On September 26, 2023, Sangfor officially launched the latest version of Sangfor Virtual Desktop Infrastructure (VDI)—version 5.9.0. The theme of the launch—The Road to Convergence—perfectly captures the key innovations of this new version. Notably, Sangfor VDI 5.9.0 is the first 2-in-1 HCI and VDI. It now utilizes Sangfor Hyperconverged Infrastructure (HCI) to replace the VMP as the hypervisor to support desktop and server virtualization within the same cluster. What’s more, in this version, Sangfor is the industry's first vendor to tightly integrate VDI and security components, enhancing the protection of virtual desktops and their data. In this article, we will explore these two key convergences and their key values and benefits to you.
Convergence 1: HCI Replaces VMP as VDI’s Hypervisor
In versions of Sangfor VDI before 5.9.0, the Virtualization Management Platform (VMP) served as the hypervisor for the virtual desktop cluster and operated on x86 servers. A separate virtual server cluster was needed for business applications.
Starting with version 5.9.0, Sangfor VDI supports both desktop and server virtualization on Sangfor HCI, using aSV as the hypervisor. This allows virtual machines (VMs) that run virtual desktops and business applications to coexist within the same cluster.
What are the benefits of this new architecture?
Cost-effectiveness and resource optimization: With this new version, businesses only need to deploy a 2-node Sangfor HCI cluster for server and desktop virtualization. This makes both technologies more affordable, especially for small to medium-sized companies, while improving resource optimization and reducing underutilization.
Simpler operation and management: In the old setup, separate platforms were needed to manage virtual desktops and business applications. With the convergence of VDI and HCI, the IT team can manage everything on a single platform, simplifying operations and maintenance.
Enhanced VDI features and use cases:
- Hot upgrading to improve business continuity.
- Full disk encryption to protect sensitive data.
- Multiple clusters managed by Sangfor Cloud Platform (SCP) to support large-scale deployments or Desktop as a Service (DaaS).
- Improved data reliability by supporting more data copies (from 2 to 3) and an arbitration node to prevent split-brain.
Convergence 2: Integrated Security with aSEC
By converging Sangfor VDI and HCI, Sangfor VDI now benefits from the security capabilities of aSEC, the security component of Sangfor HCI.
1. VM Security
aSEC protects VMs running virtual desktops with Sangfor Endpoint Secure, providing virus detection and removal, application identification, vulnerability scanning, patch management, and more. A lightweight Endpoint Secure agent is automatically installed on VMs using VMTools to provide real-time protection with very low resource consumption.
2. Ransomware Protection
Ransomware poses a significant threat to business continuity by encrypting data, making it inaccessible for critical operations. By integrating with HCI, Sangfor VDI offers a comprehensive ransomware containment and recovery solution, allowing businesses to rapidly resume operations should their VMs become encrypted.
a. Isolating infected VMs: aSEC provides a one-click micro-segmentation feature to isolate encrypted VMs to prevent the spread of ransomware. For VMs that must remain operational, aSEC offers adaptive isolation. This blocks ports that are not essential for daily business operations while keeping crucial ports open. It also blocks high-risk ports commonly used for spreading viruses, such as sharing and remote access ports. This increases the difficulty of lateral movement and maintains business continuity as much as possible.
b. Verifying the safety of recovery points: aSEC uses a method called “linked cloning” to clone an infected VM to verify the safety of a recovered environment. This “child” VM is completely isolated so that when it is recovered to a previous state, any viruses present in the recovered environment cannot spread. A virus scan is performed, and a safe recovery point is determined for restoring the infected “parent” VM.
c. Restoring infected VMs: aSEC uses a snapshot mechanism to easily restore encrypted VMs to a functional state. Before recovery, aSEC retains on-site snapshots for subsequent decryption and use. After recovery, another virus scan is conducted to confirm that the recovered environment is secure. Isolation is only lifted once the VM is verified to be clean and free from threats.
3. Vulnerability and Patch Management
aSEC offers two patching solutions for addressing vulnerabilities in virtual desktops: standard vulnerability patching and hot patching.
With standard vulnerability patching, aSEC detects system vulnerabilities and schedules official patch installations. Users are prompted to reboot the system to ensure these patches take effect.
Hot patching allows for the modification of a running application's executable code to address software vulnerabilities without requiring a system reboot. This approach minimizes operational interruptions and has a lower impact on system performance. It's useful for mitigating zero-day vulnerabilities until official patches are released and vulnerabilities in older operating systems for which the vendor has stopped providing security updates.
Promotion
To allow more customers to explore the latest features of Sangfor VDI 5.9.0, Sangfor is providing each VDI/HCI customer with 5 free Silver VDI User Licenses (For more information about VDI Licenses, please click here). For further details, please get in touch with your local Sangfor office or the marketing team at marketing@sangfor.com.
Conclusion
Sangfor VDI 5.9.0 is a pivotal step on the road to convergence. The new VDI uses Sangfor HCI as its hypervisor, allowing server and desktop virtualization within a unified cluster. This brings about cost efficiency, streamlined operations, and improved data reliability. Security is stronger than ever before with the integration of aSEC, offering protection against ransomware and vulnerabilities. The combination of these enhancements positions Sangfor VDI 5.9.0 as a simple, secure, and efficient virtual desktop solution for businesses.