IGEL Blog
Build Resilience in a Windows 11 Environment with IGEL
This article is a must read if you are looking for a solution that can prevent ransomware infiltrating your company’s endpoints while optimizing your transition to Windows 11.
IGEL’s Preventative Security ModelTM delivers a holistic solution for a secure digital workspace in unison with leading partner technologies.
Are you transitioning to Windows 11? Do you currently have hardware devices that don’t support Windows 11 due to the new hardware requirements introduced with the operating system? Instead of replacing the hardware, you should put Windows 11 in your data center on-premises or the cloud, and leverage IGEL OS for your endpoint to make them have a longer life and reduce your cost and by that contribute to saving the planet! Sounds too good to be true, but it is a reality! IGEL OS runs on any x86 64-bit capable computer, and as the footprint is smaller with less CPU, RAM, and storage requirements, any Windows-based endpoint will be a good choice.
Let us take a closer look at the outer ring of the IGEL Preventative Security ModelTM
IGEL Preventative Security Model™
Dell ThinOS and hardware from other “thin client” hardware vendors can easily be reinstalled with IGEL OS turning those endpoints into a modern experience and benefiting the security enhancement and feature richness of IGEL OS!
Data Protection and Compliance requirements are fulfilled with IGEL OS as no user data is stored on the endpoint. No intellectual property or company secrets are lost if the device gets lost or broken.
DEX & SIEM, Digital Experience, Visibility, and Forensics are enabled via the IGEL Ready software partners. You can mix and match the tools needed to measure the Digital User Experience, gather performance reports, and logging of activity. Solution providers are constantly joining the IGEL Ready program, ensuring that the tools you need are available.
Endpoint recovery in the event you are hit by ransomware while running Windows on the endpoint, IGEL OS can be quickly deployed via a UD Pocket USB stick or installed via a software download. Insert the UD Pocket, boot up your endpoint, and get your users connected to virtual sessions. The UD Pockets do not interact with the operating system installed on the disk, which gives you breathing space to deal with the malicious code that infected your previous operating system.
In the event of an M&A (Merger and Acquisition), this often comes with great challenges “The acquired company doesn’t fit in our model” “It’s a big hurdle to get the technologies to work”, and traps are everywhere. What if you extend your VDI user capacity, blow the devices with IGEL OS or UD Pockets, and construct a usability training and be done with it?
Also, many organizations struggle with a well-working secure strategy for 3rd Party Access, e.g. contractors or consultants. Handing our IGEL OS-powered UD Pockets, or laptops with IGEL OS will increase the security within your network dramatically. Only your managed IGEL OS endpoints will be allowed access to the network, no exceptions are needed that entail security risks!
IGEL OS supports secure hybrid work, the features of IGEL Universal Management Suite, IGEL Cloud Gateway, and the OS itself can determine if an IGEL OS endpoint connects on-premises or from external, different rule sets can be applied accordingly.
Instead of ripping out and replacing your existing hardware endpoints, IGEL OS gives you an ideal sustainability solution, as the life span of your existing endpoints can be expanded for years and years. In many examples, an endpoint lifetime is 3 years, with IGEL OS that can easily be 6-10 years. Imagine the amount of electronic waste that will be reduced, and the amount of CO-emission minimized as up to 80% of a device’s CO emission comes from the manufacturing process and logistics of shipping. In many cases, IGEL OS even reduces the power consumption of the device compared to its previous operating system due to its streamlined architecture and small footprint.
At the same time, technology evolves rapidly, and with the IGEL Ready hardware vendors, you have a stable foundation when the time comes to replace your endpoint hardware, to support new and upcoming technologies.
When it comes to Manageability, IGEL licensing permits not only the use of IGEL OS but also the use of IGEL Universal Management Suite (UMS). The UMS controls over 7.000 configuration items in IGEL OS, a very detailed control of how the operating system should behave to suit your use case. The UMS ensures that all IGEL OS endpoints work exactly as you designed them to, on every single boot. With advanced scheduling capabilities, a modern web-based management interface, automatic license deployment, and any feature you can imagine is included at no extra cost.
Ransomware and Security – by far the most compelling reason to invest in IGEL OS.
IGEL OS is a read-only Linux operating system that has security mechanisms built-in that allow you to avoid paying extra for anti-virus solutions, VPN software, management software, and other tools to orchestrate your endpoint environment – It is all built-in and included! The likeliness of having a virus or ransomware breakout is minimal, IF it happens, a simple reboot of your endpoints will remedy the threat. IGEL OS validates the boot process with the chain-of-trust, which includes Microsoft Secure Boot and certificate and partition check making sure that the system boots untampered.
TCO & Optimization – Imagine that you can use your endpoint hardware for six years instead of three. Imagine that you can reduce the support personnel needed to manage your endpoints and let them do more important and valuable work. Roll out new devices in minutes instead of hours – the cost savings are everywhere. Save on your endpoint by investing in IGEL OS and focusing on building the backend infrastructure that your users deserve and are happy with leveraging!
Zooming into the core of the IGEL PSM model…
IGEL Preventative Security Model™
All x86 HW-platforms:
IGEL OS is designed to run on any x86-based hardware platform and with its low footprint and hardware requirements it is a great choice to use as an endpoint operating system for your VDI/DaaS platform, but not limited to it. With a requirement of a 64-bit capable CPU, 4 GB RAM and 8 GB of storage, it will function well on any hardware up to at least 10 years of age, even older!
VDI – DaaS – Browser
IGEL OS 12 comes with a choice of VDI/Daas client apps plus Web Browsers, both consumer and enterprise-grade browsers, and can run native Linux applications which renders the endpoint to a chameleon that will adopt the functionality based on your needs. It is ideal for connecting to your VDI workloads, and with simple configuration changes, you can turn the IGEL OS 12 endpoint into a kiosk mode, user/session roaming, making it the perfect fit endpoint tailored for the use case you need to fulfill.
While the design of IGEL OS and IGEL Universal Management Suite (UMS) is designed to allow full control of how an IGEL OS endpoint is configured, and enforces the same, at the same time, admins have the choice to allow users to customize their IGEL OS 12 operating system and can allow users to select and install the applications that the user needs using the IGEL App Portal. It is a very flexible platform!
IAM – UEM – SSE/SASE
With the support for multiple Identity Access Management (IAM) solutions, protecting the IGEL OS user desktop with a choice of EntraID, Okta, Ping, Workspace One Access, or even OpenID connect will allow IGEL OS to adopt any Identity Provider (IdP) giving you the choice of Authenticating users and providing Single Sign On (SSO) functionality to OAuth and SAML enabled resources. In the case you are using Active Directory or LDAP as your IdP, Kerberos authentication will allow for SSO. The implemented functions include support for Smart Card authentication and/or Multi-Factor Authentication and more!
IGEL is integrating support for market-leading Unified Endpoint Management (UEM) solutions, like Microsoft Intune, VMWare Workspace ONE, Citrix Global App Config Service, etc. combining the strength of IGEL UMS with vendor-specific UEM solutions!
Secure Access Service Edge (SASE) and the included sub-components of Secure Service Edge (SSE), Zero Trust Network Access (ZTNA), and more are strong reasons for choosing IGEL OS as your primary endpoint strategy.
IGEL OS endpoints have no domain memberships and aren’t aware of any network services except what you explicitly allow them to. By SASE strategies, you remove the need for a Virtual Private Network (VPN). With integrations from the IGEL Ready ecosystem software vendors, the complete SASE story can be fulfilled, no matter where the endpoint is located, or what user accesses corporate resources. Conditional and contextual access adds even more security!
Smart Login
By combining the IAM and UEM services with SASE, IGEL OS enables Zero-Trust initiatives making it an ideal operating system for your endpoints, be it on-premises or in the open arena.
Establish Trust
Functions like device certificates, TMP functionality, Microsoft Secure Boot, validation of partitions and software during boot, and read-only operating system ensure that IGEL OS runs as a trusted endpoint and will enforce this on every start-up. If tampering is detected, the system will not boot!
Isolate
With the read-only only operating-system IGEL isolates runtime from the OS on disk. With IGEL OS 12, it’s taken a step further with handling the OS and all apps as just apps. You can now customize the IGEL OS operating system to function exactly as you want it to, and make sure that only the components that you are utilizing are installed on the endpoints. With that, you also have control of matching the needed IGEL OS version, with the App version that suits your needs.
Test IGEL OS today at https://www.igel.com/download/