The Department of Defense (DoD) mandate the Windows 10 Safe Host Baseline (SHB) rapidly approaching, many organizations try to adopt, find out how to meet the deadline.
And the mandate is not as easy as all desktops to Windows Update 10 DISA Windows 10 STIG administrators require to enable motherboard Trusted Platform Module (TPM) in the order the storage of user data Credential protection to provide a more secure way available.
This can cause additional capital costs within an organization when existing hardware can not meet credential protection requirements. Citrix and its partners can an organization before the 2017 deadline also meet in January of this mandate without causing them additional capital expenditure.
are What credential protection and TPM?
Credential Guard is to protect a new method for user credentials, the virtualization in Windows uses the credentials from the operating system to isolate. This process further helps secure credentials from malware and other software with malicious intent.
Credential Guard has tough requirements, such UEFI firmware versions, Secure boot support, CPU virtualization extensions and 64-bit Windows Enterprise. Credential Guard also has a soft requirement for TPM 1.2 or 2.0, which means a TPM preferred, but not necessary to be working for credential protection. Detailed information about Credential Guard can be found here.
The Trusted Platform Module (TPM) is a hardware module is installed on the motherboard of a computer that can be used to securely store, among other things, such as keys and hashes. A hardware module provides a more secure method for these elements to be stored as software.
typically carry machines with TPM support Intel vPro logo. Credential Guard can use the TPM to store user information in this hardware security module itself. However, the TPM is not really a hard requirement for credential protection because they can store the credentials, less certain in the software. More details about the TPM can be found here.
What does meet the in terms of the Windows 10 SHB?
Each physical domain connected computer running Windows 10 must meet the stringent requirements for credential protection and must meet the requirement of a soft TPM. Why, you ask? The DISA STIG for Windows 10 requires that domain joined machines have activated the TPM.
But why did I realize that connected "physical" domain machine to must have a TPM and not all domain joined machine? On the same DISA STIG excludes virtual desktops that are reset when the user logs off. In the desktop virtualization industry, this is commonly referred to as non-persistent virtual machines since started any changes to the machine again once be left.
How Citrix help?
Citrix XenDesktop includes two types of single-image management technologies, Machine Creation Services (MCS) and Provisioning Services (PVS). both MCS and PVS, an administrator creates a single image for a group of desktops to maintain instead of each virtual machine. This allows the administrator to have to patch only to the image and to maintain, even if it may be the use of thousands of desktops.
Every time a machine on the central image is based reboot it to a known good state returns, exemption it. From the TPM requirement With PVS, Image Deployment and Rollback can be as fast as the virtual desktops restart, use the central image. PVS can for high-end, expensive storage drastically reduce the need. Further details on the storage savings can be found here.
How Citrix partners help?
can fail many of the machines at users desks all requirements today applied to meet credential protection. probably this it will not meet the UEFI firmware version and the absence of a TPM. Some machines may be so old, they do not have UEFI not missing or even the possibility of 64-bit Windows Enterprise run.
Citrix partners such as individual health and ThinLinX, have software that can repurpose the workstation that a full version of Windows, with a stripped down version of Linux Citrix Receiver is currently running the. the repurposed Workstation now acts as a thin client to connect to remote applications and desktop to run.
now, these machines are not running Windows, they do not need the Windows 10 SHB comply. Another advantage is that these scaled-firmware images usually require much less patching, management loosening and operating costs. This Linux-based firmware images for Business / Lync Optimization Pack, Cisco VXME client for Jabber, hardware decoding of Citrix HDX protocol and Insight monitoring Citrix HDX features such as Skype support. They also have management utilities to centrally configure and update firmware over the network.
Is it really that simple?
I wish I could give a resounding "yes", but an elephant in the room with us. an organization still has to build the central images and some applications in Windows 10. Now Citrix has that something is working seamlessly. Our new AppDisk function layering applications on a PVS or MCS-image of Windows 10 and AppDNA a customer can easily help enable, determine the best way to migrate an application. More information can be found here and here.
What's the bottom line?
meeting with the secure host baseline for Windows 10 is an intimidating target. update The need hardware, the credential protection can meet requirements add an unexpected capital expenditure in an organization, money is diverted from other projects. Using Citrix and its partners allows an organization to a virtualized environment to move, uses centrally managed images, and eliminate the need to fulfill the jobs to user desktops have Windows 10 SHB.
These workstations can be used with a stripped firmware image, still strong extend hardware life and allow funds set aside for the PC are used Lifecycle Refresh on other projects. to learn more, contact your Citrix sales engineer.
0 Komentar