Termidesk 6.1: More Security, Convenience and Performance

Uveon – Cloud Technologies (part of the Astra Group) has released a new version of the virtual workplace infrastructure management platform Termidesk 6.1. The release adds a new interface for both users and administrators. It provides the possibility of branding according to the corporate style of the customer, and also supports light and dark themes.

The TOTP authentication mechanism via RADIUS has been upgraded from the experimental mode to a ready made solution and supplemented with a user-friendly interface, which simplifies the implementation of multi-factor authentication in existing processes. A transparent single sign-on (SSO) mechanism for Kerberos has also been implemented: after gaining access to the domain, the user does not need to re-enter the password.

Special attention has been paid to the implementation of the password-free access concept, which allows not only to authenticate a user without entering a password, but also to grant them access to resources within the framework of a given policy. In practice, this reduces the risks associated with phishing, and also provides a more convenient entry into the corporate environment for employees, especially in situations with frequent reconnections and movements between networks of different levels of trust.

The security policy mechanisms have become more flexible. There is a separation of users into internal and external circuits, which allows you to apply different verification scenarios for connections from different network segments, as well as implement the requirements of enhanced or strict authentication for work from untrusted networks. For example, the same user can connect from home only via two-factor authentication (2FA), and in the office by login and password. Smart card usage policies, USB, directory redirection, and others now can be applied not only to specific workplace funds, but also to user groups or network segments.

At the same time, the system has got a built-in mechanism for dynamically verifying access rights based on directory server data: Termidesk automatically updates rights in accordance with changes in AD/LDAP. For Microsoft Active Directory, support has been added for additional user attributes with the ability to store and view them in the Termidesk interface. A new action when the user exits the OS —automatic reboot of the virtual workplace, which helps to maintain a clean environment has also been included in the policies.

To ensure the maximum level of protection in infrastructures with high information security requirements, the administrator can configure the interaction of all Termidesk 6.1 components over secure channels using mutual TLS encryption (mTLS). For the proprietary TERA protocol, end to-end TLS protection from the client to the server has been implemented, as well as network connection authentication using SASL/Kerberos, which comprehensively increases the overall security level of the entire infrastructure.

The TERA remote access protocol in version 6.1 stops being in experimental mode and becomes a standard tool for building high-performance VDI. It supports Astra Linux and Windows 10/11 operating systems, provides redirection of USB devices (limited and controlled set of types), as well as redirection of time zone and correct synchronization of keyboard layout and behavior, and the transmitted data is protected by end-to-end TLS encryption.

In Termidesk 6.1, the TERA protocol has been optimized for operation on weak processors and in conditions of limited bandwidth. For this purpose, the MJPEG codec and the mechanism of dynamic change of the frame rate (FPS), JPEG quality and traffic intensity are used. The system accurately measures the processing time of video frames, redrawing intervals and the number of missed rendering frames, on the basis of which it automatically adjusts the transmission parameters.

For the RDP and TERA protocols, the release has implemented automatic session recovery after disconnection, which reduces the number of interruptions in the work of employees. Reliability and convenience of connection have been improved. The Termidesk Viewer client application has become fully operational and provides more stable and manageable connections to virtual workstations, even in difficult network conditions. The user can customize the layout and behavior of the Viewer toolbar according to their preferences, which further enhances the user experience.

Termidesk 6.1 makes virtualization resource management more flexible. The platform allows you to combine workplaces from multiple funds into one logical pool, so that for the user it looks like one shortcut, even if there are different resource providers behind it. The integration with the ISPsystem product (part of the Astra Group) VMmanager has been significantly expanded. From Termidesk, the administrator can manage the status of virtual machines — turn them on and off, reboot, suspend and restore, as well as manage their power supply.

For zVirt, oVirt, and RED Virtualization platforms, support for full virtual machine clones has been added, making it easier to scale the infrastructure. Instead of RabbitMQ, a new full-time messaging component, TermideskMQ, has been created in the ecosystem. It takes over the functions of a broker and is optimized for Termidesk scenarios.

To meet corporate requirements for auditing and data management, Termidesk 6.1 provides enhanced storage and transfer capabilities for service information. The administrator can configure the storage location of logs and move configuration files to separate storages in accordance with the organization's policies. Customer and agent logs can be transferred to external repeaters, which facilitates integration with centralized logging systems. At the same time the platform transmits extended information about user sessions to the DBMS and terminal servers, which makes event analysis and incident investigation more detailed.

"With each release, we focus more and more on specific technical scenarios for using our product in the infrastructures of our large corporate and government customers, for whom predictability, stability and security are critically important. Now we are not only catching up with our foreign competitors in terms of functionality, but also releasing some popular functions faster, which will allow us to compete in the near future. Our goal is to provide the market with not just a set of functions, but a complete platform ready for complex scenarios, with which you can confidently build a secure and fault-tolerant virtual workplace infrastructure," comments Denis Mukhin, Director of Virtualization and Cloud Services at the Astra Group.