technology
• About Ceedo
• The ‘Ceedo Client’ Concept
• The “Workspace”
• Ceedo Enterprise overview and use cases
• Security overview
© 2012 All rights reserved to Ceedo.
Flexible Desktops. Dynamic Workplace.
About Ceedo
We are a privately held company, established
in 2005
We specialize in developing IT solutions,
aimed at the toughest issues confronting
modern IT
Our products are based on our proprietary
run-time virtualization technology –
Workspace Virtualization
© 2012 All rights reserved to Ceedo.
Flexible Desktops. Dynamic Workplace.
Just a Few of Our Customers
Our products have been shipped to over 4,000,000 users worldwide(consumer and businesses alike)
© 2012 All rights reserved to Ceedo.
The Ceedo ClientManaged Workspaces forProductivity and Security Beyond the Organization
© 2012 All rights reserved to Ceedo.
Flexible Desktops. Dynamic Workplace.
A picture is worth a thousand dollars…Zero-install portable computing environment that can run Windows applications in plug-’n’-play mode on any PC, and with central management…
© 2012 All rights reserved to Ceedo.
Flexible Desktops. Dynamic Workplace.
A picture is worth a thousand dollars…Supports any type of portable device including:Encrypted USB Drives
© 2012 All rights reserved to Ceedo.
Flexible Desktops. Dynamic Workplace.
65985
A picture is worth a thousand dollars…Supports any type of portable device including:Two-Factor Authentication Devices
© 2012 All rights reserved to Ceedo.
Flexible Desktops. Dynamic Workplace.
A picture is worth a thousand dollars…Supports any type of portable device including:Locally installed, and more...
© 2012 All rights reserved to Ceedo.
Flexible Desktops. Dynamic Workplace.
The concept is simple – corporate applications
Mount Applicationson Portable Devices
© 2012 All rights reserved to Ceedo.
Flexible Desktops. Dynamic Workplace.
The concept is simple – corporate “workspace”
Mount Applicationson Portable Devices“Workspaces”
Regular installationinto workspace
Workspace deployedon portable device
© 2012 All rights reserved to Ceedo.
Flexible Desktops. Dynamic Workplace.
The concept is simple – work on any PC
Let users work from anywhere
© 2012 All rights reserved to Ceedo.
Flexible Desktops. Dynamic Workplace.
The concept is simple – manage the “unmanaged PCs”
Manage Apps/Workspaces Remotely
© 2012 All rights reserved to Ceedo.
Ceedo’s Technological FoundationWorkspace Virtualization
© 2012 All rights reserved to Ceedo.
Flexible Desktops. Dynamic Workplace.
Most virtualization technologies focus on separating specific “layers” or components of the stack.
The Workspace Concept
Virtualize Applications• Each app is packaged separately• Lots of configuration and packaging overhead• Problems for apps to inter-communicate• Management requires installed agent
© 2012 All rights reserved to Ceedo.
Flexible Desktops. Dynamic Workplace.
Most virtualization technologies focus on separating specific “layers” or components of the stack.
The Workspace Concept
Policies
Settings and customizations
Virtualize Applications Virtualize Users
But the user “is”this…
© 2012 All rights reserved to Ceedo.
Flexible Desktops. Dynamic Workplace.
OS Resources
Most virtualization technologies focus on separating specific “layers” or components of the stack.
The Workspace Concept
Policies
Settings and customizations
Virtualize DesktopsVirtualize Applications Virtualize Users• “Heavy”• Extra Licenses
© 2012 All rights reserved to Ceedo.
Flexible Desktops. Dynamic Workplace.
OS Resources
We focus on converging these layers and treating them as a single “block”…
The Workspace Concept
© 2012 All rights reserved to Ceedo.
Flexible Desktops. Dynamic Workplace.
Provides the environment with OS-like resources (not VM):apps are installed normally (no special packaging needed) and inter-communicate freely.
Can provide varying degrees of “transparency” to the host (resource access, processes, etc.).
Cross-windows compatibility (Windows 2000 and above).
Does not effect or pollute the host’s OS (including user-installed apps)
Can be fitted for plug-’n’-play mode on USB drives, streamed at file level from the cloud, or installed locally.
Virtual Workspace Features
Self-contained
Sandboxed
Compatible
Unobtrusive
Versatile
© 2012 All rights reserved to Ceedo.
Ceedo Client WorkspaceImplementations, Features and Benefits
Ceedo Client familyUnmanaged Desktops / USB on a Stick
© 2012 All rights reserved to Ceedo.
Flexible Desktops. Dynamic Workplace.
Ceedo Enterprise
Workspaces are deployed to portable devices with central management allowing administrators to manage corporate applications on un-managed PCs.
Used as lap-top replacement (PC on a Stick)Or for special needs:Ceedo for CitrixCeedo for AvayaSecure browsing/remote connections…
Ceedo Personal
Workspaces are embedded on portable devices for consumers as “PC on a Stick”.
OEMs, manufacturers and suppliers + Ceedo’s online shop.
Ceedo Client - Virtual Workspace ImplementationsApplications
Policies
Ceedo management tools
Main mission:Dealing with portability, home PCs, and allows for managing applications on unmanaged machines beyond the organization’s boundary.
Or as OEM supplement for portable device…
© 2012 All rights reserved to Ceedo.
Flexible Desktops. Dynamic Workplace.
NON-corporate/un-managed PC
Pre Installed Apps
User Data
What is Ceedo Enterprise?
A centrally managed Workspace that can be mounted on portable devices or installed locally.
Prepared by simply installing apps into the workspace and “freezing” it.
Admin can control host <-> workspace relations• Block access to drives, printers, removable drives, etc.• Prevent from running on PCs without anti-virus.• Prevent specific processes from running.• And more…
User can run withoutadmin rights in a plug-and-play fashion.
Zero footprint +Full sandbox
© 2012 All rights reserved to Ceedo.
Flexible Desktops. Dynamic Workplace.
Laptop replacement / roaming users / home office enabler
Allow contactors to use corporate applications
Disaster recovery / backup system during critical infrastructure failure
Used for pin-point solutions with specific components• Ceedo for Citrix: Mount Citrix Receiver, a sandboxed browser, VPN-SSL and PKI
middleware - on Two-Factor Authentication devices or Encrypted drives.• Ceedo for Call Center: VoIP, messaging, VPN SSL, etc. for call center employees.• Ceedo for Safe Browsing: A sandboxes browser pre-configured with self-certificates
and made to run a specific URL, with VPN SSL, fully sandboxed, etc.• And: deploy applications to end-points…
What can Ceedo Enterprise be Used for?
Plug-and-Play Centrally Managed Online/Offline Secure
© 2012 All rights reserved to Ceedo.
Taking Care of SecurityMitigating Risks and Elevating Security
© 2012 All rights reserved to Ceedo.
Flexible Desktops. Dynamic Workplace.
Recommended Security Measures
Use hardware with encryption and active anti-malware scan
Add soft Two Factor Authentication (or deploy on physical 2FA hardware devices)
Whitelist processes that are allowed to run in Ceedo (+MD5 signatures)
Turn-on Ceedo’s antivirus detection and OS patch level.
Use a VPN-SSL solution with strong Access Control benchmark settings
Use an independent browser rather than the virtualized “mapped” IE
Add to the internal browser safe browsing add-ons and configurations
Configure Ceedo Enterprise to block writing to host drives, printers, etc.
Leave the data in the datacenter or use Citrix’s ShareFile / similar solution
Employ 3rd party anti-malware, security applications, soft-biometric apps, etc.
• * In 2FA devices - Mount components on read-only partition
© 2012 All rights reserved to Ceedo.
Flexible Desktops. Dynamic Workplace.
Example of Security FlowUser plugs in device
Encrypted drive password check
Encrypted drive runs antivirus scan
Drive is decrypted
Ceedo checks host antivirus, firewall, network connection, etc.
Ceedo checks processes MD5 signature (continuous throughout session)
Ceedo enforces host recourse accessibility and Ceedo updates
Ceedo sandbox fires-up with independent runtime environment
Second antivirus and/or antimalware scan
Two Factor Authentication software/middleware
VPN SSL (can include second access control check, such as Juniper SSL)
External solution’s security (such as Citrix’s own security features)
© 2012 All rights reserved to Ceedo.
Flexible Desktops. Dynamic Workplace.
Workspace Leakage Protection
Device BindingWorkspaces licenses are device-bound and cannot work if copied to unauthorized devices + most cases of copying a workspace will break it.
Ceedo
© 2012 All rights reserved to Ceedo.
Flexible Desktops. Dynamic Workplace.
Two Factor Authentication – One Solution: Two Options
Mount pre-configured, ready-to-run, plug-and-play PKI middleware and remote connection solutions on 2FA devices’ flash memory HARDWAREExtend 2FA USB devices with plug-n-play pre-configured Public Key Middleware and remote office applications such as Citrix Receiver, VNC, VPN-SSL tunnels, etc.
Mount pre-configured, ready-to-run, plug-and-play 2FA security SOFTWARE tokensWith software based 2FA solutions, such as RSA SecurID Software Token, installed into Ceedo’s Workspace, any portable storage device can turn into a 2FA device.
USB Flash
CitrixReceiver
PKIMiddleware
ConfiguredBrowser
VPN SSLAdd-on
Data & UserPolicies
2FADevice