© 2012 All rights reserved to Ceedo.Flexible Desktops. Dynamic Workplace.

Ceedo Client WorkspaceConcept and Technology Overview

Ceedo Client Workspace Virtualization Technology

• About Ceedo

• The ‘Ceedo Client’ Concept

• The “Workspace”

• Ceedo Enterprise overview and use cases

• Security overview

© 2012 All rights reserved to Ceedo.

Flexible Desktops. Dynamic Workplace.

About Ceedo

We are a privately held company, established

in 2005

We specialize in developing IT solutions,

aimed at the toughest issues confronting

modern IT

Our products are based on our proprietary

run-time virtualization technology –

Workspace Virtualization

© 2012 All rights reserved to Ceedo.

Flexible Desktops. Dynamic Workplace.

Just a Few of Our Customers

Our products have been shipped to over 4,000,000 users worldwide(consumer and businesses alike)

© 2012 All rights reserved to Ceedo.

The Ceedo ClientManaged Workspaces forProductivity and Security Beyond the Organization

© 2012 All rights reserved to Ceedo.

Flexible Desktops. Dynamic Workplace.

A picture is worth a thousand dollars…Zero-install portable computing environment that can run Windows applications in plug-’n’-play mode on any PC, and with central management…

© 2012 All rights reserved to Ceedo.

Flexible Desktops. Dynamic Workplace.

A picture is worth a thousand dollars…Supports any type of portable device including:Encrypted USB Drives

© 2012 All rights reserved to Ceedo.

Flexible Desktops. Dynamic Workplace.

65985

A picture is worth a thousand dollars…Supports any type of portable device including:Two-Factor Authentication Devices

© 2012 All rights reserved to Ceedo.

Flexible Desktops. Dynamic Workplace.

A picture is worth a thousand dollars…Supports any type of portable device including:Locally installed, and more...

© 2012 All rights reserved to Ceedo.

Flexible Desktops. Dynamic Workplace.

The concept is simple – corporate applications

Mount Applicationson Portable Devices

© 2012 All rights reserved to Ceedo.

Flexible Desktops. Dynamic Workplace.

The concept is simple – corporate “workspace”

Mount Applicationson Portable Devices“Workspaces”

Regular installationinto workspace

Workspace deployedon portable device

© 2012 All rights reserved to Ceedo.

Flexible Desktops. Dynamic Workplace.

The concept is simple – work on any PC

Let users work from anywhere

© 2012 All rights reserved to Ceedo.

Flexible Desktops. Dynamic Workplace.

The concept is simple – manage the “unmanaged PCs”

Manage Apps/Workspaces Remotely

© 2012 All rights reserved to Ceedo.

Ceedo’s Technological FoundationWorkspace Virtualization

© 2012 All rights reserved to Ceedo.

Flexible Desktops. Dynamic Workplace.

Most virtualization technologies focus on separating specific “layers” or components of the stack.

The Workspace Concept

Virtualize Applications• Each app is packaged separately• Lots of configuration and packaging overhead• Problems for apps to inter-communicate• Management requires installed agent

© 2012 All rights reserved to Ceedo.

Flexible Desktops. Dynamic Workplace.

Most virtualization technologies focus on separating specific “layers” or components of the stack.

The Workspace Concept

Policies

Settings and customizations

Virtualize Applications Virtualize Users

But the user “is”this…

© 2012 All rights reserved to Ceedo.

Flexible Desktops. Dynamic Workplace.

OS Resources

Most virtualization technologies focus on separating specific “layers” or components of the stack.

The Workspace Concept

Policies

Settings and customizations

Virtualize DesktopsVirtualize Applications Virtualize Users• “Heavy”• Extra Licenses

© 2012 All rights reserved to Ceedo.

Flexible Desktops. Dynamic Workplace.

OS Resources

We focus on converging these layers and treating them as a single “block”…

The Workspace Concept

© 2012 All rights reserved to Ceedo.

Flexible Desktops. Dynamic Workplace.

Provides the environment with OS-like resources (not VM):apps are installed normally (no special packaging needed) and inter-communicate freely.

Can provide varying degrees of “transparency” to the host (resource access, processes, etc.).

Cross-windows compatibility (Windows 2000 and above).

Does not effect or pollute the host’s OS (including user-installed apps)

Can be fitted for plug-’n’-play mode on USB drives, streamed at file level from the cloud, or installed locally.

Virtual Workspace Features

Self-contained

Sandboxed

Compatible

Unobtrusive

Versatile

© 2012 All rights reserved to Ceedo.

Ceedo Client WorkspaceImplementations, Features and Benefits

Ceedo Client familyUnmanaged Desktops / USB on a Stick

© 2012 All rights reserved to Ceedo.

Flexible Desktops. Dynamic Workplace.

Ceedo Enterprise

Workspaces are deployed to portable devices with central management allowing administrators to manage corporate applications on un-managed PCs.

Used as lap-top replacement (PC on a Stick)Or for special needs:Ceedo for CitrixCeedo for AvayaSecure browsing/remote connections…

Ceedo Personal

Workspaces are embedded on portable devices for consumers as “PC on a Stick”.

OEMs, manufacturers and suppliers + Ceedo’s online shop.

Ceedo Client - Virtual Workspace ImplementationsApplications

Policies

Ceedo management tools

Main mission:Dealing with portability, home PCs, and allows for managing applications on unmanaged machines beyond the organization’s boundary.

Or as OEM supplement for portable device…

© 2012 All rights reserved to Ceedo.

Flexible Desktops. Dynamic Workplace.

NON-corporate/un-managed PC

Pre Installed Apps

User Data

What is Ceedo Enterprise?

A centrally managed Workspace that can be mounted on portable devices or installed locally.

Prepared by simply installing apps into the workspace and “freezing” it.

Admin can control host <-> workspace relations• Block access to drives, printers, removable drives, etc.• Prevent from running on PCs without anti-virus.• Prevent specific processes from running.• And more…

User can run withoutadmin rights in a plug-and-play fashion.

Zero footprint +Full sandbox

© 2012 All rights reserved to Ceedo.

Flexible Desktops. Dynamic Workplace.

Laptop replacement / roaming users / home office enabler

Allow contactors to use corporate applications

Disaster recovery / backup system during critical infrastructure failure

Used for pin-point solutions with specific components• Ceedo for Citrix: Mount Citrix Receiver, a sandboxed browser, VPN-SSL and PKI

middleware - on Two-Factor Authentication devices or Encrypted drives.• Ceedo for Call Center: VoIP, messaging, VPN SSL, etc. for call center employees.• Ceedo for Safe Browsing: A sandboxes browser pre-configured with self-certificates

and made to run a specific URL, with VPN SSL, fully sandboxed, etc.• And: deploy applications to end-points…

What can Ceedo Enterprise be Used for?

Plug-and-Play Centrally Managed Online/Offline Secure

© 2012 All rights reserved to Ceedo.

Taking Care of SecurityMitigating Risks and Elevating Security

© 2012 All rights reserved to Ceedo.

Flexible Desktops. Dynamic Workplace.

Recommended Security Measures

Use hardware with encryption and active anti-malware scan

Add soft Two Factor Authentication (or deploy on physical 2FA hardware devices)

Whitelist processes that are allowed to run in Ceedo (+MD5 signatures)

Turn-on Ceedo’s antivirus detection and OS patch level.

Use a VPN-SSL solution with strong Access Control benchmark settings

Use an independent browser rather than the virtualized “mapped” IE

Add to the internal browser safe browsing add-ons and configurations

Configure Ceedo Enterprise to block writing to host drives, printers, etc.

Leave the data in the datacenter or use Citrix’s ShareFile / similar solution

Employ 3rd party anti-malware, security applications, soft-biometric apps, etc.

• * In 2FA devices - Mount components on read-only partition

© 2012 All rights reserved to Ceedo.

Flexible Desktops. Dynamic Workplace.

Example of Security FlowUser plugs in device

Encrypted drive password check

Encrypted drive runs antivirus scan

Drive is decrypted

Ceedo checks host antivirus, firewall, network connection, etc.

Ceedo checks processes MD5 signature (continuous throughout session)

Ceedo enforces host recourse accessibility and Ceedo updates

Ceedo sandbox fires-up with independent runtime environment

Second antivirus and/or antimalware scan

Two Factor Authentication software/middleware

VPN SSL (can include second access control check, such as Juniper SSL)

External solution’s security (such as Citrix’s own security features)

© 2012 All rights reserved to Ceedo.

Flexible Desktops. Dynamic Workplace.

Workspace Leakage Protection

Device BindingWorkspaces licenses are device-bound and cannot work if copied to unauthorized devices + most cases of copying a workspace will break it.

Ceedo

© 2012 All rights reserved to Ceedo.

Flexible Desktops. Dynamic Workplace.

Two Factor Authentication – One Solution: Two Options

Mount pre-configured, ready-to-run, plug-and-play PKI middleware and remote connection solutions on 2FA devices’ flash memory HARDWAREExtend 2FA USB devices with plug-n-play pre-configured Public Key Middleware and remote office applications such as Citrix Receiver, VNC, VPN-SSL tunnels, etc.

Mount pre-configured, ready-to-run, plug-and-play 2FA security SOFTWARE tokensWith software based 2FA solutions, such as RSA SecurID Software Token, installed into Ceedo’s Workspace, any portable storage device can turn into a 2FA device.

USB Flash

CitrixReceiver

PKIMiddleware

ConfiguredBrowser

VPN SSLAdd-on

Data & UserPolicies

2FADevice

© 2012 All rights reserved to Ceedo.

Thank you for Your Time