This is the 46th article in the “Real Words or Buzzwords?” series about how real words become empty words and stifle technology progress.
By Ray Bernard, PSP, CHS-III
At first glance, VDI doesn’t seem to have much application to a SOC deployment. But a closer look reveals why it is actually of critical importance.
★ ★ ★ GET NOTIFIED! ★ ★ ★
SIGN UP to be notified by email the day a new Real Words or Buzzwords? article is posted!
Real Words or Buzzwords?
The Bi-Weekly Article Series
#1 Proof of the buzzword that killed tech advances in the security industry—but not other industries.
#2 Next Generation (NextGen): A sure way to tell hype from reality.
#3 Customer Centric: Why all security industry companies aren't customer centric.
#4 Best of Breed: What it should mean to companies and their customers.
#5 Open: An openness scale to rate platforms and systems
#6 Network-friendly: It's much more than network connectivity.
#7 Mobile first: Not what it sounds like.
#8 Enterprise Class (Part One): To qualify as Enterprise Class system today is world's beyond what it was yesterday.
#9 Enterprise Class (Part Two): Enterprise Class must be more than just a top-level label.
#10 Enterprise Class (Part Three): Enterprise Class must be 21st century technology.
#11 Intuitive: It’s about time that we had a real-world testable definition for “intuitive”.
#12 State of the Art: A perspective for right-setting our own thinking about technologies.
#13 True Cloud (Part One): Fully evaluating cloud product offerings.
#14 True Cloud (Part Two): Examining the characteristics of 'native-cloud' applications.
#15 True Cloud (Part Three): Due diligence in testing cloud systems.
#16 IP-based, IP-enabled, IP-capable, or IP-connectable?: A perspective for right-setting our own thinking about technologies.
#17 Five Nines: Many people equate high availability with good user experience, yet many more factors are critically important.
#18 Robust: Words like “robust” must be followed by design specifics to be meaningful.
#19 Serverless Computing – Part 1: Why "serverless computing" is critical for some cloud offerings.
#20 Serverless Computing – Part 2: Why full virtualization is the future of cloud computing.
#21 Situational Awareness – Part 1: What products provide situational awareness?
#22 Situational Awareness – Part 2: Why system designs are incomplete without situational awareness?
#23 Situational Awareness – Part 3: How mobile devices change the situational awareness landscape?
#24 Situational Awareness – Part 4: Why situational awareness is a must for security system maintenance and acceptable uptime.
#25 Situational Awareness – Part 5: We are now entering the era of smart buildings and facilities. We must design integrated security systems that are much smarter than those we have designed in the past.
#26 Situational Awareness – Part 6: Developing modern day situational awareness solutions requires moving beyond 20th century thinking.
#27 Situational Awareness – Part 7: Modern day incident response deserves the help that modern technology can provide but doesn’t yet. Filling this void is one of the great security industry opportunities of our time.
#28 Unicity: Security solutions providers can spur innovation by envisioning how the Unicity concept can extend and strengthen physical access into real-time presence management.
#29 The API Economy: Why The API Economy will have a significant impact on the physical security industry moving forward.
#30 Future-Proof: What does Future-Proof mean in an era of managed services, continuous delivery, and ever-accelerating technology advancement?
#33 Software-Defined: Cloud-computing technology, with its many software-defined elements, is bringing self-scaling real-time performance capabilities to physical security system technology.
#34 High-Performance: How the right use of "high-performance" can accelerate the adoption of truly high-performing emerging technologies.
#35 Erasure Coding: Why RAID drive arrays don’t work anymore for video storage, and why Erasure Coding does.
#36 Presence Control: Anyone responsible for access control management or smart building experience must understand and apply presence control.
#37 Internet+: The Internet has evolved into much more than the information superhighway it was originally conceived to be.
#38 Digital Twin: Though few in physical security are familiar with the concept, it holds enormous potential for the industry.
#39 Fog Computing: Though commonly misunderstood, the concept of fog computing has become critically important to physical security systems.
#40 Scale - Part 1: Although many security-industry thought leaders have advocated that we should be “learning from IT,” there is still insufficient emphasis on learning about IT practices, especially for large-scale deployments.
#41 Scale - Part 2: Why the industry has yet to fully grasp what the ‘Internet of Things’ means for scaling physical security devices and systems.
#42 Cyberspace - Part 1: Thought to be an outdated term by some, understanding ‘Cyberspace’ and how it differs from ‘Cyber’ is paramount for security practitioners.
#43 Cyber-Physical Systems - Part 1: We must understand what it means that electronic physical security systems are cyber-physical systems.
#44 Cyberspace - Part 2: Thought to be an outdated term by some, understanding ‘Cyberspace’ and how it differs from ‘Cyber’ is paramount for security practitioners.
#45 Artificial Intelligence, Machine Learning and Deep Learning: Examining the differences in these technologies and their respective benefits for the security industry.
#46 VDI – Virtual Desktop Infrastructure: At first glance, VDI doesn’t seem to have much application to a SOC deployment. But a closer look reveals why it is actually of critical importance.
#47 Hybrid Cloud: The definition of hybrid cloud has evolved, and it’s important to understand the implications for physical security system deployments.
#48 Legacy: How you define ‘legacy technology’ may determine whether you get to update or replace critical systems.
#49 H.264 - Part 1: Examining the terms involved in camera stream configuration settings and why they are important.
#50 H.264 - Part 2: A look at the different H.264 video frame types and how they relate to intended uses of video.
More to come about every other week.
VDI is an alternative to the traditional desktop computer: one computer per desk or workspace, typically running Microsoft Windows and its Office applications, as well as other applications. Instead, the operating system and desktop applications are run in a server virtual environment, usually in a data center. All applications and data used remain on the server with only display, keyboard, and mouse information communicated with the local client device, which may be low-end PC, a laptop, a thin client device, or nowadays a tablet or a smartphone. Special software on the user’s device displays the desktop screen and handles the keyboard/mouse interaction, converting as necessary for touch-screen devices.
In the business world, a company with tens or hundreds of thousands of employees can achieve very significant savings using the VDI approach. In a data center, technical support for computing equipment is instantly available in a few data center locations, no travel or remote on-site personnel required. Additionally, redundancy and backup are available for all data, including what formerly was stored on hard drives on local PCs.
At first glance, VDI doesn’t seem to have much application to a SOC deployment. But a closer look reveals why it is actually of critical importance.
Benefits of VDI
Wikipedia has an excellent article on Desktop Virtualization that identifies the key application scenarios for using VDI technology (provided below), which at first consideration don’t seem to apply to SOC deployments.
Remote desktop virtualization is frequently used in the following scenarios:
- in distributed environments with high availability requirements and where desk-side technical support is not readily available, such as branch office and retail environments.
- in environments where high network latency degrades the performance of conventional client/server applications
- in environments where remote access and data security requirements create conflicting requirements that can be addressed by retaining all (application) data within the data center – with only display, keyboard, and mouse information communicated with the remote client.
It is also used as a means of providing access to Windows applications on non-Windows endpoints (including tablets, smartphones, and non-Windows-based desktop PCs and laptops).
While it is true that many SOCs are not located where IT technical support is readily available, tech support problems are usually rare due to the high quality of SOC equipment being used and the necessity that it runs 24/7. When you have lots of employees using desktop computers, there are always some users who have technical problems. That’s not the case for a good SOC.
Extending Capabilities Outside the SOC
SOCs usually have very high-power workstations and high-capacity local area networks to handle the constant use of video. This is one reason why Iit’s hard to extend traditional SOC capabilities outside the SOC room. It would require significant computing and networking capabilities that would be rarely used, because situations that call for getting additional people involved in security operations activities occur infrequently. Additionally, extending SOC functionalities outside the highly protected SOC room poses data security risks.
Thus, many Emergency Operations Center (EOC) rooms are located near the SOC where they can walk into the SOC if needed. Some corporate EOCs are right next door with a large glass window into the SOC, so that they can see what’s happening without being a distraction inside the SOC room. It’s not that there are no use cases for extending SOC capabilities – it’s just that doing so is technically impractical and prohibitively expensive, especially since such capabilities aren’t mobile. The use cases for extending SOC capabilities usually cover a number of use locations – many of which aren’t predictable in advance. So, except for communications equipment and VMS mobile apps for video viewing, the SOC is pretty much a closed environment.
SOC Single Point of Failure
Most SOCs constitute a single point of failure, except for organizations with multiple SOCs who can transfer operations from one SOC to another if needed, or who use a “follow the sun” approach to global monitoring. Such capabilities are rare and typically very expensive.
A VDI-based SOC – being server-based – benefits from data center redundancy and backup capabilities. If for some reason the SOC must be evacuated, it can be shut down and re-constituted quickly and securely anywhere you can set up user computing (including laptops) and set up a handful or more large screen video displays. This is a same-day situation requiring hours of simple work finding a room, bringing in light-weight computers and large consumer TV displays.
VDI Extends SOC Workstations and Video Walls
Besides its usefulness for backup location operations, there are other reasons to deploy the VDI technology. No special mobile device physical security applications need be installed – the VDI extends what would ordinarily be a multi-monitor user workstation onto any device – laptop, PC, tablet or even smartphone. It extends video walls as well.
The VDI software provides the functionality – it’s made just for that purpose. Any application running on a SOC computer can be shared securely via VDI because only the VDI application for screen and keyboard/mouse sharing must run on the user device. It doesn’t matter what the SOC applications are or how many they are. Whether a VMS, a PSIM, access control system, unified communications, alarm monitoring app or central station app – they’ll work.
More than a dozen companies make VDI software that will work for SOC functionality. The FinancesOnline platform for business product reviews has an excellent article titled, 20 Best Virtual Desktop Infrastructure Software in 2019. VMware and Teradici are two of the companies listed whose technologies are perfect for remotely extending SOC capabilities. (The links to go their sections on the FinancesOnline page, and we’ll discuss them later in this article.)
Why VDI for SOC?
Here are the reasons for establishing a well-designed VDI-based SOC:
- Instant Alternate SOC. At any time, some or all of the SOC workstation capabilities can be established or re-established anywhere there is a corporate network or high-speed internet connection. Give users their own individual cellular hotspots, and any off-site conference room or even a hotel room will suffice.
- Instant EOC Support. For single or multiple EOC locations, ordinary tablets and laptops will work well for the capabilities an EOC user would need, plus the SOC’s large screen displays can also be exported. Only screen pixel and keyboard/mouse information must be sent. All applications will run on the VDI servers as if they were on a workstation.
- First Responder Realtime Support. For the kinds of situations where the typical VMS video sharing and clip export functions aren’t enough to support real-time incident support, such as for large events or an active assailant situation – responders outside an area or building can see what’s going on in realtime from a tablet or smartphone. The SOC, EOC and field responders all have a common operating picture to operate work and collaborate from.
- Universal Device Support. The VMWare Horizon client software that runs on the remote devices have versions for Apple, Android, Windows and Linux computers. The SOC deployment doesn’t require any special device support – that’s handled by the Horizon app, which is automatically kept up to date for feature and security updates. There is no special burden on the SOC or IT personnel for remote device support. Damaged devices can be quickly replaced by another remote device – such as a tablet replacing a laptop. It doesn’t have to be a duplicate device.
- Security. Remote device authorization is managed centrally. To disable SOC application access for a user or set of users doesn’t required disabling their access to each individual application. Turn off the Horizon app and they can’t even try to log in to any SOC software. No data is sent to or stored on the remote devices – only screen images video streams optimized for the remote device’s video resolution are sent to the device. If a device is lost or stolen, SOC application access can be quickly disabled.
Why VDI Now?
Although VDI for SOCs uses commercial-off-the-shelf (COTS) technology, until about a year or so ago the computing hardware available just didn’t have enough processing power to handle the continuously changing video displays. Not to mention support for 4K or 8K displays (for video walls) – which have only recently been supported.
The earlier generation of VDI technologies required large amounts of electrical power and had very high heat dissipation due to the multiplicity of processors, and so were costly to run.
Today’s GPU card technology is capable of handling multiple constantly-changing display screens and is built with low power technology.
What’s the Challenge?
VDI and its technologies have been a big topic in the IT domain since 2006. You can read about its history in an InfoSec Digest Blog on VDI. They were okay for business desktop users, but were never capable of handling SOC applications. Supporting a SOC requires special server hardware configurations including multiple high-power GPU cards as well as CPU accelerator cards – which is what the Teradici technology is about.
The challenge is that business IT departments have no familiarity with the kinds of server virtualization software and computing hardware configurations required to support a SOC, with its special software applications and the volume of streaming video. The time, attention and expertise required just to design it let alone deploy it are not available for what IT considers a “small handful of special users.” IT is focused on standardizing its enterprise information systems as much as possible for each category of users, not providing high levels of specialized expert support for a small system (which is what an SOC looks like to IT). The internal IT cost is likely to be unacceptable due to it being a one-off design and deployment situation which has a critical 24/7/365 runtime requirement.
There is one solution that is made specifically for physical security SOC deployments. The product name is Virtual SOC. While an internet search will return many results for Virtual SOC and SOC 2.0 – they are about the IT SOC for monitoring the security of an organization’s information systems in real time. They are called Virtual SOCs because traditional IT SOCs (often called NOCs for Network Operations Centers) were single rooms with dozens of occupants. In the IT domain, virtual SOCs allow the monitoring and response functions to be distributed to personnel anywhere that the organization’s network is accessible, shrinking the space necessary for a central SOC room and hastening field response by extending the IT SOC functionality outside the central room. Same concept – different domain and more importantly, built for business information systems not physical security operations.
Virtual SOC is provided by Pivot3 whose downloadable product information can be found here. No need for me to extol the product’s virtues and technology capabilities. It’s built from VMware and Teradici technologies with its Pivot3’s own software to automate the virtualization and configuration so that it’s deployable basically using a single Pivot3 configuration interface. This is what addresses the challenge where normally, a high degree of IT expertise would be required for such a deployment. Instead you get a highly fault-tolerant system that can be upgraded for hardware and software with no system downtime. You get five 9s or six 9s of uptime – hardware-dependent configuration options.
I’m not trying to make this article a Pivot3 commercial — – I’d have included other products here if I had found any. I’ll update this article going forward if and when I do.
The New Challenge
Now that the technology challenge involved has been solved, the new challenge relates to security operations design and planning, and updating your operations and emergency response plans based on the new capabilities made available by a VDI-based SOC deployment. Hospitals and other healthcare organizations, as well as many critical infrastructure security technology end users, need to give serious thought to what security awareness and response gaps they can eliminate by deploying a VDI-based SOC that includes mobile SOC technology capability.
Keep in mind that such a VDI-based SOC is future-ready for the security industry AI-based security platforms emerging, primarily because the Virtual SOC product is built from COTS hyper-converged infrastructure technology. There is a lot of food for thought here.
Ray Bernard, PSP CHS-III, is the principal consultant for Ray Bernard Consulting Services (RBCS), a firm that provides security consulting services for public and private facilities (www.go-rbcs.com). In 2018 IFSEC Global listed Ray as #12 in the world’s Top 30 Security Thought Leaders. He is the author of the Elsevier book Security Technology Convergence Insights available on Amazon. Mr. Bernard is a Subject Matter Expert Faculty of the Security Executive Council (SEC) and an active member of the ASIS International member councils for Physical Security and IT Security. Follow Ray on Twitter: @RayBernardRBCS.
© 2019 RBCS