Nutanix and ServiceNow have built a strong partnership over the years, and the collaboration continues as we look to deliver even more benefits for our mutual customers! One example of this is to see just how easy it is to integrate the Nutanix Frame Desktop-as-a-Service with the ServiceNow workflow solution to easily onboard and provision apps and desktops to new users!
Nutanix's Frame® desktop-as-a-service, with its ability to deliver virtual desktops and applications on non-persistent virtual machines, is a key part of the security posture of many customers. When combined with Frame application mode, which eliminates the Windows® Desktop and focuses the end user on a single set of published applications, Frame provides enterprises with a secure way to deliver Windows applications and not lose control of the underlying data. As a part of our Enterprise Profiles capability, Nutanix released a feature that allows Frame administrators to further secure their Frame environment by forcing users with Enterprise Profiles to be logged in as a non-administrative local Windows user. Recently, this feature has been turned into a setting that can be applied to any Frame account that is not using the Frame Domain Join feature.
The Nutanix Frame™ Platform records session and audit log information on what actions users and administrators are doing in the Frame Desktop-as-a-Service (DaaS). This session and audit log information is available for download from the Frame Console. Enterprises often want to combine this session and audit event data with information from other sources within their Security Information and Event Management (SIEM) solution in order to obtain a more comprehensive view of what is occurring in their enterprise. In this blog, we will demonstrate how Frame Admin API can be used within a PowerShell script to retrieve audit data from Frame and insert it into the Splunk® event manager, one of the more popular SIEM's on the market.
Nutanix Frame™ Desktop as a Service (DaaS) solution supports multiple networking models. One of the more popular networking models for enterprises is the Frame Private networking model. This model allows the Frame workload VMs to have private IP addresses on the enterprise private network and access private networking resources and it is the simplest way to inherit existing network security processes.
However, remote users still need a way to connect to these private networks. The traditional way of implementing this access is to deploy a VPN, but that requires implementing and maintaining software on the user endpoint devices and VPN connections can overload security products like firewalls.
Frame offers a Streaming Gateway Appliance (SGA) to meet this need, but some enterprises may wish to take advantage of the “security as a service” model offered by Zscaler, Inc. Zscaler offers a “DMZ as a service” solution that can provide DMZ type functionality without the complication involved in many DMZ deployments. The Zscaler® service maintains many certifications required by government agencies and it meets the rigorous standards required by the most security conscious organizations.
In this blog you will learn how Zscaler Private Access (ZPA) and Frame DaaS can work together to provide a remote access solution to a private cloud with a simplified administrative model while maintaining a high level of security.
The Nutanix Frame™ desktop-as-a-service platform enables customers to implement proper user authentication and authorization security practices with Role-Based Access Control (RBAC) through a set of security roles defined within the Frame platform. In this blog, we'll explain how RBAC works in Frame and discuss the best practices for using third-party SAML2 identity providers and authorization rules to implement RBAC. The Frame-defined security roles specify the level of access to Frame entity types (customer, organization, account) and what can be done in those entity types. Using these Frame roles, you can configure one or more SAML2 or OAuth2 identity providers (IdPs) and then define authorization rules that grant authenticated users one or more of the Frame roles on specific Frame entities.
It’s 3:00 am and your Incident Response system has sent out an alert… again. Endpoint Protection on a user’s device has triggered an alarm and the investigation begins. Someone clicked a link in their browser and the clock is ticking to contain potential data leakage outside the organization or another round of ransomware is knocking at the door trying to find a way in.