When looking at a VDI solution, the goal is always the same: simplify the administration and operation of workstations. And avoiding altering the user experience in the process.
This is affected by the way the profiles are managed and whose applications and graphics are provided. But if there is one area in which an important benefit can be brought to the users with the VDI, it is that of the capacities of authentication and logon.
On a typical workstation, the user must identify himself with his username and password, while selecting his domain of membership. It’s not much: the user is used to it. But with VDI, the workstation can be used for me- like scenarios .
For example, a doctor may have to move quickly from one examination room to another, or to an operating room. And preferably without wasting time to authenticate again. With some unique product authentication (SSO, Single Sign-On ), the doctor may use an electronic badge to automatically recover its session.
This may not be great for a system administrator, but this simple feature can dramatically improve the user experience. And the majority of identity management tools can provide SSO for applications. What to make a real difference. Imagine entering a room, placing your badge on a wireless reader and being automatically authenticated for your session and for all your applications … Leroy-Merlin has experienced this successfully .
SSO not only simplifies logins. It also integrates with identification technologies that improve security. Ease of use and safety are particularly important in the public and health sectors. Unsurprisingly, SSO has helped in the adoption of VDI in these markets.
Still, to make certain SSO solutions, such as those of Imprivata and Sentillion, work reliably with its VDI environment, some integration work is needed.
Essentially, it’s about taking screenshots. For example, Imprivata needs a screenshot of the login screen for each workstation application. It is up to the administrator to tell the software where to enter username and password so that the SSO system works correctly.
SSO offers can also add a third authentication factor to the VDI environment when used with other software.
Many are familiar with dual-factor authentication, such as what RSA’s SecurID offers, where the user is equipped with a key ring indicating a security code. When authenticating on his computer, the user must enter this code. In a triple-factor environment, the user needs this temporary code, as well as a badge.
Given the importance of end-user SSO, Citrix and VMware offer their end-user solutions to enhance the appeal of their respective VDI technologies.
This allows Citrix Receiver to store credentials in a central, Active Directory-based SSO database. Users have a simple way to pass their credentials to their applications. But this is not a real SSO: for now, the Citrix method requires users to manage their own passwords, which is not the case with an SSO solution.
VMware has not yet introduced an SSO feature, but it was featured in the 2010 VMworld. Its Horizon suite is moving in this direction, however, with its ambition to provide a central point of access for all types of applications, including virtualized applications and SaaS, among others. The centralization of password storage appears as a natural evolution.