As a subsidiary of the NTT-West group, NTT-Neomeit is responsible for constructing, operating, and maintaining Western Japan’s information communication infrastructure (ICT). Founded in 2001, the company provides a diverse range of ICT services to both internal users and external customers and is headquartered in Osaka, Japan.
The company implements cloud-based VDI (Virtual Desktop Infrastructure) solutions internally and to its customers in Western Japan. “Our goal is to strengthen information security, and governance. However, we were confronted with some large problems while advancing this initiative,” explains Katsuya Yoneda, head of NTT-Neomeit’s Virtual Technology Center.
NTT-Neomeit initially selected a traditional security vendor, which resulted in several performance, stability, and security challenges. For example, the traditional solution required agents on each virtual VDI system and this decreased performance during virus scanning and pattern file updates on storage. Additionally, the possibility of a system overload prevented the vendor from completing a full implementation, creating concerns within NTT- Neomeit about the solution’s overall effectiveness.
NTT-Neomeit also experienced challenges with its VDI solution, including complaints of excessive log-in times and failures. “Every morning, failures invariably occurred in a number of virtual PCs. Before the users came in to work, an operator needed to identify the machines which had failed and had to manually reboot them,” says NTT-Neomeit’s Tadamune Nakai.
Security countermeasures presented another challenge. Because NTT-Neomeit’s customers were responsible for implementing and managing the antivirus solution at their sites, VDI administrators could not control the timing of virus scanning and pattern file updates, which affected the infrastructure. The result was a serious impact on user response on storage when these operations occurred simultaneously.
To cope with security countermeasure issues, the company manually created and managed schedules on spreadsheets so that virus scanning and updates did not clash. However, concerns about the workload on the infrastructure meant resource intensive operations such as full scanning over the entire system couldn’t be performed. The inability to perform complete scans led to concerns that the system’s security level could not be constantly maintained.
“Although we were encountering several problems, the support from the vendor was not adequate and we were unable to find a path to a solution,” says Yoshimasa Okimura, chief administrator of NTT-Neomeit’s Virtual technology Center.
NTT-Neomeit embarked on a reconstruction of its VDI solution and a search for a new security solution. The company adopted VMware Horizon View as its new VDI foundation and chose Trend Micro Deep Security Virtual Appliance (DSVA) for its security solution. The company chose this combination because “agentless” security countermeasures do not require agents on each virtual PC. Specifically, operations which place a heavy load on the system, such as virus scanning and pattern file updates, were offloaded to virtual machines with DSVA.
The combination of VMware Horizon View and Trend Micro DSVA reduced the load on storage during pattern file updates. By improving system performance and implementing appropriate security countermeasures, NTT-Neomeit now maintains adequate security. “At that reconstruction, we wanted to aim for an environment which we could ‘control’. Agentless security solutions with DSVA were extremely attractive in terms of realizing this,” says Mr. Okimura.
The new VDI environment, which hosts 6,000 users within the company, solved the security, performance, and stability challenges the company faced. The workload on storage was reduced by the agentless security countermeasures of DSVA. On top of achieving better performance, stability, and security, the solution also optimized storage costs.
“The load on storage has been reduced by 70% and we no longer have the performance decreases and storage sizing and tuning issues which were inherent with the previous vendor’s solution. Logging-in process and application performance are fast and users have been happy, saying that the response is fast now,” says NTT-Neomeit’s Hideaki Maeno.
“The virus scanning that couldn’t be done in the past can now be easily performed and the malware detection rate has further improved as well. We can implement the latest security solution with ease and we can use our system with peace of mind.”
The support from Trend Micro has also been well received. “This was the first time we’ve adopted agentless security. We’ve been able to advance the project smoothly thanks to solid support from Trend Micro from implementation to configuration,” says Mr. Okimura.
The company is also considering utilizing DSVA for a different purpose. “Our company also provides services such as IaaS (Infrastructure as a Service). DSVA provides IPS/IDS functions which implement countermeasures for the vulnerabilities of server environments via virtual patches feature. We would like to actively put these features to use, too,” says Mr. Nakai.
During 2013, NTT-Neomeit plans to provide approximately 30,000 virtual desktop environments for the Western Japan area. “The charm of virtual desktops is that they can be used anywhere, at any time. We would also like to utilize them for the work-style innovation within the group. Moreover, there is also a plan to add virtual desktops as part of our AQStage lineup,” says Mr. Yoneda.