How to enable secure & seamless remote access | Accops

How to enable secure & seamless remote access to graphics-intense applications?

4 min read

The demand for graphics visualization is growing exponentially primarily driven by the growth in data generation and consumption, coupled with the ever-increasing expectations on quality of visuals. Graphics-intense applications are becoming more relevant and important for many an organization. Medical diagnostics, video-editing, graphics design, geospatial analysis, web development, computer-aided designs for engineering purposes are some of the many graphics-intense tasks that have become an essential part of many companies’ day-to-day business operations.

But, at a time when most of the white-collared workforce is working from home, if there is one spectrum of knowledge workers who are finding it very difficult to be securely and productively working from home, it is those who work with graphics-intensive applications. This is majorly because of the multitude of challenges that organizations are struggling to provide secure, on-demand, distortion-free remote access to graphics-intense applications.


Need for high bandwidth

Most mechanisms which enable remote access to graphics workstations require significantly higher amounts of bandwidth. Several parts of the world do not have such high speed, low latency networks. So getting on-demand remote access to graphics workstations might not be practically feasible for a significant percentage of remote employees.

Data security

With the spike in remote work, there has been a surge in cyberattacks. More and more organizations are being targeted by malware and ransomware attacks. As mobile employees and third-party users take valuable corporate intellectual property outside the secure office perimeters into public domains, organizations become much more susceptible to cyberattacks and must adopt radically different mechanisms to ensure data security.

Management complexities

Increased mobility also brings in additional management complexities. Managing and securing corporate data and assets across a wide range of heterogenous BYOD devices connected through public networks is a challenging proposition.

Ensuring office-like performance in entry level endpoints

Graphics workstations work with monitors which have extremely high resolution and refresh rates, and powerful processors with high clock speeds and VRAM. The average remote endpoints will be no match to the power of these workstations. So, enabling an exact office-like performance with high accuracy of colours and details is something that many remote access mechanisms fail to achieve. But with such a shortcoming, the entire purpose of remote access to graphics workstations would be defeated.

Steps to overcome the above challenges

Choosing the right protocols

Any remote access solution has to make use of a transmission protocol and a display protocol. Choosing the right protocols is the most critical factor in ensuring high-quality access to graphics workstations or applications.

Most remote access mechanisms make use of a Transmission Control Protocol (TCP). While TCP will be well suited for many use cases, when it comes to transmission of high-quality graphics, TCP-based solutions fare poorly. User Datagram Protocol (UDP) performs very well while delivering graphics workstations where high-speed delivery and handling transmission losses efficiently are more critical.

With regard to display protocol, the conventionally used protocol is Microsoft’s Remote Desktop Protocol. RDP in combination with UDP for transmission can be highly effective for several graphics applications and can perform more than satisfactorily. But as the intensity of graphics goes up, RDP’s efficiency may drop, as they may not be able to transmit the large number of bits that needs to be transmitted for crystal clear display. This is where PCoIP protocol developed by Teradici (a Canada-based software company) can be effective. PCoIP is capable of efficiently transmitting much more bits than RDP. This effectively means that PCoIP is capable of producing high quality remote reproduction of graphics-intense images, but, at the expense of high bandwidth consumption. So, while PCoIP may not be highly effective in low-bandwidth networks, RDP fares better.

So, depending on the needs and the bandwidth availability organizations have to choose the display protocol that suits them the best.

The access gateway which connects the user endpoints and graphics workstations or applications must be able to adapt to dynamic network conditions using adaptive encoders to ensure best possible user experience irrespective of network conditions. This will maintain high throughput and low ping latency, which are essential for providing remote access over internet.

Data protection features

To protect the corporate data, the first thing to ensure is that the data never leaves the corporate environment and enters the user endpoint. Ideally, all users must be given only an https-based connection to the corporate network. This ensures that there is no bridging between user network and corporate network, mitigating the risks posed by any malware potentially sitting in any user endpoint.

The access gateway must make use of state-of-the-art cryptography mechanisms like noise protocol framework, Curve25519, ChaCha20, Poly1305, BLAKE2, SipHash24, HKDF and all the pixel streams leaving the graphic workstations must be encrypted in real-time.

The solution must also ensure data leakage prevention with the ability to block out features like copy-paste, screen recording, screen printing, file download and restrict access to USB ports and internet usage.

BYOD-friendly solution:

The solution must be supportive of BYOD, wherein all users can use their own devices to connect to graphics workstations. But BYOD should be supported without even the slightest compromise of security. Device entry control features to allow access only to authorized devices based on device fingerprinting and to check for compliance status to allow only compliant devices, must be present.

For additional security in some scenarios, the remote access solution must also have the capabilities to bind any user to one particular device based on the device fingerprint.

Modern multi-factor authentication mechanisms which support not only OTP via SMS or email, but also push notifications and biometrics-based authentication must be integrated to ensure compliance and optimal security.

Providing remote access to graphics workstations might not have been a necessity for many organizations till very recently. But now is the time when organizations are looking beyond the usual options to sustain and grow. Providing remote access to graphics-intense applications is one such option that many organizations can make use of, to ensure improved productivity and business growth.