Secure Cloning: VMware Advances the State of the Art in Secure VDI Infrastructure


The need for security in the workplace has changed. Remote work is the new normal and the result is drastic changes to an organization’s entire attack surface area.

Cybercriminals are taking advantage of this new reality by targeting the very means by which employees connect to corporate resources from their homes. Attackers are increasing their use of social engineering and phishing campaigns, denial-of-service attacks, and the exploitation of vulnerabilities in home routers.

VMware Workspace Security VDI (WSS VDI) offers clear advantages over the combination of VDI and legacy antivirus. It combines VMware Horizon, our industry-leading Virtual Desktop Infrastructure (VDI), with the Carbon Black Cloud, our industry-leading endpoint security solution. This integrated solution secures both persistent and non-persistent VDI environments with a simplified deployment process, granular policy association, and faster login time. It is the only secure VDI solution that has been built, tested, and supported by a single vendor. No other vendor has undertaken the level of interoperability testing between their next-gen endpoint security and virtual desktops that VMware employed in developing WSS VDI.

Operational simplicity
With the September Horizon release (Horizon 7.13), VMware has created an integrated deployment experience that requires no administrator interaction beyond setting up your golden image. No other security solution has this level of integration with Horizon VDI. When you use the VMware golden image optimizer to set up your golden image according to your usual procedures and policies, all you have to do is enable Carbon Black with the agentless integration available in VMtools, and WSS VDI takes care of the rest. There is no need for additional registration or clone-specific settings. You can be confident that clones will show up, on time, with the right settings enabled to provide a secure VDI environment.

Introducing Secure Cloning
With the VMware Carbon Black Cloud, policies are inherited directly from the golden image, regardless of where you’re deploying your VDI infrastructure. The accompanying detection methods based on the software installed in the golden image are also available. Cached analytics remove the need for CPU-intensive background scans for each clone. On the policy front, even after the VDI pool is configured, the CBC policy administrator (using the Carbon Black Cloud console) can easily update and push down new policies as needed, implementing new preventions and exceptions that apply to the entire pool.

Faster login times
Historically, security tools on VDI have required a complicated re-registration process to properly identify a “new device” from a parent image. You don’t have to worry about that with WSS VDI. Horizon knows when the Carbon Black Cloud functionality is present and completes the re-registration task as part of the pool creation process—which results in login times that are more than twice as fast as legacy AV installations, as well as mitigating the CPU spike associated with that re-registration.

VDI can be a critical ingredient for protecting remote workers. A VDI solution combined with these security controls can offer an incredibly secure solution for any workforce. But speed and automation are paramount. VMware has created an integrated solution that redefines the ‘state of the art’ for securing VDI.

We’re pleased to announce these improvements and others as part of our Secure VDI initiative. Additional detail is available in our install guide, as well as best practices and tips for policy creation for both floating and dedicated use cases. Although the enhanced functionality is only available with VMware WSS VDI, the Carbon Black Cloud can support a range of VDI solutions, and Horizon VDI can support a range of legacy security solutions. But this integrated solution is fundamentally unique in the Industry and raises the bar on secure VDI.


Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments
Would love your thoughts, please comment.x