Provides Commerzbank AG (NY) With Multi-Factor Authentication System for Hosted Desktops
Leostream(TM) Corporation (www.leostream.com), a developer of virtual Hosted Desktop software, in partnership with IdentiPHI(TM), Inc. (OTCBB: IDPI) and Wyse® Technology, today announced multi-factor authentication and digital certificates for Hosted Desktops via smart card support for Wyse thin clients. Hosted Desktops allow enterprise users to access their desktops from any physical location behind the firewall.
Leostream support for the Wyse thin clients and IdentiPHI smart cards demonstrates how the Leostream Hosted Desktop architecture works with smart card-based user authentication systems.
Leostream Connection Broker(TM) software enables organizations to manage user access to computing resources such as Virtual Hosted Desktops, Physical Machines, and Terminal Services. It provides the production-proven, scalable, fault-tolerant management layer required by organizations to implement and enforce business policies for Hosted Desktops.
How Smart Card Authentication for Hosted Desktops Works
The solution enables users to access their Hosted Desktop by inserting a smart card in a reader attached to a Wyse thin client. The data is read from the card and sent to the Leostream Connection Broker, which determines which Windows Desktop to assign. Once the desktop is assigned, the end user enters a PIN.
When users remove the smart card they disconnect from the remote desktop, and when they move to another location and reinsert the card into another thin client, they regain their desktop session in the state they had previously left it.
The solution is superior to other smart card-based thin clients because it is built around digital certificates that provide strong two-factor access control to the Windows® Desktop. Early adopters of this technology include the healthcare, finance, and defense industries.
"Our partnership with Leostream now extends to thousands of Wyse thin client users," said Ricardo Antuna, VP of Business Development and Alliances, Wyse Technology. "With Leostream's ability to support multi-factor authentication and digital certificates for Wyse thin clients, we can now deliver highly secure Hosted Desktop solutions to our thin client customers."
Case Study: Commerzbank AG (New York)
Commerzbank AG (NY) is nearing deployment of a smart card solution built by Leostream, IdentiPHI, and Wyse, that controls Hosted Desktop access based on user location and identity.
"When we embarked on the VDI project, it was very important that we worked with partners who bought into our vision, understood our security and accessibility requirements and were willing to work closely with all the players involved to get this done," said Ewange Musonge, Systems Engineer, Commerzbank AG (New York). "This solution eases and demystifies the login/authentication process for the end-user. And end-users benefit from 'anywhere' access to Hosted Desktops, while the system itself adheres to strict industry security standards."
The solution is based on the use of smart cards that store X.509 digital certificates in conjunction with Microsoft Active Directory® to generate a unique certificate for each user. Active Directory validates or rejects the digital certificate. The user is then required to enter a unique PIN to unlock access with the smart card and IdentiPHI SAFsolution 5 manages network access, providing the second authentication factor. The solution ports the Windows-based PKCS#11 middleware component to allow equivalent functionality on the WTOS platform, providing unique new functionality that advances security and usability for virtual desktop computing.
"With this solution, enterprises can provide secure access to Hosted Desktop solutions from anywhere -- avoiding the costs, complexity, and limitations of building security systems which rely on physical access to particular locations," said Chris Collier, IdentiPHI Vice President. "The use of smart cards in conjunction with Hosted Desktops allows businesses to take advantage of this 'anywhere' access solution while staying in strict compliance with key industry regulations."
Leostream Connection Broker version 5.1 works with Wyse Thin OS(TM) (WTOS) and IdentiPHI's SafeSign Identity Client. In addition, Leostream Connection Broker multi-factor authentication support includes the following features:
-- Client-side browser certificates
-- NT LAN Manager (NTLM)
-- Central Authentication Service (CAS)
-- Biometric (fingerprint) authentication
-- Windows desktop-based smartcard authentication through Leostream
For more information on the SIFMA Technology Management Conference visit: http://events.sifma.org/2008/107/event.aspx?id=526
About Leostream Corporation
Based in Waltham, Mass., Leostream (www.leostream.com) is a vendor-independent software company that has been a driver in the evolving virtualization space. With its Connection Broker product, Leostream provides the most complete solution for organizations to manage the Hosted Desktop. The Leostream Connection Broker supports the integration of a wide range of clients, back-ends, and viewer, authentication, and security protocols. Supported client devices include: CompuMaster, Cranberry, Devon IT, IBM, IGEL, Microsoft Windows (2000, XP, XPe, Vista 32- and 64-bit), Sun, and Wyse. Back-end support includes: Microsoft Terminal Services, Physical Machines, and VMware. Connection Broker supports the following viewer protocols: Teradici PCoIP, HP RGS, Radmin, RDP, Sun ALP, and VNC. SSL VPN support includes Cisco, F5, Juniper, and Sonicwall.