Category Archives: The Virtual World

General News of the Virtual World!

Lessons From the “Wannacry” Debacle!

The Virtual World

The ransomeware attack called “Wannacry” has effectively shut down many businesses, and cost tons of money. What can we learn from this attack?

The Fallout and Lessons from WannaCry

Virtualization Review – By Trevor Pott – “On May 12, 2017, a new strain of ransomware called WannaCry began circling the globe. This ransomware attack has proven to be efficient and effective, earning WannaCry worldwide media coverage. Unfortunately, attempts to explain the details of the attack have not always been accurate.

My touchstone for discussing media inaccuracies is The New York Times article ‘Hackers Hit Dozens of Countries Exploiting Stolen N.S.A. Tool.’ In this article, The New York Times tries to convey the complexity of the WannaCry ransomware event to a non-technical audience.

The New York Times is one of the most important publications in the world. What it writes matters, and it helps set the tone for media reporting around the world. I feel that there are nuances missed in the reporting that are important, especially if we are to finally engage in the global discussion about IT security that we’ve needed to have for more than a decade.

WannaCry Basics

The most important thing to understand about the WannaCry ransomware is that little about it is novel. WannaCry is not some technological terror lovingly crafted by a mad genius. Instead, it is an assemblage of parts, each of which are reasonably mundane, simple and well-tested.
The WannaCry ransomware incorporates numerous elements to assist its spread. The fact that it’s largely built of previously tested components has allowed its authors to regularly adapt the ransomware to overcome efforts to eliminate it. This sort of cat-and-mouse game is a normal and everyday part of the IT security world.

For ransomware to work, three basic elements are required. First, there must be a mechanism of initial infection. Second, there must be an encryption mechanism that prevents users from accessing their files. Third, there must be a demand for payment along with a means of making payment. Traditionally, ransomware authors will decrypt files if payment is made; however, in recent months there have been increasing strains of ransomware where payment does not result in decryption of files.

WannaCry adds a fourth element to the traditional ransomware cocktail: It uses a Windows vulnerability to spread beyond the initial infected computer. The result of this is that on improperly designed or improperly secured networks, one infected computer can infect many others.

WannaCry Detection and Prevention

WannaCry’s mechanism of initial infection relies on what’s known as phishing. In essence, these are scam e-mails that either contain a file that can infect your computer or entice you to click on links in the e-mail to take you to a Web site that will infect your computer. The most common versions of WannaCry are reported to use an encrypted file contained in a phishing e-mail.

Some media reports claim that the use of encrypted files makes WannaCry undetectable. This is false. Encrypted files of this nature are detectable, even with freely available e-mail filtering applications such as the eFa project’s Email Filter Appliance (hence, eFa).

These sorts of e-mail filters can be set to block all mail with encrypted files, block it only from likely spam sources or only allow encrypted mail from known trusted sources. These scanners can also be configured to allow end users to access the encrypted files, but only after reading a warning about the potential dangers. They can also be configured to send this type of mail to a systems administrator for assessment before release.

While open source solutions like the one made available by the eFa Project are somewhat cumbersome to deploy and use, commercially supported e-mail filters exist that are far more friendly. Many of today’s e-mail filtering solutions are perfectly capable of blocking even unknown threats.

That WannaCry malware even made it into user mailboxes to be opened means that e-mail administrators made a choice to allow these types of files through without adequate protections. Alternately, e-mail administrators were inadequately resourced and relying on e-mail filtering technologies that are years — or even decades — old.

Solutions also exist to ensure that malicious e-mails, once opened, cannot infect vulnerable computers. Bromium is considered the industry leader in this area, and had its technology been deployed on relevant networks, WannaCry wouldn’t have made headlines.

WannaCry Mitigation

Modern IT security procedures and solutions, including network microsegmentation, core resource isolation and automated incident response, could each have been used to prevent the spread of infection. Had networks been properly designed, resourced and secured, any systems that did manage to become infected would only have been able to infect a limited number of others.
The technologies needed to prevent, detect and contain these outbreaks are new, but they’re no longer the bleeding edge. They are well within the capabilities of health care, government and enterprise IT departments.

Media reports typically focus on the patching of OSes and applications. Blame is laid on patching regimens because WannaCry used a previously patched Windows vulnerability to spread once established on a network. This is placing the blame where it doesn’t belong.

Even if an organization were to be keep all computers fully patched, this would not make those computers secure. While patching is important, perpetuating the idea that it will somehow save us is dangerous. There are dozens, if not hundreds, of unpatched vulnerabilities in the Windows OS alone. That doesn’t include the various applications that run on top of Windows.

Governments and hackers alike hoard these ‘zero-day’ vulnerabilities for use in espionage and cyber warfare. Zero-day vulnerabilities are considered precious, expensive knowledge and are used sparingly, but every now and again they find their way into some bit of malware and infect everyday systems.

Proper IT security no longer relies solely on patching computers in order to keep networks safe. ‘Eggshell security,’ in which a network has a relatively well-defended perimeter but is undefended inside that barrier, hasn’t been considered adequate for more than a decade.

Systems administrators have been encouraged for years to consider every single computer on a network as unpatched and vulnerable, and design their network accordingly. WannaCry isn’t the first piece of malware to spread from one initial point of infection across a network, and it won’t be the last.

Patching Things Up

Some media outlets have reported that large-scale patching against WannaCry isn’t possible. This is false. Patching computers in an automated fashion isn’t only possible, it’s considered one of the most basic activities a systems administrator engages in.

Windows computers can have their patches managed with Windows Server Update Services, a free feature in modern Windows Server OSes. Paid options made available by Microsoft include System Center Configuration Manager for larger deployments and Intune for smaller deployments.

Patch management isn’t limited to Windows. Linux has numerous patch management options, with Red Hat’s Satellite being the most popular. For those with mixed environments, an entire industry called ‘endpoint management’ has emerged around patching and securing computers. There are hundreds of vendors selling products to patch and manage Windows, Linux and smartphones.

Patching, however, isn’t straightforward. There’s a lot of oversimplification occurring in media reporting regarding the WannaCry ransomware attack. Systems administrators who hadn’t yet patched their systems had not necessarily ignored patches or warnings from Microsoft. Nor were they necessarily running unsupported software, even where Windows XP was still in use.

Patches themselves can — and sometimes do — cause computers to malfunction. A computer may work fine for years, but when a patch is applied some critical component of either the OS or an application ceases to function. Microsoft has had a number of these over the years, with several in the past several months affecting large enough numbers of people to gain media attention.

Systems administrators, especially those guarding life-critical IT, must test patches before deployment to ensure that patches don’t break anything. Unfortunately, Microsoft has jettisoned its traditional Security Bulletins, and has made it increasingly difficult to learn what patches are supposed to do.”

Published by:

Security Issues in Virtualization

The Virtual World

Security is more important than ever today; is a virtual environment more secure?

Security Shortcomings Remain Strong in the World of Virtualization

Serverwatch – By: Paul Rubens – Virtual machines (VMs) offer better isolation than containers: it’s one of those ‘known facts’ that most people never question, and one that server virtualization fans (and vendors) use as a key point in their arguments in favor of VMs and against containers.

It’s probably a fair point to make, because an application running in a virtual machine is isolated from apps running in other virtual machines on the same host, and indeed from much of the host itself.

It’s also true that applications running in containers are additionally isolated from applications running in other containers on the same container host, and indeed from the container host itself — but to a lesser degree. That’s because, the argument runs, containers share the host’s operating system kernel with each other and with the host. So if there’s a vulnerability in the kernel, this could provide a way into, or out of, the containers that are sharing it.

Of course, if there’s a vulnerability in a virtualization hypervisor the same could be true, but since a hypervisor provides far less functionality than a regular Linux kernel (which typically implements file systems, networking, application process controls and so on), it presents a much smaller attack surface.

But just because virtual machines are (arguably) better isolated from each other than containers, and despite a hypervisor having a smaller attack surface, that doesn’t mean escaping from this isolation can’t happen.

VM Escape Exploit Showcased at Pwn2Own Hacking Conference

This was proved last month at the Pwn2Own hacking conference in Vancouver, when one team showed off a VM escape: the Qihoo 360 security team chained together three exploits to get from Microsoft’s Edge browser running in a VMware virtual machine to pwning the underlying host.

To do it, they used a JavaScript bug in Edge to get code execution powers inside the Edge sandbox. From there they used a Windows 10 kernel error to escape from the Edge sandbox and pwn the whole VM.

And then, finally, the team exploited a hardware simulation bug in the VMware hypervisor to escape from the guest OS to the host OS. And this was all done by simply visiting a maliciously-designed web site where remote JavaScript code was executed.

Now that’s pretty scary: think of the number of applications running on virtual machines on shared hosts in cloud data centers where application owners have no idea who they are sharing the host hardware with.

No Need for Surprise When It Comes to VM Security Shortcomings

On the other hand, we shouldn’t be surprised, according to Dino Dai Zovi, a security expert quoted by Ars Technica. ‘A virtual machine hypervisor is just another software-based isolation layer that can have vulnerabilities in it that permit attacks to break through,’ he told the web site. ‘Isolation layers such as sandboxes, virtualization, and containerization all add more work for an attacker, but none is perfect. Defenders should always assume they can be broken through with enough work by an attacker.’

It seems that the problem in VMware’s software is not an isolated case, either. The company recently issued patches to its software to sort out a number of serious problems. The first two are a heap buffer overflow and an uninitialized stack memory usage in SVGA. ‘These issues may allow a guest to execute code on the host,’ VMware warns. Yikes!

Another is a bug in its XHCI controller, allowing uninitialized memory usage. ‘This issue may allow a guest to execute code on the host,’ says VMware. Double yikes!

Another case of uninitialized memory usage is less serious since it only offers the possibility of information leakage rather than a complete takeover of the host machine. Still, not ideal by any means.

At least one of these problems is linked to Qihoo 360’s Pwn 2Own hack, but the others? Who knows?

It just goes to show that virtual machines may be more secure than containers, but only by degree. There’s no room for complacency, and wrapping stuff up in a virtual machine — even a container — doesn’t guarantee security. It just helps a little, but if you end up getting pwned, that’s not really much help at all, is it?”

Published by:

6600 to be Laid Off at Cisco

The Virtual World

Many businesses use Cisco Networking and Servers, with their UCS technology, so this impacts virtualization in the Enterprise.

Cisco Ups Layoffs to 6,600 After Big Forecast Miss

Talkin’ Cloud – By: Aldrin Brown – “Cisco Systems said it would lay off 1,100 more employees than anticipated after reporting on Wednesday it expects to miss its fourth-quarter revenue target by as much as 6 percent, year over year.

The world’s largest network gear manufacturer had already announced 5,500 job cuts in August of 2016.

Cisco now plans to shed a total of 6,600 jobs as the company comes off its sixth straight quarter of declining revenue, amid a pivot from a focus on hardware to software products.

‘I am pleased with the progress we are making on the multi-year transformation of our business,’ Cisco CEO Chuck Robbins said.

‘The Network is becoming even more critical to business success as our customers add billions of new connections to their enterprises,’ the statement continued. ‘We are laser focused on delivering unparalleled value through highly secure, software-defined, automated and intelligent infrastructure.’

Cisco reported revenues of $11.9 billion for their third quarter – ended April 29 – down 1 percent from the same quarter in 2016.

Despite the air of gloom, net income was up 7 percent year over year, at $2.5 billion.

‘We executed well in Q3, delivering $11.9 billion in total revenue, while driving solid profitability and cash generation as we deliver on our strategic priorities,’ Cisco CFO Kelly Kramer said. ‘We will continue to invest in growth areas as we move the business toward more software and recurring revenue and return value to shareholders.’

For the coming quarter, however, Cisco said revenue could fall to just over $12 billion, for Q4, which ends Sept. 30.

Analysts had expected something closer to $12.5 billion.

On an earnings call today, Robbins attributed the revised revenue forecast, in part, to a 4 percent decline in public sector business, which is suffering because of political uncertainty in Washington, D.C.

‘It’s a pretty significant stall right now with the lack of budget visibility,’ the CEO said, according to Reuters.

Revenue for Cisco’s cybersecurity products business continued a positive trend, growing 9 percent to $527 million.

Still, even that business fell short of analysts’ expectations of more than $545 million.

The news sent Cisco shares plunging $1.4 percent today, to $33.83 per share, on a day when the broader Dow Jones Industrial Average fell 372.82 points.

Cisco stock fell another 7.7 percent in after-hours trading, to $31.22 per share.”

Published by:

VMware Desktop-as-a-Service on Microsoft Azure

The Virtual World

VMware will now offer DAAS on Microsoft Azure.

VMware To Offer Desktop-as-a-Service Infrastructure on Microsoft Azure

Virtualization Review – By: Keith Ward – “VMware, which last year announced a deal to integrate its infrastructure with Amazon’s public cloud, has entered into a deal with Amazon’s main competitor, Microsoft. This time it’s for delivery of virtualized desktops and apps on the Azure public cloud.

The announcement, which came as a surprise to many in the industry, means that VMware’s Horizon Cloud Desktop-as-a-Service (DaaS) infrastructure can be delivered via Azure. It will be called ‘VMware Horizon Cloud on Microsoft Azure.’

VMware’s press release announcing the deal quoted IDC’s Robert Young on the biggest potential benefit for VMware: ‘The addition of a major cloud platform such as Microsoft Azure has the potential to accelerate the adoption of VMware Horizon among customers searching for a different way to manage and deliver Windows 10 desktops and applications.’

One reason the partnership comes as a surprise is last October’s announcement of ‘VMware Cloud on AWS,’ which uses VMware’s plumbing technologies such as software-defined networking via NSX and software-defined storage via VSAN to undergird a hybrid cloud environment. At that time, AWS (Amazon Web Services) CEO Andy Jassy VMware said that AWS would be VMware’s primary public cloud infrastructure partner, and VMware would be AWS’s primary private cloud partner.

Jassy didn’t discuss DaaS, virtual desktop infrastructure (VDI) or endpoint management. Whether that was intentional or not, it appears that VMware has decided to significantly broaden its cloud partnerships to include the No. 2 public cloud provider in Microsoft.

As a strategy, it appears to make sense, as Azure is a rapidly-growing platform adding customers at a rapid rate. AWS continues to lead, but is seeing that lead shrinking as Azure catches up, especially in the enterprise. According to one survey, Azure has taken the lead in the enterprise space. Other studies have found Azure to be ahead of AWS — to the point of widening its lead — in the Infrastructure-as-a-Service (IaaS) segment of the market.

The Azure deal further solidifies VMware’s about-face on public cloud in general. At one time, both AWS and Azure were primary competition for VMware in its attempt to build its own public cloud platform, originally called vCloud Hybrid Services. It was eventually renamed vCloud Air.

Launched in August 2014, vCloud Air was an attempt to move VMware’s customers to the public cloud without ever leaving its proprietary infrastructure. But vCloud Air never took off, remaining more of an on-premises and hybrid cloud solution. Because of that failure, last month VMware sold off vCloud Air to the European hosting provider OVH.

VMware said that VMware Horizon Cloud on Microsoft Azure is expected to be available in the second half of 2017. Pricing details weren’t given, but Horizon Cloud now costs customers $16 per user, per month.”

Published by:

Announcement: VMware Cloud on AWS!

The Virtual World

Currently in Technology Preview, VMware Cloud on AWS will be a new solution that makes it easy for customers to run VMware workloads on the AWS Cloud.

VMware Cloud on AWS is the only VMware-delivered, sold and supported service available on a leading public cloud.

Customers will be able to use VMware’s virtualization and management software to seamlessly deploy and manage VMware workloads across all of their on-premises and AWS environments. This new offering will allow customers to leverage their existing investments in VMware skillsets and tooling to quickly and seamlessly take advantage of the flexibility and economics of the AWS Cloud.

Official Announcement of VMware Cloud on AWS

Demo of VMware Cloud on AWS

Published by:

VMware vRealize: Enhances Ease of Use with Out-of-the-Box Support for Azure and Containers

The Virtual World

VMware today introduced a number of updates to its cloud management platform with significant enhancements to vRealize Automation and vRealize Log Insight™. To better address the needs of developers and IT teams, VMware vRealize Automation 7.2 will introduce out-of-the box support for Microsoft Azure as well as new container management capabilities. With this new release, the ability of IT and DevOps practitioners to use unified service blueprints to simplify the delivery of integrated multi-tier applications with application-centric networking and security will be extended to Microsoft Azure, as well as currently supported clouds including Amazon Web Services (AWS), VMware vCloud® Air™ and the vCloud Air Network™.

VMware vRealize Automation 7.2 support for containers will enable developers and application teams to accelerate application delivery. The latest release will feature Admiral™, a highly scalable and lightweight container management portal to deploy and manage containers to Docker hosts supporting operating systems that Docker supports. Currently VMware is testing Admiral to deploy containers to virtual container hosts on VMware vSphere Integrated Containers in a private beta. Beyond Admiral support, developers will be able to provision container hosts from the vRealize Automation 7.2 service catalog. They will have the choice of modeling containerized applications using unified service blueprints or Docker Compose. Application teams will have the ability to build hybrid deployments consisting of VMs and containers. Cloud administrators will be able to manage container hosts and apply governance to their usage including capacity quotas or approval workflows. vRealize Automation 7.2 is well suited to organizations required to support existing apps while modernizing them via the adoption of microservices and a cloud-native architecture. VMware’s multi-technology approach across private and public clouds with support for containers and OpenStack affords customers the flexibility to manage their talent pools and technology stacks as needed today and over time.

VMware is also introducing vRealize Log Insight 4.0 and vRealize Operations 6.4. The latest release of VMware’s log management and analysis solution will feature enhanced alert management functionality and a redesigned, easy to use interface. VMware vRealize Operations 6.4 will deliver improved alert management and metric grouping for faster troubleshooting and new dashboards customized to specific user personas that span infrastructure, application and cloud teams. Both vRealize Log Insight 4.0 and vRealize Operations 6.4 will also include integrations with the newly announced vSphere 6.5.

Published by:

VMware Virtual SAN 6.5: Further Lowering TCO for Hyper-Converged Infrastructures

The Virtual World

VMware continues to rapidly update its industry-leading hyper-converged solution with Virtual SAN 6.5 — its fifth product release in less than three years. The new release will improve total cost of ownership (TCO) savings an additional 50 percent by adding support for containers and physical workloads, unveiling iSCSI support, eliminating networking hardware costs from two-node Remote Office/Branch Office (ROBO) configurations, and adding all-flash hardware support to Virtual SAN Standard Edition. VMware Virtual SAN 6.5 will deliver:

  • iSCSI Support – will enable Virtual SAN storage to be presented as an iSCSI target for external physical workloads including clustered applications such as Microsoft SQL Server with Failover Clustering on a limited number of physical servers.
  • Containers Support – Virtual SAN will provide persistent data layer for containerized applications via VMware vSphere Integrated Containers.
  • Two-node Direct Connect – new functionality will eliminate the need for routers/switches between Virtual SAN systems in ROBO sites helping customers lower infrastructure costs by 15 to 20 percent per site.
  • REST APIs and Expanded PowerCLI – will help customers accelerate responsiveness with enterprise-class automation that brings cloud-like flexibility and management to Virtual SAN environments.
  • 512e Hard Disk Drives and Solid State Drives (SSDs) – support for 512-byte emulated disk drives enables high-capacity drives to be supported.

In Q4 2016, VMware will update the packaging for Virtual SAN Standard Edition to introduce support for basic all-flash configurations enabling customers to further lower TCO for their storage system.

VMware today is announcing a new VMware Ready for vSAN certification program to provide customers with the confidence that file services and data protection partner solutions will seamlessly deploy, run and interoperate with Virtual SAN. The program will accelerate customer time-to-value by helping them to quickly find a qualified solution partner. Dell EMC, NetApp and Nexenta are the initial file services partners. Commvault, Dell EMC, Veeam and Veritas are the initial data protection partners participating in this program. Over time, VMware expects to work with additional partners to further enhance the ecosystem.

In addition, VMware is also announcing vSphere Virtual Volumes™ 2.0, which will feature enhanced enterprise-readiness through capabilities like native support for array replication, as well as support for business-critical applications such as Oracle Database with Real Application Clusters.

Published by:

Coming Soon… VMware vSphere 6.5: Next Gen Infrastructure for Modern Applications

The Virtual World

VMware vSphere 6.5 will feature a simplified customer experience through increased automation and management capabilities, comprehensive built-in security, and support for new application types including containers. With these new capabilities, VMware vSphere 6.5 offers customers a universal application platform that supports traditional and modern applications — spanning 3D graphics, Big Data, cloud-native, containerized machine learning and Software as a Service — to run any application anywhere. The new release will feature:

  • VMware vCenter Server® Appliance – will deliver a simplified building block for vSphere environments offering an easy to deploy and manage approach that reduces operational complexity by embedding key functionality into a single virtual appliance. The appliance will offer customers simplified patching, upgrading, backup and recovery, high availability and more, including a 2x increase in both scale and performance of their vCenter Server environments.
  • REST APIs – will improve both the IT and developer experience by enabling greater control and automation of virtual infrastructure for modern applications via new REST-based APIs.
  • VMware vSphere Client – based on HTML5, the new vSphere Client will simplify the administrative experience via a modern, native tool that meets the performance and usability needs and expectations of users for day-to-day operations.
  • VM Encryption – new virtual machine-level encryption will protect against unauthorized data access safeguarding data at rest as well as virtual machines that are moved with VMware vMotion®.
  • Secure Boot – new feature will prevent the tampering of images as well as the loading of unauthorized components into vSphere environments.
  • VMware vSphere Integrated Containers™ – will allow IT operations teams to provide a Docker-compatible interface to their app teams enabling vSphere customers to transform their businesses with containers without re-architecting their existing infrastructure.
Published by:

A Citrix VDI Client for $50.00?!?

The Virtual World

Can you imagine a high resolution client for Citrix VDI that only costs $15.00? Well, they have done it!

Citrix, Raspberry Pi2 & ThinLinx: High-res Graphics Client for $50!

Citrix Blog – Allen Furmanski – “These days, we’re all being challenged to do more with less. People are increasingly working with high-res graphics, full-frame videos and real-time audio with their business apps, while most IT budgets are shrinking.

The capabilities of cost-effective thin clients and re-purposed PC solutions have continued to evolve and help keep pace with this challenge.

Why we want to support the Raspberry Pi2

With the explosion of new, low-cost devices like the Raspberry Pi, Arduinos and Onion Omega, at Citrix we are continuously working on ways to support these devices. A Raspberry Pi2 costs just $35 and we had a lot of customers asking us to produce a Citrix Receiver for such a device, for a range of use cases:

  • People looking for that $35 HDX accelerated endpoint – with a Linux VDA and OpenOffice you have a seriously cheap yet capable VDI solution
  • Finance/Federal – so cut down this is an ultra-secure endpoint with no memory on it and nothing significant to steal (the memory stick can be stored in a safe when not in use)
  • Large enterprises – because cutting $250+ off the cost of each thin client on a 10,000+ endpoint deployment makes sense ($2.5 million worth of sense!)
  • Healthcare – those kiosks nurses/doctors use etc. become easier to maintain – so cheap an endpoint that you can pull it out and replace it rather than spending time trying to fix it
  • Military – because cheap to replace if blown up/lost/needs to be destroyed
  • Thin-client refresh cycles are long, often 5 years or more, so you can afford to upgrade and refresh more often and a Pi used for 3 years will cost less than a dollar a month.

The history

One of our architects, Muhammad Dawood, took a keen interest in the Pi in particular and released a prototype Citrix Receiver for the Pi along with some hardware-accelerated plugins. His blogs generated phenomenal demand and reaction to the prototype.

Productizing this has been tricky, because producing a specialized Receiver for just one hardware device would have been inefficient. So, behind the scenes we’ve been working with the Pi Organization to ensure our existing Linux Receiver would work with their new Pi2 architecture and supported OS images.

With the release of XenDesktop/XenApp 7.6 FP3 and the new HDX Thinwire compatibility codec, we also had a codec that would perform efficiently on the Pi2 without the need for hardware accelerated plugins. This helps enable a full supported Linux Receiver on a $35 device.

Martin Rowan from our test team also took a keen interest and has published his results showing 19+ FPS with this setup on his blog.

Even higher framerates – H264 hardware acceleration

Muhammad’s prototype included a basic H.264 plugin to leverage the System on a Chip (SoC) architecture of the Pi. These plugins are not something Citrix maintains or distributes as it is usually undertaken by the thin client manufacturer or third-party vendor. One such vendor, ThinLinx has now done this and is offering a supported operating system, complete with HDX hardware acceleration support and management software.

Introducing ThinLinx

ThinLinx produces the ThinLinx Operating System (TLXOS) for devices such as the Pi with the ability to deliver modern workloads using the Citrix HDX protocol. With TLXOS costing $15 per endpoint and providing a supported solution with client management software, we think this will be a great solution to use the Pi2 at scale.

ThinLinx already supported other low cost devices such as the Intel Atom NUC. In fact, we demonstrated frame rates of 55FPS+ on a $165 thin-client at Synergy 2015. We think it should be possible to obtain similar results on a $35 device now.

Citrix professional, Tobias Kreidl, of Northern Arizona University, recently did some testing with the low-cost Raspberry Pi2 running TLXOS. Impressed with the results, here is what Tobias had to say:

The new package installs and runs AMAZINGLY well on XenDesktop under Windows 8.1. There are NO SIGNS OF HESITATIONS at all at full screen resolution and 1080p! Unigine Heaven runs very well, with smooth displays…YouTube videos run very well…Audio synchronization is spot on.

View the video Tobias recorded to see the solution in action.

Check out these other great videos with ThinLinx and Raspberry Pi devices:

Have you used ThinLinx to deliver XenApp or XenDesktop workloads? Is a $50 thin client a game-changer? If so, we’d love to hear from you!”

Published by: