Vienna is one of the most popular tourist destinations in the world. In 2012 alone, more than 5.6 million people visited the metropolis on the Danube – representing a rise of 7.2 percent from the year before. One of the reasons for Vienna's popularity is that it offers such attractions as Schönbrunn Palace, the Prater amusement park, art and music as well as its famous coffee houses and "Heurige" wine taverns. The success of Vienna as a tourist destination is also largely due to effective marketing by the Vienna Tourist Board.
This non-profit organization, with a staff of 140, collaborates with the municipal government on all tourism-related initiatives, jointly runs an independent accommodation and tourist information service (together with Wien-Hotels & Info), publishes material to promote and provide information about Vienna, represents the city at trade fairs across the world, operates the global Vienna Convention Bureau, and works closely with the tourism industry in the different countries.
In order to manage all these tasks efficiently, the Board's employees need to have the flexibility to work remotely. To make this possible, their IT team must provide them with the support and ability to access essential applications and data from any location. "Virtual desktops were the ideal solution for us," says Reinhard Gustavik, IT Team Manager. "My team and I had several years of experience with server virtualization based on VMware products. Choosing VMware View, now in Version 5.1 seemed the right option."
All the Board's business applications, such as accounting, marketing and HR software, as well as desktop publishing and other specialized applications, run on the 100 licensed virtual desktops.
In addition to implementing desktop virtualization, the IT Manager and his team also needed to re-think the security of the VDI (virtual desktop infrastructure). The challenge was to guarantee complete security of the virtual desktops without placing additional load on the systems. This could not be achieved with a conventional security solution running on each and every terminal device, as this would lead to very high overhead costs and low performance.
The team decided to go with the Trend Micro Deep Security solution. The IT Team Manager emphasizes that "Deep Security was the only security solution we found that is designed to meet the unique challenges of virtualized environments and is perfectly compatible with VMware." The solution uses a dedicated security-optimized virtual machine, which allows it to access each desktop guest VM via VMware vShield Endpoint API without any need for agents. A check is run each time one of the virtual desktops or files is accessed.
The virtual desktops with VMware View have the potential to enable significant savings from the IT administration’s point of view. It is no longer necessary to install, update or configure software on each individual desktop on-site, because all of this is done on the central server. In addition, the agentless approach offers impressive security benefits. A check is run each time the virtual machines (VMs) are accessed, without placing any additional load on resources. "As a result, we need fewer hosts and we can increase the number of VMs per host," explains the IT Team Manager. "We simply couldn't have done this with a conventional solution." Too many hosts would have been needed for the number of desktops, which would have cancelled out the benefits of desktop virtualization, such as, centralization, improved resource utilization, and ease of maintenance.
According to the IT Manager, another benefit of agentless capabilities, and one that should not be underestimated, it is the backing up of images. The virtual machines are smaller because they do not all need to store and reload signatures. Additionally there are fewer differences between the base images and the runtime images. As a result, less data has to be stored, and a significant amount of storage space can be saved.
Reinhard Gustavik explains that "we had a first-hand opportunity to experience the practical differences between working with agentless security and using an agent-based approach. We could clearly see how memory consumption began to increase as soon as agents were used." Another consideration was deduplication in storage because of differences such as signature updates. These cannot be deduplicated and therefore increase the storage volume. "This really highlighted to us the benefits of an agentless approach," says the IT expert.
The IT Manager's plans for the coming year underline his satisfaction with the Trend Micro security solution. He intends to switch to Deep Security for the notebooks as well to secure their endpoints. His goal is to simplify administration and relieve his staff of the tasks of performing updates, installing patches and updating virus signatures. In this context, the IT team are also considering using other functions of Deep Security, such as Virtual Shielding. This involves virtual patching, which provides protection against zero- day attacks and eliminates the need for emergency patching on virtual desktops.
One year after implementation of VMware View and Deep Security, Reinhard Gustavik can look back and take stock: "We decided, very early on, that we wanted an agentless approach to security and, thanks to our collaboration with VMware and Trend Micro, it has been a successful journey."