Professional Documents
Culture Documents
KTC 2 0 Technical Presentation ENG
KTC 2 0 Technical Presentation ENG
Cyber Immune Thin Client A single management platform for Kaspersky products
Operating system for thin clients based A single console for the centralized
Kaspersky
on the microkernel KasperskyOS, which administration of thin clients running on
Security Management Suite
is preinstalled Kaspersky Thin Client and other
on the hardware platform Kaspersky products Extension module for the
centralized administration
of thin clients via the KSC
management console
Centerm F620
The first Cyber Immune
Thin Client
Powered by KasperskyOS
Thin client that runs Windows or Linux is just another computers running Windows or Linux 4
Windows CVE
Linux CVE
"From a security perspective, a monolithic OS architecture is inherently vulnerable and is the root cause of
most security events. So it's time to transition to an OS structure that better meets the security needs of the 21st
century."
Source: Simon Biggs, Damon Lee, Gernot Heiser. 2018. The Jury Is In: Monolithic OS Design Is Flawed: Microkernel-based Designs Improve Security
KasperskyOS: main differences from monolithic OS 6
Applications …
Security level
On applications
of third-party
37 vulnerabilities Attacks on thin vendors
Equipment specifications
Processor Intel® Celeron® 4125 Gemini Lake Refresh Quad-Core 2.0 GHz (4 MB L2 cache, up to 2.7 GHz)
1 x DP
1 x HDMI
Peripheral interfaces
4 x USB 2.0
2 x USB 3.0
Dimensions: 131 mm × 31.5 mm × 167 mm
Dimensions
Net weight: 0.55 kg
and weight
Packaging: 488 mm x 256 mm x 108 mm
DC input voltage: from universal (110-230 V)
AC adapter 12 V, 3 A
Power consumption: max. 30 W
Model details
VESA mount, horizontal or vertical mounting
Kensington Lock
Fanless cooling through natural air convection
Kaspersky Security Center:
a single management console
Kaspersky Security Center: a single console to manage all Kaspersky products 10
Events
Is it something
we have to know about?
Policy
New firmware
Kaspersky Kaspersky
Certificates
Thin Clients Security Center
− Quick deployment of thin client − A single console for centralized − Intuitive graphical interface
(from 2 minutes) management of Kaspersky security − Fast loading and availability
− High update speed thanks products − Power-saving mode
to compact OS image size − Out-of-the-box device security thanks − Display of screen on 2 monitors
− Centralized management using to KasperskyOS architecture
− Use of USB devices and tokens
Kaspersky Security Center − Guaranteed user access to information in a remote environment Windows
− Updating via Kaspersky Security within a remote environment
− Remote desktop delivery
Center − Differentiation of rights performance NEW
− Manage and monitor thin client for Kaspersky Security Center
− Print from printer connected
infrastructure from anywhere administrators
to Thin Client NEW
in the corporate network − Authorization of critical user action
− Audio conferences NEW
− VDI connection, terminal − Safe migration to a new Kaspersky
− Delivery of applications
connection, direct connection Security Center server
from remote session NEW
− Connect to remote desktops − Control network connections
− Use of USB devices and tokens
running Windows and Linux NEW to remote desktops and applications
in a remote environment Linux NEW
− Automatically connect when − Optimal application composition
disconnected NEW for the main use case
Kaspersky Thin Client
usage scenarios
How to connect Kaspersky Thin Client to remote desktops 14
Physical Machines
RDP
Virtual Machines
Terminal Servers
Kaspersky
Thin Client Microsoft Remote Desktop
Connection Broker
HTML5
Citrix, VMWare VDI
and others…
Remote access to physical machines 16
Windows 7
Windows 10
Windows 11
Linux
Any Linux with xRDP
Remote access to virtual machines 17
Kaspersky
Thin Client
RDP
Microsoft
VMWare
Hyper-V ...
Hypervisor
Remote access to terminal server 18
Kaspersky
Thin Client
RDP
Microsoft
Hyper-V
Hypervisor
Remote access to Microsoft RDS 20
VDI Broker
Kaspersky
Thin Client
HTML
5 VMWare ...
Windows Linux
VMWare
Microsoft
Hyper-V ...
Hypervisor
Kaspersky Thin Client is not a VDI solution 21
Windows OS
Kaspersky
Thin Client
Linux OS
Device redirection 23
RDP
USB flash drives Audio (via mini-jack)
Up to 2 monitors
USB tokens
Windows (HDMI, DP)
Linux
Kaspersky
Thin Client HTML5
Audio (via mini-jack)
Up to 2 monitors
(HDMI, DP)
Known limitations:
1. USB drive redirection into active RDP session.
2. Redirection into Linux is available in case of krdp server application.
The list of supported devices will be expanded. All limitations will be fixed in upcoming releases.
Major features of
Kaspersky Thin Client
Main security features 25
1 KasperskyOS secure 2 RDP and HTTPS are 3 All counterparts are verified
design. always encrypted. using certificates:
No additional security RDP-TCP is used • Remote desktops
tools are required • VDI brokers
• KSC
• Log server
Security Kaspersky
Administrator Security Center
Kaspersky
Thin Clients
Major advantages 26
Kaspersky
4 Update process is managed Security Center
centrally with KSC
Kaspersky
Thin Clients
Automatic installation of certificates on Windows machines via KSC 31
KSC Server distributes a similar certificate without a private key (.cer or .der) to thin clients
Connection to a thin client RDP session from the KSC MMC console 32
Secure channel
connection Record of session
PAM Audit
system Incident investigation
Contractor's remote
employee
2.1 2.2
FAQ
- Is KasperskyOS a Linux-based - How administrator or user - Does KTC support VPN?
operating system? can log in to KTC? - It`s intended in future releases.
- No. - KTC doesn`t use role model.
- Does Kaspersky have backend - When will it be possible - When will it be possible
services for thin clients? to transfer audio via USB? to get remote access to KTC?
- No. - In 2024. - In 2024.
- Is it possible to install KTC - Is it possible to use - Is it secure not to use role model
on different HW platforms? KTC without KSC? in KTC?
- Currently only Centerm F620 - Yes, but it`s insecure and - Yes, since KTC doesn`t
supported. inconvenient in large systems. store passwords to remote
infrastructure.
Demo
How to demonstrate Kaspersky Thin Clients? 39
Management console
in Kaspersky Security Center demo
Online streaming
Thank you!