Nandan Bhatkal, Vice President - Enterprise Solutions, Accops Systems, 0
The Covid pandemic has tremendously accelerated the adoption of remote work, and now, the workforce is more mobile than ever. Perception of employees and employers towards remote work has changed drastically. Employees have realized that remote work offers them more family time, more opportunities to do activities they like other than work, and they get to enjoy a better balance between their personal and professional lives. From an employer's perspective, a mobile workforce is what helps them go beyond geographical & cultural boundaries and identify & serve opportunities from every nook and corner of the world.
On the other hand, the demand on graphic visualization is growing exponentially, primarily driven by the growth in data generation & consumption, coupled with the ever-increasing expectations on quality of visuals. Graphics-intense applications are becoming more relevant and important for many an organization. Medical diagnostics, video-editing, graphic design, geospatial analysis, web development, and computer aided designs for engineering purposes are some of the many graphic-intense applications that have become an essential part of many companies' day-to-day business operations. But providing a mobile workforce with access to graphics workstations brings along a lot a concerns and challenges.
High Bandwidth Requirements
Most mechanisms which enable remote access to graphics workstations require significantly higher amounts of bandwidth. Several parts of the world do not have such high speed with low latency networks deployed, so getting on-demand remote access to graphics workstations might not be practically feasible for a significant percentage of remote employees.
Ensuring Data Security
With the spike in remote working, there has been a surge in cyber attacks. More and more organizations are being targeted by malware and ransomware attacks. As mobile employees and third-party users take valuable corporate intellectual property outside the secure office perimeters into public domains, organizations become much more susceptible to cyberattacks and must adopt radically different mechanisms to ensure data security.
Management Complexities
Increased mobility also brings-in additional management complexities. Managing and securing corporate data and assets across a wide range of heterogenous BYOD devices of users in public networks is a challenging proposition.
Ensuring Office-Like Performance in Entry Level Endpoints
Graphics workstations work with monitors which have extremely high resolution and refresh rates, and powerful processors with high clock speeds and VRAM, and the average remote endpoint will be no match to the power of these workstations. So, enabling an exact office-like performance with high accuracy of colours and details is something that many remote access mechanisms fail to achieve. But with such a shortcoming, the entire purpose of remote access to graphics workstations would be lost.
Steps to Overcome the Above Challenges Choosing the Right Protocols
Any remote access solution has to make use of a transmission protocol and a display protocol. Choosing the right protocols is the most critical factor in ensuring high quality access to graphics workstations or applications.
Most remote access mechanisms make use of a Transmission Control Protocol (TCP). While TCP will be well suited for many use cases, when it comes to transmission of high-quality graphics, TCP based solutions fare poorly. User Datagram Protocol (UDP) performs very well while delivering graphics workstations, where high speed delivery and handling transmission losses efficiently are more critical.
With regard to display protocol, the conventionally used protocol is Microsoft's Remote Desktop Protocol. RDP in combination with UDP for transmission can be highly effective for several graphics applications and can perform more than satisfactorily. But as the intensity of graphics goes up, RDP's efficiency may drop, as they may not be able to transmit the large number of bits that needs to be transmitted for crystal clear display. This is where PCoIP protocol developed by Teradici (a Canada-based software company) can be effective. PCoIP is capable of efficiently transmitting much more bits than RDP.
This effectively means that PCoIP is capable of producing high quality remote reproduction of graphics-intense images, but at the expense of high bandwidth consumption. So, PCoIP is ineffective in most average low-bandwidth networks. In comparison, RDP scores better in bandwidth utilization. So, depending on the needs and the bandwidth availability, organizations have to choose the display protocol that suits them the best.
The access gateway which connects the user endpoints and graphics workstations or applications must be able to adapt to dynamic network conditions using adaptive encoders to ensure best possible user experience irrespective of network conditions. This will maintain high throughput and low ping latency, which are essential for providing remote access over internet.
Data Protection Features
To protect the corporate data, first thing to ensure is that the data never leaves the corporate environment and enters the user endpoint. Ideally, all users must be given only an httpss-based connection to the corporate network. This ensures that there is no bridging between user network and corporate network and mitigates the risks posed by any malware potentially sitting in any user endpoint.
The access gateway must make use of state-of-the-art cryptography mechanisms like noise protocol framework, Curve25519, ChaCha20, Poly1305, BLAKE2, SipHash24, and HKDF, and all the pixel streams leaving the graphic workstations must be encrypted in real-time.
The solution must also ensure data leakage prevention with the ability to block out features like copy-paste, screen recording, screen printing, file download and restrict access to USB ports and internet usage.
BYOD-Friendly Solution: The solution must be supportive of BYOD, wherein all users can use their own devices to connect to graphics workstations. But BYOD should be supported without even the slightest compromise of security. Device entry control features to allow access only to authorized devices based on device fingerprinting, and to check for compliance status to allow only compliant devices must be present.
For additional security in some scenarios, the remote access solution must also have the capabilities to bind any user to one particular device based on the device fingerprint. Modern multi-factor authentication mechanisms which support not only OTP via SMS or email, but also push notifications and biometrics-based authentication must be integrated to ensure compliance and optimal security.
Providing remote access to graphics workstations might not have been a necessity for many organizations till very recently. But now is a time when organizations are looking beyond the usual options to sustain and grow, and providing remote access to graphics-intense applications is one such option that many organizations can make use of to ensure improved productivity and business growth.
With regard to display protocol, the conventionally used protocol is Microsoft's Remote Desktop Protocol. RDP in combination with UDP for transmission can be highly effective for several graphics applications and can perform more than satisfactorily. But as the intensity of graphics goes up, RDP's efficiency may drop, as they may not be able to transmit the large number of bits that needs to be transmitted for crystal clear display. This is where PCoIP protocol developed by Teradici (a Canada-based software company) can be effective. PCoIP is capable of efficiently transmitting much more bits than RDP.
Providing remote access to graphics work stations might not have been a necessity for many organization still very recently
This effectively means that PCoIP is capable of producing high quality remote reproduction of graphics-intense images, but at the expense of high bandwidth consumption. So, PCoIP is ineffective in most average low-bandwidth networks. In comparison, RDP scores better in bandwidth utilization. So, depending on the needs and the bandwidth availability, organizations have to choose the display protocol that suits them the best.
The access gateway which connects the user endpoints and graphics workstations or applications must be able to adapt to dynamic network conditions using adaptive encoders to ensure best possible user experience irrespective of network conditions. This will maintain high throughput and low ping latency, which are essential for providing remote access over internet.
Data Protection Features
To protect the corporate data, first thing to ensure is that the data never leaves the corporate environment and enters the user endpoint. Ideally, all users must be given only an httpss-based connection to the corporate network. This ensures that there is no bridging between user network and corporate network and mitigates the risks posed by any malware potentially sitting in any user endpoint.
The access gateway must make use of state-of-the-art cryptography mechanisms like noise protocol framework, Curve25519, ChaCha20, Poly1305, BLAKE2, SipHash24, and HKDF, and all the pixel streams leaving the graphic workstations must be encrypted in real-time.
The solution must also ensure data leakage prevention with the ability to block out features like copy-paste, screen recording, screen printing, file download and restrict access to USB ports and internet usage.
BYOD-Friendly Solution: The solution must be supportive of BYOD, wherein all users can use their own devices to connect to graphics workstations. But BYOD should be supported without even the slightest compromise of security. Device entry control features to allow access only to authorized devices based on device fingerprinting, and to check for compliance status to allow only compliant devices must be present.
For additional security in some scenarios, the remote access solution must also have the capabilities to bind any user to one particular device based on the device fingerprint. Modern multi-factor authentication mechanisms which support not only OTP via SMS or email, but also push notifications and biometrics-based authentication must be integrated to ensure compliance and optimal security.
Providing remote access to graphics workstations might not have been a necessity for many organizations till very recently. But now is a time when organizations are looking beyond the usual options to sustain and grow, and providing remote access to graphics-intense applications is one such option that many organizations can make use of to ensure improved productivity and business growth.