Champion Desktop Cloud

Free 7-Day Trial

You can experience the Champion Desktop Cloud with a 7-day free trial.

free-7-day-trial

Upcoming Cloud Events

Cloud

Register today for one of our upcoming Cloud seminars or webcasts!

Learn more

Architecture & Security

Champion is committed to the protection, security and privacy of all Customer Information that is collected and managed through the use of the Champion Desktop Cloud offering. The following infomration outlines the definitions, concepts and controls that Champion employs to ensure the highest levels of confidentiality, integrity and availability of this service.

Business Interruption and Disaster Recovery Capabilities
Champion will maintain an appropriate Business Continuity, Information Technology Disaster Recovery, and Crisis or Emergency Management program that will enable Champion to adequately respond to, and recover from business process interruptions in a manner and timeframe that will provide for the survival of the enterprise and the delivery of critical service to customers and members in support of established recovery time objectives. Champion will notify Customer within twenty-four (24) hours of an activation of any plan in response to an event that is likely to have a significant impact on service levels.

The Champion Desktop Cloud Security Architecture Overview
Our security architecture is based on several principles:

  • Separation of networks: Backbone network, service provider VLAN, and tenet VLANs are all separate, non-bridgeable networks.
  • Separation of resources: Tenant hypervisors and image storage are maintained as separate resources.
  • Secure communication: The Champion Desktop Cloud platform uses authenticated connections for communication between software modules on different management nodes.
  • Secure access: HTTPS is used by default to connect to the Champion Desktop Cloud portal web applications (User Portal, Enterprise Center, Service Center).
  • Minimal node functionality: The only services enabled on management node templates are those needed for the Champion Desktop Cloud platform. Data center security implementations can block unnecessary ports.

Core Security Infrastructure
The core infrastructure of the Champion Desktop Cloud consists of virtual servers (management nodes), application software, databases, and storage (for both virtual desktop images and for database persistence).

a) Management Node Security
Management nodes (and database servers) are on the backbone network. Some management nodes are also on the service provider IPv4 network. In addition, tenant Fabric and Element Manager nodes are on the tenant VLAN.

Management nodes run 64-bit Ubuntu 9.04 operating system with all non-essential services removed or disabled (for example: telnet, FTP).

All management nodes (with the exception of Fabric cache nodes) are multi-homed (network adapters on backbone network and tenant- or service-provider-VLAN), but they are not configured as routers, so they cannot bridge traffic from one network to another. Fabric cache nodes communicate only on the backbone network.

Service provider administrators can access management nodes only from the transit server via SSH using a public/private keypair.

Each management node has root and user passwords, but PasswordAuthentication is set to no in /etc/ssh/sshd_config, limiting password-based login to console-only in case of emergency.

b) Hypervisor Security
- Each desktop host (hypervisor) hosts desktops from a single tenant only
- Management hosts (hypervisors) host management nodes from service providers and multiple tenants
- VLAN tagging at the switch port level on the router (802.1Q standart) provides isolation between different tenant VLANs as well as the service provider IPv4 VLAN.

c) Network Security
Tenant nodes are on tenant-private VLAN and backbone networks only. The system maintains separation of tenant VLANs through VLAN tagging at the switch port level on the router (802.1Q standard). The management nodes are not configured as routers, so they cannot bridge traffic between tenant VLANs.

Transit server is single point of access to SP management nodes and tenant management nodes.

d) Web Application Security

  • SSL (HTTPS) username/password/domain required for access to User Portal and Enterprise Center. Tenant-provided AD server required for each tenant domain.
  • SSL (HTTPS) access to Service Center, authenticated by service provider AD server
  • Inactivity timeout fo all portal access (default in 10 minutes)
  • Authenticated connections between management nodes
  • Protocol between protal and AD can be configured as either LDAP and LDAPS (default is LDAPS) when the Windows domain is configured. LDAPS recommended to encrypt passwords on the network.
  • Roles and permissions for Enterprise Center and Service Center provide fine-grained (and configurable) control over access to system data and controls.

e) Database Security
Database servers (for Fabric and Element databases) are on the backbone network and the service-provider IPv4 network only. The Resource Manager database resides on the same node as the Resource Manager itself, which is on the backbone network and the service-provider IPv4 network. Database servers do not communicate on any tenant VLANs.

Access to the Fabric and Element databases requires authentication. The username and password are configurable at installation time.

Access to the Resource Manager database requires authentication. The username and password are not changeable at install time, but they can be changed.

Any password information stored in databases is stored in encrypted form.

f) Storage Security
The Champion Desktop Cloud architecture uses separate NFS shares for different tenants and access to storage systems is encrypted.

Storage systems are accessed via the service provider IPv4 network only. The storage systems are not present on any tenant VLANs.

No service-provider access to enterprise image: Service provider stores virtual desktop images, but not user data. Enterprises still control access to desktops and manage user data (e.g., My Documents).

g) Remote Access Module Security
The Champion Remote Access Module (dtRAM) provides remote access (from outside a tenant's VLAN) to a tenant's virtual desktops. The two phases of remote access that must be considered with regard to security are establishing the session using the dtRAM, and the operation of the session itself:

Initial contact with dtRAM is from an Element Manager on a specified port range (an authenticated web service call).

The dtRAM connection to a virtual desktop is open for 30 seconds (configurable), but only for the original user that requested the session (the DaaS agent will reject connection attempts from any other user). That end-user must be authenticated using the tenant's AD via the fabric prior to any communication with the dtRAM.

6. Virtual Desktop Security
Virtual desktop security consists of two parts: the security policies that relate to the desktop image itself, and the security of the remote desktop session:

a) Desktop Image Security
Virtual desktop security policies, software updates, virus scanning, and other desktop security measures are the responsibility of enterprise desktop administrators, similar to the way they would manage a collection of physical desktops.

b) Remote Desktop Session Security
Virtual desktop session security depends on the remoting protocol in use (RDP, ICA, RGS, VNC):
- RDP: Use RDP 6 or higher for encrypted sessions to avert man-in-the-middle attacks on virtual desktop sessions.
- ICA: Encrypted sessions by default
- RGS: Encrypted sessions by default
- VNC: Not encrypted by default