Thin-client computing might answer security woes

A doctor walks into a small examination room where a patient waits. The doctor swipes her thumb over a biometric reader to make a wall-mounted notebook computer come alive. The patient's medical history comes up on the screen. After the exam, new information is typed into the notebook to update the record.

As the doctor leaves the room, the radio frequency identification, or RFID, connection between the computer and the tag embedded on her ID card is broken, automatically logging off the notebook from the network. The patient's information is secure, because no data is left on the computer.

The patient's privacy is guaranteed because the computer has no hard drive and almost no memory. When not tethered to a network, this thin-client device holds no data or applications.

While the RFID aspect of that scenario is still under development, government agencies are turning toward thin-client solutions because of their built-in security and ease of management features.

Faced with mounting privacy and security mandates, federal agencies are seeing the benefits of operating in a thin-client world. Rather than figuring out how to secure hundreds of hard drives in hundreds of PCs, IT managers can instead focus their attention on securing just a few network servers.

Achieving the same level of security and privacy on a standard PC with a hard drive and a lot of RAM could be difficult, said David Miles, director of marketing for Tadpole Computer Inc., which was recently acquired by General Dynamics Corp.

Tadpole's Comet notebooks are what the company calls ultra-thin clients. The notebooks have no local processing; everything is done on the server.

The Comets are based on Sun Microsystems Inc.'s Sun Ray Software that delivers a virtual desktop to Sun Ray class devices.

That setup is especially effective in meeting the privacy requirements under the Health Insurance Portability and Accountability Act, Miles said. Comet is working on a pilot project with the Department of Veterans Affairs to demonstrate that.

"It is difficult to do that on any device that retains data," he said. "What we're able to do with the Comet solution is, through authentication via a smart card, a doctor can walk up to the system, put his smart card in, type in his username and password and get access to patient records. As soon as he takes that smart card out of the system and walks away, his session on the server is terminated, and nobody can see that data anymore."

The thin client also works well in defense and security arenas, where there are multiple classified networks, said Jeff McNaught, vice president of Wyse Technology Inc. of San Jose, Calif., a vendor of thin-client, network-centric computing solutions.

Several agencies have a setup that requires employees, at the start of the day, to go to a locker to get three hard drives for the three PCs that sit on their desks, McNaught said. The computers are to access various classified networks. At the end of the day, the hard drives have to be removed and locked up.

"Of course, when you think about that, that's such a tremendous waste of time for the employee, and it impacts productivity," McNaught said. "It's not so great for IT staff, either, because they can't make updates, or patches or security improvements to that computer while that hard drive is sitting in a locker."

Even though thin-client devices do not work when they're not connected to a network, users sitting at a connected thin client see no difference between it and a personal computer. Both have the same mouse and keyboard feel.

"We have reports from some customers that applications run faster on thin clients, because they are not limited to that single hard drive," McNaught said.

Ultra-thin clients generally connect to Microsoft Terminal Services or Citrix to run applications. Thin clients with more capabilities can have a built-in local browser that lets users connect to Web-based applications.

Because they are required to be connected to a network to work, ultra-thin clients are not ideal for road warriors. But even that might change as new cell phone technologies come online, Miles said.

"The network traffic itself is a relatively low bandwidth," he said. "It needs about 300KB of available network bandwidth to have good performance."

Interest in thin-client server-based solutions is on the rise, said Mark Margevicius, a research director at Gartner Inc.

"We're finding that the applicability, the desire and the interest within server-based computing is fairly consistent," Margevicius said. "Everybody wants to do it, everybody is talking about, everybody is asking how to do it."

While thin clients make sense for many applications, Margevicius said the technology doesn't fit every situation. Start-up costs also can be an issue. Organizations have to invest in servers, redundancy, application migration, administration training and more.

Staff Writer Doug Beizer can be reached at dbeizer@postnewsweektech.com.