Set Virtual Desktop Idle Timeouts Correctly


One of the major advantages of virtualizing the desktop is security. Organizations are better able to keep data internal as opposed to letting it sit on endpoint devices located anywhere in the world. But security doesn’t stop there. I recently observed an interesting situation that we all need to be aware of to avoid. Imagine this scenario…

A user walks away and doesn’t lock their end point. After 10 minutes their virtual desktop is locked automatically. However, around the 20 minute mark, I walk by, see an unlocked endpoint and start looking around. No data on the endpoint. But I see the user left their browser opened and one of the tabs is connected to Web Interface. And luckier still, the user is still logged into Web Interface. If I select the virtual desktop, I now re-connect to the user’s already active virtual desktop and have complete access to their data.

The goal for most organizations is to prevent unauthorized users from gaining access to a user’s virtual desktop. Many put a timer on inactive desktops so users are required to re-enter their credentials, thus helping to prevent others from gaining access. This works fairly well, but only if you take the setting further, and outside of the virtual desktop.

Many users initiate their connection via Web Interface. Web Interface has its own timeout setting. If you set Web Interface timeout to be 30 minutes and your virtual desktop is 10 minutes, you really aren’t doing anything.

I hope you can see the trouble this might create. This is a pretty easy one to avoid by simply modifying the Web Interface Session timeout setting contained within the Session Settings configuration for the site (and if you can, enable end point lockouts as well).

Daniel – Lead Architect

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s