Application background

In order to improve the cooperation ability and efficiency of various government departments, the state vigorously promotes the e-government construction of government agencies and units through the government information project, so as to provide efficient government services for the public, but the business application environment is becoming more and more complex (such as multi-level architecture, multiple networks, multiple systems, etc.). Therefore, in the process of using the government terminal, it is inevitable to encounter many difficulties, such as difficult security management, high risk of document confidentiality, complex office desktop and so on, which do not meet the security and confidentiality requirements of the government for document circulation and business system. There are many pain points in the use of traditional computers, which bring inconvenience to our normal administrative work. We need to optimize the existing model and establish a safe, convenient and flexible government desktop platform.

Traditional PC problem analysis

V it is difficult to eliminate illegal access: the government network has the characteristics of wide coverage, many participants, strong openness, etc., while the circulation of government documents and system access need to transmit real business data in the network, although various government departments have logically or physically isolated different networks according to the requirements of the national competent authority, so as to reduce security risks. However, 75% of the security problems of the government network are internal, mainly from illegal device access, and currently there is a lack of effective management means, so this has become a security gap in the government network, which is easy to expose the flowing information to security risks.

V it is difficult to avoid data leakage: Government PC is the client of document circulation and business access, which can receive, process and store relevant government data locally, while there are many types of local interfaces of government terminals (USB, serial port, parallel port, etc.), and some people will also use notebooks and often take them away from the office, resulting in difficult to detect illegal replication, so government data cannot be properly protected. In addition, everyone's office documents are scattered on various government terminals, and it personnel cannot carry out unified backup and management, so it is difficult to recover when the hard disk or equipment fails, which also increases the risk of sensitive data loss.

V difficult to achieve security management: in order to ensure the security of the government network, the government terminal needs to continuously monitor the system security vulnerabilities and virus infection in practical applications, so as to be able to distribute important security patches in time and ensure that the software runs on the correct version. However, this work is difficult to complete quickly in a decentralized PC environment, and it administrators cannot restrict government personnel from installing software and using various peripherals at will. Even if terminal management software is deployed, it still cannot realize the standardization and simplification of desktop security management. It often solves the symptoms rather than the root causes, but affects the government office experience and efficiency.

V hardware failure affects government office maintenance trouble: traditional computers are hardware hosts for administrative office. With the gradual extension of use time, hardware failure, office interruption, or software business system crash often occur, affecting administrative office. Operation and maintenance personnel spend most of their energy on terminal maintenance, and the maintenance effect is not efficient.

Solution

In order to adapt to the development of government business and the requirements of security and confidentiality, the "cloud" of government terminals is an inevitable trend. Through the adesk desktop cloud, the office desktops and related documents of government personnel are migrated to the server, and everyone's desktops are carried in the form of virtual machines. This centralized method can solve the problems that many information points are difficult to be fully protected in the government environment, and sensitive government data are easy to be leaked.

This scheme uses a small, energy-saving thin terminal as a desktop device. When government officials access the virtual desktop, they must use the ukey supporting the government CA system for identity authentication to avoid malicious access to government resources. At the same time, the three-dimensional protection of government data is realized through technologies such as USB peripheral black-and-white list and control strategy, and full disk encryption of government virtual desktop data volume, so as to effectively prevent information leakage.

N the desktop cloud limits the scope of document circulation to the data center, and the government network only transmits image changes and instruction information, avoiding the possibility of illegal devices to obtain government data. At the same time, in order to further improve security, SRAP protocol adopts encryption means to ensure the transmission of government data in the secure channel.

N all government data are on the server, so no matter what kind of access terminal the government personnel use, the data will not land, and the use rights of USB peripherals can also be controlled, including release, prohibition and one-way copy (for example, only a certain secure USB flash disk is allowed, and other devices are not allowed to use; or all USB flash disks are allowed to access, but only data can be copied to the virtual desktop, and the reverse is forbidden...). In addition, it personnel can uniformly manage and back up government data to reduce the risk of data damage and loss.

N because the government personnel in the same department of the government need the same applications and security policies, a standard desktop template can be created for the same type of users to facilitate it personnel to complete the distribution of government VM, update security patches, configure control strategies, etc., so as to simplify and standardize the government desktop department and security management.

Program advantages

Desktop cloud provides a set of desktop Cloud Architecture with deep integration of front and back-end software and hardware for government personnel, so as to create a smooth, stable, safe and efficient user experience, and meet the requirements of efficient office and security and confidentiality of the government network at the same time.

¢ office experience comparable to PC: SRAP protocol greatly improves the transmission efficiency of virtual desktop in the government network through wide area network optimization technologies such as streaming cache, duplicate data reduction, image compression, etc., so as to provide government officials with the same desktop fluency as traditional PCs, and meet the high requirements of the government for service quality and response speed.

¢ three dimensional government security protection: through ukey authentication, client access and other technologies, the user's identity and authorized terminal can be accessed to the virtual desktop of the government network (no illegal access). In addition, when government officials use it daily, all data transmission and storage will be encrypted in the whole process, so as to realize the security isolation and data protection of the government network.

Continuously available Desktop Services: using hyper convergence technology (host clustering, automatic migration, virtual storage, etc.) to build a highly available underlying platform for the government desktop cloud system to automatically respond to the impact of failures, so government departments can achieve efficient and stable internal office, government collaboration, public services and other processes.

Easy to use scalability: the rapid development of e-government is bound to face the adjustment of administrative levels and grass-roots departments, which requires the government desktop cloud to have flexible and elastic resource integration capabilities. Therefore, the desktop cloud all-in-one machine and super fusion technology can reduce the complexity of the government desktop when changing and expanding, and meet the development requirements of e-government.