The Design And Implementation Of Security Virtual Desktop System

There are many means in traditional endpoint security protection scheme to protect the endpoint security, such as anti-virus software, gateway, endpoint security software, anti-phishing software, terminal access control to prevent unauthorized external connection, firewall, IDS or IPS, and so on. But the effects of these security mechanisms are not satisfied. The two most important reasons are the follows. First, the theoretical basis of endpoint security products is weak. It’s difficult to solve the problem of endpoint security fundamentally. Secondly, the distribution and use of the application terminal cause security management difficult. It’s difficult to achieve security objectives. Desktop virtualization separates the application client terminal with the user’s operating platform in the physical, and the customer terminals are mainly deployed in the "cloud" the traditional data center or server room, and center management in the "cloud". The structural system of the desktop virtualization simplifies the system’s security structure, effectively reduces the interface of the protection system and the external environment, and reduces the number of terminals and border security products. All of the desktop virtual desktops are managed in the data center, and the user can get a complete PC experience. In the process of desktop virtualization, desktop security is very important. In this article, we will research to design and implement a secure virtual desktop system.The main work of the paper is:1) Design and implement a virtual desktop system. The terminals centralized management not only saves cost and hardware investment, but also is convenient for maintenance or upgrade management. And at the same time, users can access and use the desktop flexibly.2) Enhance the security of the virtual desktop effectively. The unique security device mapping mechanism can control the flow of business-critical data and protect critical data will not be disclosed.3) Combined the virtualization technology with trusted computing. Virtualization technology can improve the level of multiplexing of the physical computing resources, and make centralized deployment and management of the application terminal be possible. It can reduce the difficulty of large-scale application terminal management; Furthermore the trusted computing technology using "white list" can effectively prevent infection and destruction of a variety of known and unknown malicious code and reduce the opportunities for hacker attacks and enhance the security of the system effectively.