PCoIP technology delivers unique USB security capability that is not possible on desktop, notebook or thin client form factors. This includes providing mobile users secure access to data via hardware encrypted flash drives – but only the devices approved by enterprise IT will work on the PCoIP desktop portal appliances. All other flash peripherals (or selected peripherals) would be locked out. This authorization is done in hardware so it is ultra secure.

“[PCoIP Technology] has a bunch of security features that are unachievable with desktop computers” - Tom Bradicich, VP IBM Systems and Technology

See video blog: “Extreme USB Security for Enterprise and Government”

Click To Enlarge

Desktop portal appliances based on Teradici’s PCoIP Processors are fully stateless appliances with no local application operating system and no drivers at the desktop.

Teradici PCoIP Technology Unique USB Security Features:

1. Support for all USB peripherals
   • Includes biometrics, card readers, etc.
   • Also includes webcams, scanners, tablets, DVD players with no special drivers.
2. No drivers required on the desktop appliance
   • PCoIP Technology uses the drivers that are native to the host PC/server. So if the peripheral would work when plugged into the host PC, it will work bridged across an IP network to a PCoIP desktop portal.
   • Eliminates the threat of virus propagation from the desktop appliance (where thin client’s embedded OS can get infected with a virus and propagate to hosted client machines)
3. Intelligent Authorization of USB peripherals.
   • Peripheral authorization can be done on device class, product ID, Vendor ID and even the peripheral serial number. The authorization can be done on a per user/group basis and only accept specific devices.
4. Complete USB lockdown - no host enumeration of USB if peripheral is not authorized.
   • PCoIP technology transparently bridges USB traffic from the host PC/server in the datacenter to the desktop portal appliance. You could view this as an exceptionally long USB cable. Peripheral authorization is done at the desktop appliance when a peripheral is plugged in. If the device is authorized, the plug event is bridged back to the host PC and the device can be used as it normally would if the user was directly connecting the peripheral to the host PC.
   • If the device is not authorized, a message is displayed on the user’s screen to let them know the device is not authorized and the plug event is blocked in hardware at the desktop portal. For extreme security, the host PC physically cannot enumerate the USB peripheral and does not know that an attempt was made to connect a peripheral. This is unique to Teradici’s PCoIP technology.
5. Management logs and alerts of attempted connection of un-authorized devices
   • PCoIP Technology allows management systems (see connection broker partner list) to track peripheral connections and attempted connections. Also, PCoIP enables these management systems to deliver alerts to identify users that are trying to connect unauthorized peripherals.

Example Scenario:

IT Problem:
Need to lock down sensitive corporate data, but need to provide certain users such as managers, directors and VP’s the ability to take data out of the office (at home, on the road etc).

Teradici PCoIP Solution:
Provide these users with a hardware encrypted flash drive so that if the flash is lost the data is still secure. Use PCoIP to deliver the users desktop to a secure desktop portal (see partner products). Disable all flash drives, but enable flash drives that match the product ID and vendor ID of the hardware encrypted flash drive.

When a user plugs in the approved flash drive into their desktop portal it is authorized and the plug event is bridged back to the host PC/Server. The user can then use the flash drive as normal. If an insecure flash drive, MP3 player or iPod is connected, the peripheral is not authorized and a message is displayed on the user’s desktop to notify them that the device is not authorized and the host PC/server does not ever know that the peripheral exists (no host plug event to enumerate).

For extreme security, the authorization could match the user and the serial number of the flash drive that was assigned to them.