VDI – SSO, not so secure….
After the initial post we discovered more security matters that you should keep in mind.
!!!! This is not just a VMware issue, this is a issue with all VDI solutions, it’s because we want SSO for our users.!!!!!!
The VMware View client has by default a 600 minute time-out in which the user credentials are “available”. In this period a security issue might occur if a certain setup is chosen. this is configurable through the View administrator console or via GPO.
User1 has more than one desktop assigned, a persistent and a non-persistent virtual desktop. If user1 has opened one virtual View Desktop and locks that virtual desktop, the credentials are still saved (during the timeout period). If user2 walks up to desktop and chooses Options / Switch Desktop in the View client menu bar, he can open another virtual desktop assigned to user1.
– Choose MenuBar/ Switch Desktop / other desktop
– Choose another desktop and click Connect.
– The new desktop is opened even when you have no rights.
This happens because the credentials are saved in View client and used to log user2 on to the desktop of user1.
After the timeout period, this won’t work anymore and user2 won’t be able to log on to a desktop. The pervious described security issue still stands (Disconnect and logoff).
How can we make sure this doesn’t happen?
One option is to set the timeout to a less minutes. So instead of 600 minutes it’s better to set it to 1 minute. This will make sure that the credentials are not available after one minute. User2 can’t open a assigned desktop of user1 anymore. Of course you have to be able to make this change. the downside, for the user, is that they have to re-authenticate after the timeout period is over.
The same issue however would also occur with Citrix XenDesktop, as long as the web-interface session hasn’t timed out. Make sure the timeout is set as low as possible to make sure the session times out soon after the user is logged on to the virtual Xendesktop. The Citrix Web-interface is a datacenter hosted system and can therefor be managed easier. a VMware view client however is quit often not manageable for it’s running on a unmanaged thin client.
In any solution we have to make sure the credentials are not saved for to long. I think this is not a bug or a programming error, it’s something we wanted. we wanted SSO for our users, to make life easier for them. But freedom comes with a price, you have to follow some rules to keep others from tampering with your data. Credentials only should be saved as long as they are needed, not indefinitely.
I’m curious about you ideas about it, let me know. @RobBeekmans
and again to make sure you don’t think I’m bashing VMware, it’s also a Citrix issue. I just happen to have a VMware client and environment at hand.