DOCSLIB.ORG

Forcepoint Trusted Thin Client

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Forcepoint Trusted Thin Client Datasheet Cross Domain Security Trusted Thin Client Secure enterprise information access to multiple domains from a single device Key Benefits Enabling secure access to sensitive data, applications, and networks › Assessed and Authorized by Government agencies know better than most how pervasive and costly (in lives, authorities according to NIST trust and money) cyberattacks and breaches can be. One basic method of defense guidelines in the US and Five- is to ensure complete compartmentalization and data separation through physically Eyes nations separate network architectures. This security best practice is commonly referred to as › Supports DoD and IC VDI initiatives “network segmentation.” such as DoD Joint Information Environment (JIE): Mission While network segmentation does not ensure that hackers “stay out” it keeps them Partner Environment (MPE) in one place should they breach the perimeter. Damage is therefore contained and › Commercial-Off-The-Shelf only one domino can possibly “fall,” not five, ten or 20,000. This is the essence of (COTS) solution successful cyber risk management and resiliency.” › Simultaneous access to As agencies have discovered, working in this secure-by-design environment has also multiple networks/clouds from a single endpoint led to high costs (hardware, power, and administration) and usability and endpoint security burdens by requiring one computer per network for each user. › Significant ROI through lower ownership costs (infrastructure, This is no longer the case. Due to the increased adoption of virtualization to move office space, power consumption and administration) desktop, application and data resources back into the datacenter and increase operating system security and physical separation can be maintained while › Maximized security, usability permitting secure simultaneous access to allowed networks from a secure endpoint and adaptability device. Forcepoint Trusted Thin Client, delivers the most robust combination of › Flexible implementation security, flexibility, usability and reduced total cost of ownership available to enable options to meet the needs secure access to multiple sensitive networks. of your organization › Streamlined administration Forcepoint Trusted Thin Client through robust enterprise Forcepoint Trusted Thin Client is comprised of two components, a Distribution management capabilities Console and client software. The Distribution Console is the solution’s server › Redisplay technology integration component and provides the physical connection to one or more single-level with industry standards such virtualized networks, maintaining separation between each. as Citrix › Supports the use of Personal The Distribution Console leverages the Common Criteria evaluated (EAL4+) Red Identity Certificate (PIV), Common Hat Enterprise Linux operating system with Security-Enhanced Linux (SELinux) Access Card (CAC), SAC and to provide stringent security controls and maintain the necessary network/data SIPRtoken smartcards for separation. The client software communicates directly with the Distribution Console identity management and access and provides secure, simultaneous access to permitted networks, applications authorization to back end Microsoft and data. While providing connectivity to multiple security domains through Windows servers common virtualization and desktop and application redisplay technologies (e.g., › Supports Suite B cryptographic Citrix, Microsoft, VMware), each network has a separate physical network interface algorithms for all encrypted connection on the Distribution Console that is assigned the classification level of communications on the the domain. client network forcepoint.com Forcepoint Trusted Thin Client Architecture NETWORK A FORCEPOINT DATA TRUSTED THIN CLIENT STORAGE SERVERS FORCEPOINT TRUSTED THIN CLIENT Virtual Access Implementation NETWORK B DATA STORAGE SERVERS FORCEPOINT TRUSTED THIN CLIENT NETWORK Distribution Console C DATA STORAGE SERVERS TRUSTED THIN CLIENT Remote Access Implementation Security protections prevent data from being transferred Restricted, high-risk installation environments between classification levels. The Distribution Console rejects Environments that provide connection to high-risk networks, all communications from unauthorized systems, reducing risk such as unclassified networks or the open Internet, are required exposure to the enterprise. to operate in a restricted manner. To enforce this requirement, Forcepoint Trusted Thin Client installation is modular based Built for the enterprise on your environment. Restricted, high-risk environments are Designed and built to meet the needs of any enterprise installed with some features removed. (Table 1). deployment, Forcepoint Trusted Thin Client is the most secure yet flexible access solution available today, providing robust Central administration, monitoring and auditing centralized management for multiple form factors, globally The Distribution Console is the solution’s administration dispersed sites and thousands of users. Administrators are and monitoring hub from which all Distribution Consoles, equipped with centralized administration and monitoring, endpoints and users are administered through the scalability to easily add networks and clients, and the flexibility Management Console application. It is recommended that all to enable access to users in offices, in-theater, and in the field deployments utilize multiple Distribution Consoles to address from virtually any device. server outages, scheduled maintenance and unexpected hardware failures. 2 FEATURE SABI AVAILABILITY TSABI AVAILABILITY Forcepoint’s multi-network access technology: Trusted Thin Client, is currently in operation across a multitude of USB Peripheral federal agencies including the DOD, DOJ, and IC with over Redirection (thumb 160,000 access devices deployed around the globe. It has drive, optical reader/ proven deployments of over 60 classification levels and the writer, printer, scanner) ability to easily add more classification levels and endpoints at anytime. All IT resources, including endpoint updates are easily managed through a central management console. Video Playback through *Video playback is Multimedia Redirection available through (optimized) and Media Windows VDI sessions Player application HDX RealTime *Skype for Business Optimization Pack is available through for Lync - Skype for Windows VDI sessions, Business non-optimized Remote Distribution Console Administration via Private, Administration Network Table 1: Features removed from SABI environments Through the Management Console, administrators can administer any Distribution Console from any other Distribution Client user management Console in the enterprise—greatly reducing the need for on-site The Distribution Console provides all necessary configuration resources and the cost to transport administrators from site information for client initialization and communication services. to site. Administrators configure clients to failover to redundant This information contains relevant security data and allows Distribution Consoles (on- or off-site) when necessary, allowing the user to access the virtual environments. When a network work to continue unabated. at another security level or a new server is added to the Distribution Console, the information is automatically sent to The Distribution Console serves as a centralized audit repository each client, removing the need to locally manage or update for the client software to track use and activity. This audit data individual clients. can be pushed to a centralized enterprise audit storage location. User access controls (username, password, and clearance Administrator role and account separation level) are validated by the Distribution Console through Additional security controls are provided through granular either hosted Lightweight Directory Access Protocol (LDAP), administrator role and account separation. Each account is external high-side LDAP, or external high-side Microsoft Active permitted only one role on the system, thus enforcing the Directory. Utilizing a pre-existing LDAP or Active Directory requirement that multiple personnel provide checks and server eliminates the need to manage user accounts on the balances for privileged actions, system changes and system Distribution Console, further reducing administrative overhead. data access. 3 Support for multiple endpoint devices Risk exposure is greatly reduced due to the read-only device, In support of the variety of missions and users that make up strict network and virtual desktop session separation, and the an enterprise, the same client software can be implemented fact that Forcepoint Trusted Thin Client only provides a redisplay on different form factors: thin client hardware, PCs, laptop and of data from the data center. Should malicious code make its hybrid devices, or a virtual machine resident on a host operating way to a virtual desktop, these factors prevent it from moving system. All recommended hardware is certified in-house by from one network to another greatly reducing the risk to the Forcepoint engineers. overall infrastructure. All endpoint devices run a read-only, stateless, SELinux With DC spanning you can connect to anywhere in the world, multi-level secure (MLS) operating system that meets the from anywhere in the world. For example, personnel located in in most stringent security requirements. Users interact with Virgina can connect to a network in Korea. See Figure 2. Multi- the security-enabled
Load more

Recommended publications
  • Learning Series
    Learning Series ThinManager Versus The Competition A comparison in the thin client management market. www.thinmanager.com | Atlanta | Dallas | Baltimore | California | 1-877-239-4282 | [email protected] ThinManager Versus the Competition Customers often ask us to provide some sort of comparison between ThinManager and other process management solutions such as Citrix, VMware View, or Wyse. From a technological standpoint, it is easy to compare basic functions or show the end result of deploying different solutions in an automated industrial environment. But more often than not, there isn’t an easy OVERALL comparison as ThinManager is deployed to augment and improve the operational efficiency of other management systems, not replace them. At its core, ThinManager is designed to manage clients and their connection to the server, filling a very important need not addressed by most “system management” platforms. With that in mind, we wanted to highlight what we believe are the product fundamentals that are needed in most manufacturing environments, why they are needed, and how ThinManager provides features to address those needs regardless of the other management solutions on the market that may or may not already be in use in your facility. THINMANAGER & THINMANAGER READY THIN CLIENTS VERSUS PCS: The primary focus of ACP has always been to get PC’s off the shop/ plant floor. These devices bring several problems with them, and converting to a ThinManager Platform provides an efficient and cost effective method to eliminate them. Because of the harsh environment caused by factors such as heat, cold, vibration or airborne particulates, PCs are ill suited for the Industrial Automation environment.
    [Show full text]
  • Back to the Future: Linux Thin Client
    Back to the Future: Linux Thin Client Steve Hargadon K12Computers (Hargadon Computer) 916-791-2200 or 888-K12-LTSP NCRS 2004 Today's Session 1. What is LTSP? 2. How LTSP Works 3. Benefits and Drawbacks 4. Actual Install of K12LTSP 5. My Experiences with LTSP 6. Q & A Caveat Emptor I am not a Linux expert! There is a lot that I have to learn. Be kind… What is LTSP? “Breathe new life into used machines” ●Open-source Software ●Server ●Workstations (boot off of server) ●Back to the Future ●Magic How LTSP Works Picture of network Demonstration Log into LTSP Using VNC Log into Windows from LTSP Log into home LTSP Using VNC Log into Hawaii LTSP Using VNC The Story Schools’ Computer Problems You know them as well or better than I do: ● Budget Woes ● Technical Woes – Maintenance – Viruses – David and Junior High ● Time Woes ● Non-working, Unused, or Unusable Equipment ● Donations: Often Just “Dumpstered” Benefits of LTSP--Maintenance ●Ease of installation ●Client/Server ● One Machine ● Easier Backup, Maintenance ● Login Machine Independent: Kids Fighting in Hawaii ●Other Reduced Maintenance Issues ● Linux Reliability (3X Help) ● Viruses (lack thereof) ● No Individual PC Maintenance (plug and play) ● Remote Access for Troubleshooting ● Reduced Wear & Tear – Solid State… ●Ease of Expansion or Replacement ●Greatly Reduced TCO ●Community of Users Used to Working for Free Benefits of LTSP--Financial ●Reduced Acquisition Costs ● Server ● Can Accept Donated PCs ● E-Rate Client-Server Technology ●Utilizes Open Source Software for client boot ●Can Utilize
    [Show full text]
  • Thin Client Visualization for Virtualized Systems Technical White Paper
    PROCESS AUTOMATION THIN CLIENT VISUALIZATION FOR VIRTUALIZED SYSTEMS TECHNICAL WHITE PAPER irtualization and thin client visualization represent two powerful technologies that are complementary and even Vmore effective when implemented together. For industrial applications, these two trends intersect when thin clients are connected to virtualized systems to provide visualization and operator interface. Brian Alvarado Product Portfolio Manager Louis Szabo Business Development Manager Technical White Paper – Thin Client Visualization for Virtualized Systems Table of Contents 1 Introduction 3 2 Why Virtualize? 3 3 Longer Life Cycles 4 4 Virtualization Challenges 5 5 Thin Client Advantages 5 6 Industrial Strength Visualization 5 7 Implementation Details 6 8 Conclusions 8 9 References 9 2 www.pepperl-fuchs.com Technical White Paper – Thin Client Visualization for Virtualized Systems THIN CLIENT VISUALIZATION FOR VIRTUALIZED SYSTEMS Thin clients are performance heavyweights in industrial visualization applications, cutting upfront and life cycle costs while improving reliability and security. 1. Introduction 2. Why Virtualize? Virtualization and thin clients are two of the leading trends Virtualization has established itself in the information in computing, both in the commercial and industrial technology (IT) world, and has especially gained traction sectors. They represent two powerful technologies that over the past few years as the technology moves from are complementary and are even more effective when traditional data centers to a wide variety of applications in implemented together. For industrial applications, these the commercial and industrial sectors. two trends intersect when thin clients are connected to virtualized systems to provide visualization and operator Virtualization enables multiple PC operating systems interface. (OSes) to run concurrently, but segregated from each other, on one computer (Image 1).
    [Show full text]
  • Reference Architecture: Lenovo Client Virtualization (LCV) with Thinksystem Servers
    Reference Architecture: Lenovo Client Virtualization (LCV) with ThinkSystem Servers Last update: 10 June 2019 Version 1.3 Base Reference Architecture Describes Lenovo clients, document for all LCV servers, storage, and networking solutions hardware used in LCV solutions LCV covers both virtual Contains system performance desktops and hosted considerations and performance desktops testing methodology and tools Mike Perks Pawan Sharma Table of Contents 1 Introduction ............................................................................................... 1 2 Business problem and business value ................................................... 2 3 Requirements ............................................................................................ 3 4 Architectural overview ............................................................................. 6 5 Component model .................................................................................... 7 5.1 Management services ............................................................................................ 10 5.2 Support services .................................................................................................... 11 5.2.1 Lenovo Thin Client Manager ...................................................................................................... 11 5.2.2 Chromebook management console ........................................................................................... 12 5.3 Storage .................................................................................................................
    [Show full text]
  • Thin Clients and Pcs – a Comparative Study to Find Suitability for Different Computing Environments
    Thin Clients and PCs – A comparative study to find suitability for different computing environments Tanmay K. Mohapatra Choosing between thin clients and PCs requires a rational evaluation. Often a correct mix is optimum. The personal computer (PC) no doubt has created a revolution in the field of computing. In recent years, thin client computing has provided an attractive alternative to the ubiquitous PC. However, both personal computers and thin clients have their own place in business organizations. A large number of studies have been carried out to examine the technical aspects of various thin client technologies. But very few have proposed a set of holistic guidelines to be followed while making a choice of thin client technologies. In this article I examine the strengths and weaknesses of the PC and various types of thin clients that are available today, the technologies they use and their performance under different environments. Finally, I will propose a few guidelines for determining suitability of each for different computing environments. A BRIEF HISTORY With the advent of the PC the centralized computing model of mainframes and time- shared computing gave way to a more distributed model. Personal computers allowed users to use their local workstations to install applications, store data locally and also to do some amount of processing locally. Devices like floppy drives, scanners and printers could be attached directly to the desktop for alternate data input and output. The lower cost (than mainframes), popularity and ease of use of the PC played a major part in its proliferation. The large user base and its open architecture encouraged a large variety of software packages and devices to be developed for it.
    [Show full text]
  • PSG AMS Commercial Thin Client Datasheet 2013
    Datasheet HP t630 Thin Client Optimize your cloud-based deployments with the powerful, highly configurable, and long lifecycle HP t630 Thin Client. Support your business now and in the future with quad-core processing1, dual UHD/4K display compatibility, and options for device and Designed to go above and beyond network connectivity and local Speed performance with an expertly engineered thin client driven by an embedded x86 quad-core1 system-on-a-chip. The integrated AMD Radeon graphics engine supports up to two storage.2 UHD/4K displays2 for a fantastic media experience. Bridge the gap with expansive connectivity Configure a precise deployment with legacy ports for your reliable peripherals, dual-channel DDR4 system memory, wired or optional wireless or fiber connectivity2, and optional local dual flash memory2 up to 128 GB for separate, discrete storage. Software with all the extras, minus the extra cost Tailor your OS environment, remotely set up and deploy, boost Wi-Fi and network performance, and get local-quality multimedia on the cloud with exclusive HP value-added software: HP Device Manager, HP Velocity, HP True Graphics3, and HP Easy Shell.4 Featuring ● Keep the peripherals you know and trust and plan ahead with connections that include PS/2 and serial ports, an optional VGA output or second serial port2, and convenient front and rear USB 3.0 and USB 2.0 ports. ● Protect data with VDI and cloud hosting, certified TPM, a BIOS designed to National Institute of Standards and Technology (NIST) specs, and Windows with Write Filter protection. ● Stay in contact with colleagues with support for unified communications (UC) solutions.2 ● Go wired with standard RJ-45, wireless with an optional Wi-Fi/Bluetooth®2 or external Wi-Fi antenna system, or connect to fiber with an optional Fiber Optic network adapter.2 ● Work with your choice of subscription-based SaaS solutions like Office 365.5 ● Pick a familiar and reliable Windows® or Linux® OS and pair with your own ISV.
    [Show full text]
  • HP Thin Clients Flash/SSD Selection
    Technical white paper HP Thin Clients Flash/SSD Selection Table of contents Executive summary ...................................................................................................................................................................... 2 Introduction .................................................................................................................................................................................... 2 Considerations for selecting storage devices ......................................................................................................................... 2 Operating system write filter enablement .......................................................................................................................... 2 Operating system size ............................................................................................................................................................. 2 NAND flash and flash controllers .......................................................................................................................................... 2 Comparing flash storage devices, uMLC option to hard disk drives .............................................................................. 3 Storage requirements .............................................................................................................................................................. 3 HP recommendations ..................................................................................................................................................................
    [Show full text]
  • Zero RDP Ultra Thin Client
    Model No. zRDP405 Document Version V1.1 Date of Release 2021.01.28 Magic Control Technology Corp. Zero RDP Ultra Thin Client Specifications Page 1 Model No. zRDP405 Document Version V1.1 Date of Release 2021.01.28 1 Appearance .......................................................................................... 3 1.1 ID Data ................................................................................................. 3 1.1.1 Product Photo ...................................................................................... 3 1.1.2 ID Specifications ................................................................................... 4 2 PCB Specifications ................................................................................ 4 2.1 PCB Information ................................................................................... 4 2.2 PCB Dimension ..................................................................................... 4 3 Product Specifications .......................................................................... 5 3.1 Product Features .................................................................................. 5 3.2 Electrical Appliance Characteristics ..................................................... 6 3.3 Hardware Interface Details .................................................................. 6 3.3.1 Resolution and Refresh Rate Table ...................................................... 7 3.3.2 DEVICE OS (GUI Mode) SUPPORTED RESOLUTIONS ...................................... 10
    [Show full text]
  • Wyse Enhanced Linux Thin Clients Dell Cloud Client-Computing Solutions
    Wyse enhanced Linux thin clients Dell cloud client-computing solutions Performance, reliability and flexibility of Wyse enhanced Linux in a thin client Learn more here: Introducing Wyse enhanced Linux thin clients Power and flexibility of enhanced Linux in a thin client Wyse enhanced Linux based thin clients For virtual desktops end users and IT will love Wyse offers a variety of hardware form factors with single, dual or Combine the performance, reliability and flexibility of Enhanced Linux with the security, quad core options to suit your budget, application, and performance needs. ease of management, and cost-savings of powerful Wyse thin clients. Click the images to learn more. Enhanced Linux is better with Wyse thin clients: Secure from the desktop to the data center • Wyse thin clients are far more secure and less complex than PCs with an extremely small attack surface • Support a wide range of user authentication methods • Apps and content are protected in the data center Great to use Wyse thin clients deliver a fast, rich, familiar Enhanced Linux user experience: • Enhanced Linux user interface for VDI, local internet, and local apps • Connectivity to a broad range of Windows and custom applications and peripherals Wyse software can further enhance the Wyse Enhanced Linux user experience. • Power to drive rich, fluid graphics locally or via VDI protocols: Microsoft® RemoteFX/RDP, Citrix® HDX and Dell vWorkspace Learn more. • Ideal for unified communications Highly scalable and easy to manage Management software that scales as you grow from just a few to tens of thousands of thin clients: • Wyse Device Manager – easy, remote management and monitoring; no need to ever visit endpoints Quick compare Specifications Dell.com Wyse enhanced Linux hardware platforms Single, dual, and quad core platforms, including mobile thin clients address a wide range of budget, application, and performance needs.
    [Show full text]
  • Thin Client Computing White Paper
    Thin Client Computing White Paper Thin Client Computing Providing Solutions and Dispelling Myths 2 Less is more While minimalism in computing has been around since the 1990s, the concept only recently has hit its stride: Computer devices that only carry out essential applications, or “thin clients,” have a longer operational life span, cut energy use and are less expensive to purchase and maintain. As the phenomenon of software as a service gains traction, in fact, thin clients are already replacing desktop PCs in many government, commercial and educational settings. A pioneer in thin client software innovation, Citrix Systems, Inc. specializes in providing virtualization solutions to government, healthcare and educational organizations that improve security, reduce IT expense and ...thin clients have a increase flexibility. When applied appropriately, Citrix applications can longer operational optimize the thin client to be a cost-effective solution for task-based workers, administrative staff or even mobile users—anywhere, on any device, all life span, cut without losing application performance. energy use and are less expensive What does “thin client” mean? to purchase and The term “thin client”—also called a “slim” or “lean” client—is a computer maintain. that relies on a server to drive traditional computer tasks and therefore may not be equipped with standard hard drives, ports or installed software. As such, the thin client does not actually process data locally but rather acts merely as a user interface, while running programs and accessing data from the datacenter (conversely, the traditional “fat client” computer fulfills all roles by itself). The best analogy for this process would be residential satellite or cable TV service: A signal is sent from a centralized location, and the television set acts as a simple receiving device.
    [Show full text]
  • Thinmanager 4.1 Help Manual Modules  279
    Modules Module Overview Modules are software components that can be loaded to increase the functionality of the terminal. Modules include touch screen drivers, sound drivers, and special device drivers. Modules are included with ThinManager and are registered automatically during ThinManager installation. Updates to modules (primarily touch screens) are posted on the ThinManager website for download and installation. Note: “Installing a module” refers to the registration of the module with the ThinManager Server, while “Adding a module” refers to attaching the module to a particular group or terminal. This section includes: A list of available Modules. Instructions on installing and adding Modules. Details on specific modules. Note: Certain modules, like the video modules, do not need to be added to specific terminals but will be downloaded automatically in ThinManager. These modules do have to be installed in ThinManager to be available for the download to happen. These modules may need to be added to the terminal in older versions of ThinManager that are using new firmware. Module List ThinManager divides the modules into a number of categories or types to make navigation of the module list easier. Although details on the specific modules will follow, the types and modules include: Note: Certain modules are used in limited, specific cases and are considered advanced modules. These are marked with a (*). See Advanced Modules for details. ICA - See ICA Modules Citrix ICA UseAlternateAddress Module Citrix ICA wfclient.ini Extension
    [Show full text]
  • Conceptual Architecture Design and Configuration of Thin Client System for Schools in Malaysia: a Pilot Project
    View metadata, citation and similar papers at core.ac.uk brought to you by CORE provided by The International Islamic University Malaysia Repository Conceptual Architecture Design and Configuration of Thin Client System For Schools in Malaysia: A Pilot Project Abdul Rahman bin Ahlan �urni bt�ahrnud Department of Information System, Depertment of Information System, Kulliyyah of Information and Communication Technology Kulliyyah of Information and Communication Technology Kuala Lumpur, Malaysia Kuala Lumpur, Malaysia [email protected]. my [email protected]. my Yusri bin Arshad Depertment of Information System, Kulliyyah of Information and Communication Technology Kuala Lumpur, Malaysia [email protected] Abstract- Thin client systems have advanced recently with new Malaysia aims to connect all schools with computer innovative design extensions such as virtualisation and cloud facilities by 2010. Urban and top schools have firstly enjoyed computing. Client-server architecture is the basis for thin client the ICT advantages before it is implemented to other rural system to connect remote multi-workstations to administrative schools. Smart schools are the pilot project started in 1990s [6]. servers located in headquarters or data center. This paper first presents a literature review on thin client concept and The remainder of the paper is organized as follows. Firstly, virtualization. In the next section, we describe the Wyse the key features of thin clients and the main concepts related to Technology and Linux thin client for windows-based and open the available products in the market are reported in the first two source solution respectively. We then proceed with description of sections, respectively. Then, we describe the proposed thin proposed conceptual architecture design and implementation for client systems design and network architecture.
    [Show full text]