Agentless security offers virtual peace of mind: Grenda Transit

Despite the increasing organisational complexity of a major business restructure, a completely virtualised server and desktop environment – and a new approach to securing it – has helped Melbourne-area transit provider Grenda Transit (GT) keep on top of its changing security profile.

That profile proved to be a major issue last year when GT, a 67-year-old family business that had grown to employ 1100 staff and run 600 buses, split its bus transit and bus manufacturing businesses in a November 2011 deal that saw its longtime rival, Ventura Bus Lines, take over the bus-transit operations. As part of the deal, however, GT's IT division would retain responsibility for service delivery both to the new organisation and to its newly-separated manufacturing business, Volgren.

Having steadily pushed towards virtualisation technology in the past, GT found itself needing a way to deliver consistent desktop images to employees across the various divisions. Its solution was to run the Citrix Systems Published Desktop, running individual desktop instances in a virtual-server environment.

This approach has become increasingly popular as organisations work to meet the challenges of bring-your-own device (BYOD) strategies, which are forcing IT managers to accommodate employees' personal smartphones and tablets simply through sheer weight of numbers.

"For me, BYOD isn't such a big deal," says Gavin Gusling, Grenda Transit's general manager of IT. "We've virtualised our desktop in Citrix and have a public-facing remote access page where you can log into it. Effectively, all of our data lives in our data centre – and never leaves it. So we've covered off all the privacy issues, and because everything lives in there, I can run desktops on anything from a local computer to an iPod touch."

Not only can the Published Desktops be accessed from nearly any device, but they can be quickly created as new employees are brought onboard. This is particularly useful for the Volgren manufacturing business, which often sees surges in employment numbers as employees are brought onboard to fulfil new bus-making contracts.

Restructuring the server environment has presented its own challenges, however: for example, the change meant revisiting the company's Microsoft Client Access License (CAL) setup, which Gusling says was "nowhere near as easy as what we considered when we first put it on the table".

And while virtualising the company's desktops may have offered significant benefits in accessibility, it created a new security challenge: conventional antivirus-type security scanners into each server desktop tried to seize exclusive control over pooled CPU and disk resources. It also, from a practical perspective, presented an untenable management burden in keeping all images updated all the time.

Grenda had to take a different approach – and it did so by installing the XenDesktop servers not on their own physical hardware, as convention would have it, but loading the XenAPP servers into a XenServer and VMware ESX Server server-virtualisation environment.

"In the past, we had used physical servers," Gusling explains, "and whenever we had changes, it became almost impossible to keep the Citrix image consistent across multiple hardware platforms. We took about a 5 per cent performance hit by virtualising, but that was easily offset by the benefits of being able to quickly provision new Servers."

Since this approach involved pulling the security perimeter back from individual desktops, GT staff are trialing Trend Micro's Deep Security package, which scans for intruders at the ESX Server hypervisor level instead. Deep Security's agentless design avoids the potentially disastrous conflicts between multiple instances scanning simultaneously – and helps GT staff aiming to simplify the administrative overhead for the company's security environment.

"With 80 virtual servers currently providing services across the business plus 30-odd Citrix servers, there is a fair overhead in maintaining our environment," Gusling says. "To actually run the scanning service in the virtual environment as a dedicated machine that had no agents on the virtual guests, means that the whole administrative overhead should just disappear."

Despite the freedoms it has enabled, however, the Deep Security proof-of-concept trial has exposed many of the control issues that the move to centralised security often raises. Users can get touchy when their access to particular resources is blocked, although Gusling says they usually come around when the security requirement is clearly explained to them.

"The key to all of this is being able to talk to your users," he explains. "It's about being able to have a conversation where you say 'we can do this and this and this, but there's a risk that such and such is going to happen'."

"What you'd really like is an educated, human firewall – where the person who's actually using the technology says 'I'm going to be responsible for what I'm doing'. And when you ask them whether they want a particular bit of information published on the front page of the Sydney Morning Herald or The Age, they say 'no, not really'. So you can then work together to do something about it. It's all about interaction."

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the CSO newsletter!

Error: Please check your email address.

More about Citrix Systems Asia PacificCitrix Systems Asia PacificCSOMicrosoftTrend Micro AustraliaVMware Australia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts