Odin VDI (Parallels VDI, Virtual Desktop Infrastructure)

Odin VDI (before Parallels VDI) is the solution intended for the organization of the high-performance protected jobs which function at server capacities in controlled perimeter of a data processing center (DPC). The solution is certified FSTEC and protection against unauthorized access to information conforms to requirements of the regulating document ". Part 1. Information security software. Classification by the level of absence control of not declared opportunities" on the 4th level of control. Application of Odin VDI allows to reduce costs for the imposed means of protecting at the expense of the implemented internal mechanisms of data protection (access isolation control of integrity backup, registration of events of security), to provide an opportunity for work with the circuits processing information of different categories from one access device, to reduce the cost of service of jobs of employees and to save time on deployment of new points of presence. As access devices for Odin VDI devices are supported on OS Windows and Linux.

2013

IBS and Parallels announced in the spring of 2013 joint development of replicated solution for creation of corporate systems of virtual work places (VDI – Virtual Desktop Infrastructure). It will include already existing platform of container virtualization Parallels Virtuozzo Containers finished under application in similar projects for Windows and the solution Parallels Virtual Automation.

The new component - Parallels Connection Broker which is responsible for management of virtual desktops (creation, setup, etc.) and processing requests of users for receiving desktops will become a part of the solution also. Will invest in joint development of the company in total $1.2 million in equal shares.

The solution for infrastructure of VDI proposed by IBS and Parallels gives the chance to implement infrastructure of virtual work places at least twice quicker, to reduce costs for control of the equipment, to provide higher level of information security and to manage effectively the consumer software and corporate data. Employees will be able to be connected to the virtual work place in a corporate private cloud from any geographical point where there is an Internet connection, and from any device, including smartphones, tablets and mobile computers.

The service providers provided, mainly, by a segment of SMB on which the company is focused remained still main users of solutions of Parallels. IBS is going to advance purposefully a new solution in the Russian corporate sector and a public sector. For a possibility of use in the last upon completion of solution development IBS will carry out its certification according to requirements of FSTEC and FSB.

Parallels, in turn, will advance the solution in international market. The company at the same time emphasizes that service providers will remain for them the main business focus.

The chairman of the board of IBS integrator Sergey Matsotsky told that his company used the solution of Parallels for container virtualization in a number of corporate and state projects earlier, however it was necessary to use for the organization of complex virtual infrastructure of jobs in parallel the solution and other vendors. The monovendor VDI solution, according to him, will allow to reduce an implementation time at least twice in comparison with traditional integration projects and to reduce implementation cost by 40-50%.

Sergey Matsotsky says that the joint solution will compete in corporate projects with products for virtualization of such vendors as Microsoft,VMware and Cirtix in which other principle of a principal component of virtualization - a hypervisor is used. The top manager of IBS claims that on density of virtual work places which can be placed on one physical server their joint solution in Parallels exceeds a hypervisor: "according to tests for VMware it turned out to place about 40 jobs with us, and on Parallels - more than 150 with an identical performance".

The idea of development of the standard solution arose at IBS in 2012 in implementation process of the pilot VDI project in the Moscow tax inspection where the company applied technology of container virtualization, Sergey Matsotsky tells.FTS will probably become the first large project on implementation of the standard solution IBS and Parallels in a public sector as after a pilot project department decided to virtualize jobs in all the divisions across Russia including in total about 120 thousand jobs. According to Matsotsky, FTS already entered use of technology of container virtualization to the IT concept.

The volume of the potential market of the solutions VDI and other technologies for the organization of a corporate virtual working space (Enterprise virtual workspace) in Russia, by estimates of analysts of IBS, will be up to 1.5 million virtual work places by 2015 or $80-120 million in terms of money.

2014

IBS and Samsung held testing of compatibility of peripheral devices with the product Parallels VDI

In the fall of 2014 of the company IBS also Samsung completed testing of thin clients and printer solutions of Samsung for compatibility with the product Parallels VDI. Based on testing the hardware showed the complete operability and compatibility with infrastructure of virtual work places based on Parallels VDI.

"At operation of peripheral devices together with the software for virtualization of jobs there are certain technical difficulties, – Volkov Nikolay, the head of department of own developments of IBS company explains a project task. – All applications of the user in VDI are in fact started not on the user's computer, and in the protected virtual environment in data center of the company to which the user is connected on the protected Internet channel. Respectively, and tasks for printing form not on the computer (the tablet, the smartphone) of the user, and in data center".

Correct data transmission from virtual machines on peripheral devices of the user (printers, scanners) and back – one of tasks which is successfully solved in the product Parallels VDI. The universal driver of printing Parallels intended for this purpose was developed from scratch according to the IBS specifications within Parallels VDI solution development.

Testing of this functionality of Parallels VDI with a line of the periphery of Samsung it was executed by specialists of IBS and Samsung based on Samsung R&D Institute in Moscow. For testing peripheral devices of Samsung were connected on an Ethernet network, Wi-Fi and also directly to thin clients of Samsung on USB. Operation of the printer, scanner and fax was checked. Testing showed full compatibility of technology of container virtualization and the product Parallels VDI with modern multifunction peripheral devices (MFPs) and thin clients.

"Our testing shows that when using Parallels VDI in workplaces of employees, users receive the full-fledged comfortable environment for the work – including in terms of connection of printers, scanners and other devices. At the same time the corporation upon transition to technology of virtual work places purchases essential advantages, such as economy on support of IT infrastructure and the high level of protection of corporate information", – Nikolay Volkov considers.

Also during the joint project with Samsung all line of "thin clients" of Samsung both based on Linux, and based on Windows Embedded was tested on compatibility with Parallels VDI. Testing showed that practically all models of thin clients of Samsung support work as the client device Parallels VDI.

Virtual Desktop Infrastructure is the unique protected solution for virtualization of jobs of users developed in Russia jointly by specialists of IBS and Parallels companies. It allows to develop quickly and economically in large and medium-sized companies infrastructure of virtual work places which provides to users secure access to their corporate applications, resources and documents in any place and from any device. Computing powers and resources locally are not required for users, all system and application programs of the user are stored and executed on virtual machines in corporate data processing centers ("a private cloud") where all data of users are also stored.

Main advantage of the product Parallels VDI is use of technology of container virtualization which provides more economical use of hardware capacities, in comparison with gipervizorny virtualization. To ensure functioning of the same quantity of virtual work places, it is required twice less computing resources and resources of storage systems that, respectively, provides double economy on project cost in comparison with other solutions which are available in the market.

The product Parallels VDI is certified by FSTEC of Russia on lack of not declared opportunities and can be used at creation of IT infrastructure in which processing of data of confidential character, personal data is performed.

Parallels Virtual Desktop Infrastructure supports Microsoft Lync

On December 11, 2014 the IBS company announced testing of the client of the integrated communications of Microsoft Lync in the environment of virtual work places on the Parallels VDI platform.

The program of message exchange Lync is often used in the companies with big staff for communication in real time – using text messages, video and a voice communication. In the VDI environment on the basis of the solution Parallels VDI the client of Lync it is possible to use for communication of employees from the jobs as well as at normal workstations with Windows. The difference is that Lync, as well as other applications of the employee, will be started in a corporate private cloud where containers with Windows images of virtual work places are stored.

For decrease in load of the server and a communication channel of the organization, voice and video conference in corporate network Lync are established in the mode of "direct link" (peer-to-peer). When using in the environment of Parallels VDI virtual work places this mode reduces requirements to capacity of the channel between "a private cloud" and corporate office network. At the same time video and audiotraffic becomes isolated in corporate network, but is not sent to DPC of the organization. For support of direct link software – MS Lync VDI 2013 plugin is used additional.

To confirm compatibility of MS Lync and Lync VDI plugin with the Parallels VDI environment, the IBS company by request of Microsoft held joint testing of two solutions. For testing the client of Lync 2013, the Lync Server 2013 server, client jobs with Windows 8 and Lync VDI plugin were used. In workplaces clients of Parallels VDI are set.

Testing showed working capacity, both the solution in the environment of Parallels VDI, and the mode of direct link for video and audio connections. Video and audio at communication are reproduced without loss and distortions. Traffic of Lync does not load a communication channel of corporate network with DPC - solutions can be shared for creation of a working environment in the large and average organizations. The compatibility of technologies allows painless migration of MS Lync in infrastructure of virtual work places and to continue to use usual programs.

The FSTEC certificate of Russia on the system of virtualization of jobs Parallels VDI is received

On September 17, 2014 the IBS group announced obtaining the FSTEC certificate of Russia on the system of virtualization of jobs Parallels VDI – the protected solution for the Russian market developed jointly by Parallels and IBS companies. The state certificate allows to use the solution for processing of data of confidential character and to apply it in the state information systems.

The product Parallels VDI is intended for virtualization of jobs (VDI) and allows the large and average organizations to build the user working environment, providing on set of technical and utilization properties a prize both in comparison with classical "dekstopny" infrastructure of jobs, and in comparison with use of technologies of virtualization of jobs of alternative vendors.

The FSTEC certificate of Russia No. 3218 certifies that the "software package Parallels VDI 1.0" developed by Parallels company and made by IBS Examination LLC according to specifications of BKMD.50 1100 1.396-01 30 01 is the software tool with the built-in means of protecting from unauthorized access to information which is not containing the data which are the state secret, the access implementing in the environment of control function virtualization, backup, control of integrity and registration of events of security protection against unauthorized access to information conforms to requirements of the regulating document ". Part 1. Information security software. Classification by the level of absence control of not declared opportunities" (State Technical Commission of Russia, 1999) – on the 4th level of control and specifications, at accomplishment of the conditions on operation given in the form.

The product has the built-in mechanisms of security and is certified as a serial product including on the set level of lack of not declared opportunities (NDV). Certification on lack of not declared opportunities is obligatory, including, for use of software in the state organizations, state companies, the companies processing large volumes of personal data at the enterprises of military industrial complex, in the organizations of the power block and others. For carrying out certification the program code of a product was completely opened for the Russian testing laboratory.

The certified product Parallels VDI can be used at creation of IT infrastructure in which processing of data of confidential character, personal data is performed. The access isolation mechanisms which are built in a product based on the politician allow customers to build effectively IT infrastructure with several isolated circuits of security and to use it in the state information systems 1 and 2 of classes of security and also for providing 1, 2 levels of security.

The solution is easily integrated with the subsystems entering standard IT infrastructure of the modern organization such as the centralized Active Directory directory, monitoring system of events of information security, means of multiple-factor identification of users using digital certificates and others. Allows to use the solution as the client platform both classical desktops, and "thin" terminals.

The product is optimized for work with different types of the applied systems (including resource-intensive ERP, ABS, "heavy" CIS, etc.), provides ability to integrate with different classes of peripheral devices (printers, scanners, electronic keys, a flash device, etc.).

As the main applications of a product it is possible to select the following:

• Creation of the homogeneous protected user environment for the organization having averages or a large number of jobs
• Creation of multicircuit IT infrastructure with different security policies
• Ensuring safe work of mobile (removed) users with corporate applications

The product will find the application in the organizations of banking sector, the state organizations, state companies, large business companies, in retail, in insurance business and many others.

2015

The solution Parallels VDI is updated

On April 2, 2015 the IBS group at the scientific and practical Ruskripto2015 conference provided the next version of the solution Parallels VDI.

The product continues a line of joint development for virtualization of jobs on the basis of container technology of the companies Parallels and IBS, expanding the operating functionality of a system.

In this version:

• The operation mode of several parallel VDI sessions in one client workplace (automated workplace) is provided
• Support of operation of several monitors connected to a client automated workplace with display on each of them given to a separate VDI session is provided
• Support offline migration of desktops is provided
• Support third-party crypto - providers for enciphering of traffic between a client automated workplace and the broker of the Parallels VDI connections is provided
• Possibilities of authorization of users by certificates of X.509 are expanded
• Management tools are improved by a VDI system
• Possibilities of monitoring and logging of events in VDI infrastructure, including ability to integrate with the external SIEM systems are expanded
• The system of differentiation of the rights and powers of users and administrators in a VDI system is improved

There was a possibility of use of gipervizorny virtualization of Parallels Cloud Server as basic component for creation of VDI infrastructure. Will enter the next generation of the solution, both full server gipervizorny virtualization, and virtualization of jobs of users.

Romanchenko Dmitry, the director of department of information security of IBS company, considers: "Now in the Russian business market the objective need for mass implementation of the VDI technology providing obvious advantages both over classical desktops, and over widespread terminal solutions ripened. Economic and political a situation create the agenda of mass import substitution of foreign products the Russian cost-efficient solutions. The product Parallels VDI is the only protected certified Russian solution for virtualization of jobs of users at the moment. The used technology of container virtualization provides it noticeable competitive advantages. The product includes the built-in mechanisms of security of information and is certified by FSTEC of Russia on compliance to specifications and on the 4th level of absence control of not declared opportunities (NDV)".

Identifiers Rutoken are compatible to Parallels VDI

On April 29, 2015 the IBS group and Aktiv company within technology partnership confirmed mutual compatibility of electronic identifiers Rutoken with the protected certified solution for creation of infrastructure of virtual work places of Parallels VDI.

The IBS group and Aktiv company checked compatibility of the protected certified product Parallels VDI intended for creation of infrastructure of virtual work places, and hardware identifiers Rutoken when using as client operating systems of Windows and Linux. Results of testing confirmed correctness of functioning and convenience of application of identifiers Rutoken for implementation of strict authentication at gaining access to virtual desktops.

The possibility of use of the electronic identifier Rutoken in a virtual desktop of the user in a configuration when the identifier is connected on client side is confirmed. The implemented technology allows to carry out strict two-factor authentication in infrastructure of virtual desktops, increases security of user data and expands possibilities of use of the electronic signature.

Dmitry Romanchenko, the director of Department of information security of IBS company, noted: "The product Parallels VDI is the only thing the protected solution for virtualization of jobs of users certified in Russia at the moment. Having noticeable competitive advantages regarding the main functionality, it also includes the built-in mechanisms of security of information. The product is certified by FSTEC of Russia on compliance to specifications and on the 4th level of absence control of not declared opportunities (NDV). Sharing of the certified solutions Rutoken and Parallels VDI provides the high level of protection of crucial data".

Kirill Meshcheryakov, the head of department of work with technology partners of Aktiv company, told: "Cooperation with the companies providing solutions for the state market always was for us priority. We are glad to joint work with so strong player of domestic IT market what the IBS company is. Our experience with the state and corporate customers shows that simplicity of integration and service of virtual work places, the provided Parallels VDI, give enormous advantages over traditional solutions".

Parallels VDI is compatible to security terminals of OKB SAPR

On October 6, 2015 the company IBS also OKB SAPR completed testing of compatibility of security terminals MKT-card and the domestic certified solution for deployment of the protected infrastructure of virtual work places of Parallels VDI. Sharing of these two products allows to create the corporate information environment meeting the highest requirements of information security. The complete solution to already well potential customers in the form of the test stand is also ready for deployment in real IT infrastructures.

For check of compatibility of the means of secure access which are built in MKT-card developed by OKB SAPR with Parallels VDI technologies, in August, 2015 specialists of division of IBS Interlab held testing. During testing the security terminals MKT-card, software of Parallels VDI and the client application for Linux OS were used. Tuning of applications for work in the protected MKT-card environment was performed and the operability of all functions of the terminal and the connected peripheral devices is checked.

According to the results of testing the opportunity for work of the client of Parallels VDI on "thin clients" of MKT-card was confirmed. Based on testing MKT-card terminals are included in the list recommended for implementation in the environment of Parallels VDI. During testing a necessary set of the program settings guaranteeing operability of the solution on this "thin client" is developed.

The compatibility of the solutions MKT-card and Parallels VDI will allow to use them for the solution of a complex problem of creation of infrastructure of virtual work places with the highest requirements to security.

"MKT-card microcomputers – the unique domestic development having means of physical protection against distortion of the software that allows to provide the high level of security. These inexpensive terminals were specially developed for work with infrastructure of "cloud" jobs so the complete solution consisting of MKT-card and Parallels VDI will be able effectively to solve problems of customers", – Dmitry Schastny, the deputy CEO of OKB SAPR noted.

"We calculate that the client software of Parallels VDI will be included into a standard delivery package of MKT-card and both solutions will be actively shared. The complex with so high level of security will be especially interesting, certainly, to the state departments and large state companies. We already begin to develop demonstration zones and we start test implementations on the basis of these systems for some of them", – Dmitry Butmalay, the director of department of cloud platforms and network solutions of IBS company twisted.