290 likes | 521 Views
Ceedo Client Workspace Virtualization Technology About Ceedo The ‘Ceedo Client’ Concept The “Workspace” Ceedo Enterprise overview and use cases Security overview. Ceedo Client Workspace. Concept and Technology Overview. About Ceedo. We are a privately held company, established in 2005
E N D
Ceedo Client Workspace Virtualization Technology About Ceedo The ‘Ceedo Client’ Concept The “Workspace” Ceedo Enterprise overview and use cases Security overview Ceedo Client Workspace Concept and Technology Overview
About Ceedo • We are a privately held company, established in 2005 • We specialize in developing IT solutions, aimed at the toughest issues confronting modern IT • Our products are based on our proprietary run-time virtualization technology – Workspace Virtualization
Just a Few of Our Customers Our products have been shipped to over 4,000,000 users worldwide (consumer and businesses alike)
The Ceedo Client Managed Workspaces for Productivity and Security Beyond the Organization
A picture is worth a thousand dollars… Zero-install portable computing environment that can run Windows applications in plug-’n’-play mode on any PC, and with central management…
A picture is worth a thousand dollars… Supports any type of portable device including: Encrypted USB Drives
A picture is worth a thousand dollars… Supports any type of portable device including: Two-Factor Authentication Devices 65985
A picture is worth a thousand dollars… Supports any type of portable device including: Locally installed, and more...
The concept is simple – corporate applications Mount Applications on Portable Devices
The concept is simple – corporate “workspace” Mount Applications on Portable Devices “Workspaces” Regular installation into workspace Workspace deployed on portable device
The concept is simple – work on any PC Let users work from anywhere
The concept is simple – manage the “unmanaged PCs” Manage Apps/Workspaces Remotely
Ceedo’s Technological Foundation Workspace Virtualization
The Workspace Concept • Most virtualization technologies focus on separating specific “layers” or components of the stack. Virtualize Applications • Each app is packaged separately • Lots of configuration and packaging overhead • Problems for apps to inter-communicate • Management requires installed agent
The Workspace Concept • Most virtualization technologies focus on separating specific “layers” or components of the stack. Virtualize Applications Virtualize Users But the user “is” this… Settings and customizations Policies
The Workspace Concept • Most virtualization technologies focus on separating specific “layers” or components of the stack. Virtualize Applications Virtualize Users Virtualize Desktops • “Heavy” • Extra Licenses Settings and customizations Policies OS Resources
The Workspace Concept • We focus on converging these layers and treating them as a single “block”… OS Resources
Virtual Workspace Features • Provides the environment with OS-like resources (not VM):apps are installed normally (no special packaging needed) and inter-communicate freely. • Can provide varying degrees of “transparency” to the host (resource access, processes, etc.). • Cross-windows compatibility (Windows 2000 and above). • Does not effect or pollute the host’s OS (including user-installed apps) • Can be fitted for plug-’n’-play mode on USB drives, streamed at file level from the cloud, or installed locally. Self-contained Sandboxed Compatible Unobtrusive Versatile
Ceedo Client family Unmanaged Desktops / USB on a Stick Ceedo Client Workspace Implementations, Features and Benefits
Ceedo Client - Virtual Workspace Implementations Main mission: Dealing with portability, home PCs, and allows for managing applications on unmanaged machines beyond the organization’s boundary. Or as OEM supplement for portable device… Applications Policies Ceedo management tools Ceedo Enterprise Workspaces are deployed to portable devices with central management allowing administrators to manage corporate applications on un-managed PCs. Used as lap-top replacement (PC on a Stick) Or for special needs:Ceedo for CitrixCeedo for AvayaSecure browsing/remote connections… Ceedo Personal Workspaces are embedded on portable devices for consumers as “PC on a Stick”. OEMs, manufacturers and suppliers + Ceedo’s online shop.
What is Ceedo Enterprise? • A centrally managed Workspace that can be mounted on portable devices or installed locally. • Prepared by simply installing apps into the workspace and “freezing” it. • Admin can control host <-> workspace relations • Block access to drives, printers, removable drives, etc. • Prevent from running on PCs without anti-virus. • Prevent specific processes from running. • And more… • User can run withoutadmin rights in a plug-and-play fashion. • Zero footprint +Full sandbox User Data Pre Installed Apps NON-corporate/un-managed PC
What can Ceedo Enterprise be Used for? • Laptop replacement / roaming users / home office enabler • Allow contactors to use corporate applications • Disaster recovery / backup system during critical infrastructure failure • Used for pin-point solutions with specific components • Ceedo for Citrix: Mount Citrix Receiver, a sandboxed browser, VPN-SSL and PKI middleware - on Two-Factor Authentication devices or Encrypted drives. • Ceedo for Call Center: VoIP, messaging, VPN SSL, etc. for call center employees. • Ceedo for Safe Browsing: A sandboxes browser pre-configured with self-certificates and made to run a specific URL, with VPN SSL, fully sandboxed, etc. • And: deploy applications to end-points… Plug-and-Play Centrally Managed Online/Offline Secure
Taking Care of Security Mitigating Risks and Elevating Security
Recommended Security Measures • Use hardware with encryption and active anti-malware scan • Add soft Two Factor Authentication (or deploy on physical 2FA hardware devices) • Whitelist processes that are allowed to run in Ceedo (+MD5 signatures) • Turn-on Ceedo’s antivirus detection and OS patch level. • Use a VPN-SSL solution with strong Access Control benchmark settings • Use an independent browser rather than the virtualized “mapped” IE • Add to the internal browser safe browsing add-ons and configurations • Configure Ceedo Enterprise to block writing to host drives, printers, etc. • Leave the data in the datacenter or use Citrix’s ShareFile / similar solution • Employ 3rd party anti-malware, security applications, soft-biometric apps, etc. • *In 2FA devices - Mount components on read-only partition
Example of Security Flow User plugs in device Encrypted drive password check Encrypted drive runs antivirus scan Drive is decrypted Ceedo checks host antivirus, firewall, network connection, etc. Ceedo checks processes MD5 signature (continuous throughout session) Ceedo enforces host recourse accessibility and Ceedo updates Ceedo sandbox fires-up with independent runtime environment Second antivirus and/or antimalware scan Two Factor Authentication software/middleware VPN SSL (can include second access control check, such as Juniper SSL) External solution’s security (such as Citrix’s own security features)
Workspace Leakage Protection • Device BindingWorkspaces licenses are device-bound and cannot work if copied to unauthorized devices + most cases of copying a workspace will break it. Ceedo
Two Factor Authentication – One Solution: Two Options • Mount pre-configured, ready-to-run, plug-and-play PKI middleware and remote connection solutions on 2FA devices’ flash memory HARDWAREExtend 2FA USB devices with plug-n-play pre-configured Public Key Middleware and remote office applications such as Citrix Receiver, VNC, VPN-SSL tunnels, etc. • Mount pre-configured, ready-to-run, plug-and-play 2FA security SOFTWARE tokensWith software based 2FA solutions, such as RSASecurID Software Token, installed into Ceedo’s Workspace, any portable storage device can turn into a 2FA device. Citrix Receiver VPN SSL Add-on PKI Middleware Configured Browser Data & User Policies USB Flash 2FA Device