Utilizing VMware Mirage for Static Endpoint Compliance (Physical PCs, ATMs, POS)
The modern IT landscape has changed dramatically in the past few years. Cybersecurity threats are prevalent in the computing world, and it seems like everyday we are hearing about a new threat or story in which hackers have hit a banking or retail organization, crippling its systems and causing damage to its reputation and customer trust.
We now have the ability to deliver modern, just-in-time desktops, built on the fly, serving a highly-targeted purpose from the data center or cloud. These dynamic desktops are custom assembled for their task with the latest applications, software patches and security updates. But what do you do for static, old-style Windows machines that litter the remotest outcrops of IT? How do you secure 50,000 ATMs connected only by a low-bandwidth wire? How do you manage a sophisticated point of sale (POS) branch infrastructure that’s designed to perform 24/7—regardless of what life throws at it?
The Advantage of Layering Technology
VMware Mirage is a mature image management product with a loyal, worldwide customer base. The product specializes in endpoint image management from a central console. It was one of the first “layering” technologies to ever successfully manage traditional desktops.
The advantage of a layering technology over a traditional, unattended installation system is the short downtime of the system and the reliability of the operations. Mirage creates a layer once, and clones it to endpoints. You no longer need to wonder whether your application or operating system installation finished successfully.
Mirage gives your IT team central management over remote operating systems, no matter how far away they are located or how low their bandwidth is. This system is good at getting your image to you even when your machine is located on an offshore drilling platform in the middle of the ocean (true story)!
IT personnel can easily switch and apply machine base layers containing up-to-date operating systems or drivers, or application layers which contain the applications your users need.
Best of all, your users will be able to continue working with negligible interruptions as Mirage is fast, sleek and unobtrusive—and keeps downtime to a minimum. The required images are quietly downloaded in the background, and a restart is prompted when opted by the IT team. A short restart later, your endpoint is up-to-date with the latest security patches, operating system version or updated application with all the latest swanky features your R&D team has just finished working on. Plus, it’s all centrally managed and monitored. Think about the amount of time and resources saved!
Managing Static Endpoints with Mirage
But think about it, your POS devices, ATMs and kiosk machines can join the party, too—not just your dynamic employee endpoints but also your static machines. Imagine your IT personnel creating an up-to-date, patched image for all these static endpoints in your organization, and managing them from a central location, saving critical downtime of these endpoints and the cost of sending personnel onsite to service or reimage them. (How we hate seeing the dreadful “ATM out of order” message, huh?)
One of the new features we’re playing with in the labs, if productized, will allow an organization to monitor file changes on endpoints to detect abnormal file activity on POS, kiosk or ATM devices, ensuring image compliance. This feature could allow you to detect any abnormal activity or changes on machines, which should usually remain static. The idea is that this would enable you to keep track of any security breaches and prevent data leakage or unexpected behavior for your customers.
Many other file integrity solutions exist on the market today, but combining the powerful image management capabilities of Mirage would allow an organization to not just detect a breach, but to do something about it!
Mirage allows you to go back to any previous state of the static endpoint or enforce corporate mandated images as needed, and in case of a security breach or application and operating system issues, all from a central location. This operation can be easily integrated and automated into a flow, allowing all endpoints to constantly stay compliant and secure.
Mirage 5.9 is expected to be released at the end of Q1 2017. In the meanwhile, find out how simple it can be to manage a remote Windows device. Check Mirage out today.
This article was written by VMware Senior Member of Technical Staff for Mirage R&D Yakov Voloch, with contributions by VMware Technical Staff Member Yan Aksenfeld.