There is no custom code to display.

Real Words or Buzzwords?: VDI – Virtual Desktop Infrastructure

Print Friendly, PDF & Email

This is the 46th article in the award-winning “Real Words or Buzzwords?” series about how real words become empty words and stifle technology progress.

By Ray Bernard, PSP, CHS-III

At first glance, VDI doesn’t seem to have much application to a SOC deployment. But a closer look reveals why it is actually of critical importance.

  • All-in-one RWOB

  • Once again, this is a topic that will be familiar to IT folks but not so much for physical security industry folks. I’m writing about this because of the increase in attention companies are giving to establishing or upgrading a physical security operations center (SOC). First, we’ll look at what VDI is, and then how it applies to a SOC deployment.

    VDI is an alternative to the traditional desktop computer:  one computer per desk or workspace, typically running Microsoft Windows and its Office applications, as well as other applications. Instead, the operating system and desktop applications are run in a server virtual environment, usually in a data center. All applications and data used remain on the server with only display, keyboard, and mouse information communicated with the local client device, which may be low-end PC, a laptop, a thin client device, or nowadays a tablet or a smartphone. Special software on the user’s device displays the desktop screen and handles the keyboard/mouse interaction, converting as necessary for touch-screen devices.

    In the business world, a company with tens or hundreds of thousands of employees can achieve very significant savings using the VDI approach. In a data center, technical support for computing equipment is instantly available in a few data center locations, no travel or remote on-site personnel required. Additionally, redundancy and backup are available for all data, including what formerly was stored on hard drives on local PCs.

    At first glance, VDI doesn’t seem to have much application to a SOC deployment. But a closer look reveals why it is actually of critical importance.

    Benefits of VDI

    Wikipedia has an excellent article on Desktop Virtualization that identifies the key application scenarios for using VDI technology (provided below), which at first consideration don’t seem to apply to SOC deployments.

    Remote desktop virtualization is frequently used in the following scenarios:

    • in distributed environments with high availability requirements and where desk-side technical support is not readily available, such as branch office and retail environments.
    • in environments where high network latency degrades the performance of conventional client/server applications
    • in environments where remote access and data security requirements create conflicting requirements that can be addressed by retaining all (application) data within the data center – with only display, keyboard, and mouse information communicated with the remote client.

    It is also used as a means of providing access to Windows applications on non-Windows endpoints (including tablets, smartphones, and non-Windows-based desktop PCs and laptops).

    While it is true that many SOCs are not located where IT technical support is readily available, tech support problems are usually rare due to the high quality of SOC equipment being used and the necessity that it runs 24/7. When you have lots of employees using desktop computers, there are always some users who have technical problems. That’s not the case for a good SOC.

    Extending Capabilities Outside the SOC

    SOCs usually have very high-power workstations and high-capacity local area networks to handle the constant use of video. This is one reason why Iit’s hard to extend traditional SOC capabilities outside the SOC room. It would require significant computing and networking capabilities that would be rarely used, because situations that call for getting additional people involved in security operations activities occur infrequently. Additionally, extending SOC functionalities outside the highly protected SOC room poses data security risks.

    Thus, many Emergency Operations Center (EOC) rooms are located near the SOC where they can walk into the SOC if needed. Some corporate EOCs are right next door with a large glass window into the SOC, so that they can see what’s happening without being a distraction inside the SOC room. It’s not that there are no use cases for extending SOC capabilities – it’s just that doing so is technically impractical and prohibitively expensive, especially since such capabilities aren’t mobile. The use cases for extending SOC capabilities usually cover a number of use locations – many of which aren’t predictable in advance. So, except for communications equipment and VMS mobile apps for video viewing, the SOC is pretty much a closed environment.

    SOC Single Point of Failure

    Most SOCs constitute a single point of failure, except for organizations with multiple SOCs who can transfer operations from one SOC to another if needed, or who use a “follow the sun” approach to global monitoring. Such capabilities are rare and typically very expensive.

    A VDI-based SOC – being server-based – benefits from data center redundancy and backup capabilities. If for some reason the SOC must be evacuated, it can be shut down and re-constituted quickly and securely anywhere you can set up user computing (including laptops) and set up a handful or more large screen video displays. This is a same-day situation requiring hours of simple work finding a room, bringing in light-weight computers and large consumer TV displays.

    VDI Extends SOC Workstations and Video Walls

    Besides its usefulness for backup location operations, there are other reasons to deploy the VDI technology. No special mobile device physical security applications need be installed – the VDI extends what would ordinarily be a multi-monitor user workstation onto any device – laptop, PC, tablet or even smartphone. It extends video walls as well.

    The VDI software provides the functionality – it’s made just for that purpose. Any application running on a SOC computer can be shared securely via VDI because only the VDI application for screen and keyboard/mouse sharing must run on the user device. It doesn’t matter what the SOC applications are or how many they are. Whether a VMS, a PSIM, access control system, unified communications, alarm monitoring app or central station app – they’ll work.

    More than a dozen companies make VDI software that will work for SOC functionality. The FinancesOnline platform for business product reviews has an excellent article titled, 20 Best Virtual Desktop Infrastructure Software in 2019VMware and Teradici are two of the companies listed whose technologies are perfect for remotely extending SOC capabilities. (The links to go their sections on the FinancesOnline page, and we’ll discuss them later in this article.)

    Why VDI for SOC?

    Here are the reasons for establishing a well-designed VDI-based SOC:

    • Instant Alternate SOC. At any time, some or all of the SOC workstation capabilities can be established or re-established anywhere there is a corporate network or high-speed internet connection. Give users their own individual cellular hotspots, and any off-site conference room or even a hotel room will suffice.
    • Instant EOC Support. For single or multiple EOC locations, ordinary tablets and laptops will work well for the capabilities an EOC user would need, plus the SOC’s large screen displays can also be exported. Only screen pixel and keyboard/mouse information must be sent. All applications will run on the VDI servers as if they were on a workstation.
    • First Responder Realtime Support. For the kinds of situations where the typical VMS video sharing and clip export functions aren’t enough to support real-time incident support, such as for large events or an active assailant situation – responders outside an area or building can see what’s going on in realtime from a tablet or smartphone. The SOC, EOC and field responders all have a common operating picture to operate work and collaborate from.
    • Universal Device Support. The VMWare Horizon client software that runs on the remote devices have versions for Apple, Android, Windows and Linux computers. The SOC deployment doesn’t require any special device support – that’s handled by the Horizon app, which is automatically kept up to date for feature and security updates. There is no special burden on the SOC or IT personnel for remote device support. Damaged devices can be quickly replaced by another remote device – such as a tablet replacing a laptop. It doesn’t have to be a duplicate device.
    • Security. Remote device authorization is managed centrally. To disable SOC application access for a user or set of users doesn’t required disabling their access to each individual application. Turn off the Horizon app and they can’t even try to log in to any SOC software. No data is sent to or stored on the remote devices – only screen images video streams optimized for the remote device’s video resolution are sent to the device. If a device is lost or stolen, SOC application access can be quickly disabled.

    Why VDI Now?

    Although VDI for SOCs uses commercial-off-the-shelf (COTS) technology, until about a year or so ago the computing hardware available just didn’t have enough processing power to handle the continuously changing video displays. Not to mention support for 4K or 8K displays (for video walls) – which have only recently been supported.

    The earlier generation of VDI technologies required large amounts of electrical power and had very high heat dissipation due to the multiplicity of processors, and so were costly to run.

    Today’s GPU card technology is capable of handling multiple constantly-changing display screens and is built with low power technology.

    What’s the Challenge?

    VDI and its technologies have been a big topic in the IT domain since 2006. You can read about its history in an InfoSec Digest Blog on VDI. They were okay for business desktop users, but were never capable of handling SOC applications. Supporting a SOC requires special server hardware configurations including multiple high-power GPU cards as well as CPU accelerator cards – which is what the Teradici technology is about.

    The challenge is that business IT departments have no familiarity with the kinds of server virtualization software and computing hardware configurations required to support a SOC, with its special software applications and the volume of streaming video. The time, attention and expertise required just to design it let alone deploy it are not available for what IT considers a “small handful of special users.” IT is focused on standardizing its enterprise information systems as much as possible for each category of users, not providing high levels of specialized expert support for a small system (which is what an SOC looks like to IT). The internal IT cost is likely to be unacceptable due to it being a one-off design and deployment situation which has a critical 24/7/365 runtime requirement.

    COTS Solution

    There is one solution that is made specifically for physical security SOC deployments. The product name is Virtual SOC. While an internet search will return many results for Virtual SOC and SOC 2.0 – they are about the IT SOC for monitoring the security of an organization’s information systems in real time. They are called Virtual SOCs because traditional IT SOCs (often called NOCs for Network Operations Centers) were single rooms with dozens of occupants. In the IT domain, virtual SOCs allow the monitoring and response functions to be distributed to personnel anywhere that the organization’s network is accessible, shrinking the space necessary for a central SOC room and hastening field response by extending the IT SOC functionality outside the central room. Same concept – different domain and more importantly, built for business information systems not physical security operations.

    Virtual SOC is provided by Pivot3 whose downloadable product information can be found here. No need for me to extol the product’s virtues and technology capabilities. It’s built from VMware and Teradici technologies with its Pivot3’s own software to automate the virtualization and configuration so that it’s deployable basically using a single Pivot3 configuration interface. This is what addresses the challenge where normally, a high degree of IT expertise would be required for such a deployment. Instead you get a highly fault-tolerant system that can be upgraded for hardware and software with no system downtime. You get five 9s or six 9s of uptime – hardware-dependent configuration options.

    I’m not trying to make this article a Pivot3 commercial – I’d have included other products here if I had found any. I’ll update this article going forward if and when I do.

    The New Challenge

    Now that the technology challenge involved has been solved, the new challenge relates to security operations design and planning, and updating your operations and emergency response plans based on the new capabilities made available by a VDI-based SOC deployment. Hospitals and other healthcare organizations, as well as many critical infrastructure security technology end users, need to give serious thought to what security awareness and response gaps they can eliminate by deploying a VDI-based SOC that includes mobile SOC technology capability.

    Keep in mind that such a VDI-based SOC is future-ready for the security industry AI-based security platforms emerging, primarily because the Virtual SOC product is built from COTS hyper-converged infrastructure technology. There is a lot of food for thought here.

    Ray Bernard, PSP CHS-III, is the principal consultant for Ray Bernard Consulting Services (RBCS), a firm that provides security consulting services for public and private facilities ( In 2018 IFSEC Global listed Ray as #12 in the world’s Top 30 Security Thought Leaders. He is the author of the Elsevier book Security Technology Convergence Insights available on Amazon. Mr. Bernard is a Subject Matter Expert Faculty of the Security Executive Council (SEC) and an active member of the ASIS International member councils for Physical Security and IT Security. Follow Ray on Twitter: @RayBernardRBCS.

    © 2019 RBCS