Sunday 11 March 2012

Operating systems on a stick

You’re probably familiar with IBM’s z Personal Development Tool Adapter, which allows users to develop mainframe software without a mainframe. In effect, users plug a very expensive memory stick into their PC and it acts like a mainframe.

But now, IBM has extended the idea by allowing users with the appropriate memory stick to load a cloud-hosted Windows or Linux operating system onto their PC – although they will need a Windows or Linux computer with a 64-bit processor. It’s called the Secure Enterprise Desktop (SED) and comes packaged as an extension to IBM’s Smart Business Desktop Cloud service.

The memory stick plugs into a USB port (as you’d expect) and comes with its own HTTPS stack, bootloader, and the necessary proprietary code to create a secure VPN channel connection between a partitioned drive on the user’s PC and a remotely-located server.

That’s nice, you say, but what’s the point? Well, it’s another way of allowing BYOD (Bring Your Own Device). This is an issue that I blogged about a little while ago, and one that is beginning to raise its head at many sites. Users like the devices they’ve bought themselves and are familiar with, rather than the products IT allocates them. And they want to use those devices to access their work-based data and applications.

Running the bootloader from the memory stick protects the business from the problem of home machines being riddled with viruses and trojans. The PC establishes a connection to the server, then there’s two-way authentication to ensure you’re who you say you are and the server is really the right one for your company (and not anyone else’s). Once this connection is established, the user downloads a small (kernel-based virtual machine) hypervisor, which allows the user to choose a Linux or Windows operating system. Any changes the user makes to data is written in an AES-256 encrypted format to a portion of the local hard drive with the key retained on the stick, and these changes are replicated back to the cloud-hosted operating system.

The device offers a range of authentication options, including a built-in card reader as well as PIN.

If the memory stick gets removed, the operating system instantly stops because the connection to the remote server has been severed. Re-inserting the stick allows re-authentication to occur and the user can carry on as before.

Users have the option to download the host operating system from the cloud, so they can continue to work without an Internet connection – if that’s what they require.

At the server end, a Linux server with Apache and OpenLDAP (open Lightweight Directory Access Protocol) are required.

It seems like a very useful innovation. What do you think?

No comments: