Request your Demo

 

Want to see how deviceTRUST’s technology can help enhance your physical or virtual environments with easy to consume context from your users and their endpoints?

Register Now

Technical Benefits

With deviceTRUST’s unique approach, you can easily create a context-based policy for accessing enterprise resources that covers all necessary access scenarios and devices. In particular, we focus on context-based security and a context-based user experience.

Detailed context information

deviceTRUST delivers more than 400 context aware user, hardware, software, network, security, performance, printer and location properties into the virtual session and over 200 properties on a local device.

Always up-to-date

The context of a local or remote device is kept up-to-date during the entire user session. This guarantees that all security and compliance requirements are met even if the context of the device changes.

No infrastructure

deviceTRUST does not require any additional infrastructure. This enables a rapid and effective implementation and results in low operational and implementation costs.

Secure communications

In addition to the encryption offered by the underlying remoting protocol, all communication is encrypted using a 2048-bit RSA Key and a 256-bit AES-GCM stream cipher.

Intuitive management

Configuration within Microsoft Active Directory GPO enables easy implementation and management of deviceTRUST.

Seamless integration

The intelligent technology provides the context of the local and remote connected devices into the virtual session and also provides context of a physical device, enabling easy consumption by all existing management solutions.

Microsoft AppLocker support

Our integration with Microsoft AppLocker can dynamically grant or deny access to individual applications based upon the local or remote device context.

Graceful application termination

Gracefully close applications that no longer meet the dynamic Microsoft AppLocker policy, optionally giving users time to save their work.

Auto-update client

Ability to seamlessly update our Microsoft Windows Client, with almost no interaction from the remote user.

Detailed security information

deviceTRUST provides a rich set of detailed information about the security state of the device, including the state of Windows Update, Windows Defender and Windows Firewall. This context can then be consumed to control access to the virtual session or grant or deny access to applications.

Reporting

Detailed information, including the context of the local and remote connected device is reported by seamlessly integrating with existing reporting solutions. This gives new insight into the context of your virtual sessions and physical devices.

Powerful trigger

Respond to events within the users’ session with triggers for Logon, Logoff, Disconnect, Reconnect, Shell Starting, Shell Ready and Property Change with user or system privileges.

Double-hop support

The context of the remote device is available to all virtual sessions in a double, or multi-hop deployment.

Conditional Access

Deny access to the virtual session when the detailed context of the remote connected device does not meet your business requirements.

Physical device support

All properties representing the context of a physical device are also available and easily consumable locally on that endpoint, or by technologies such as access gateways.

Supported remoting protocols

Microsoft Remote Desktop Protocol (RDP), Citrix Independent Computing Architecture (ICA) and Amazon WorkSpaces PC-over-IP (PCoIP).

Check out our context properties!

A rich set of easily consumable context properties of the local and remote connected device. For detailed context information please download the deviceTRUST Property Matrix.

Available Wi-Fi Access Points

Provides all available Wi-Fi access points and networks surrounding the local or remote connected devices. This includes information such as the BSSID and SSID, Wi-Fi signal frequency, quality of the Wi-Fi signal, Wi-Fi security status and the Wi-Fi signal strength. This information can be used for inhouse navigation.

Microsoft Action Center

Provides the statuses of Microsoft Action Center registered security components on Windows Platforms. This includes information regarding the status of the installed Anti-Spyware, Anti-Virus, Firewall, Internet, UAC settings and Windows Update, and can be used to ensure a certain level of security of the local or remote connected devices.

User & Machine Certificates

Provides information about user and machine certificates of the local or remote connected devices. This includes information regarding the issuer, serial number, thumb print, usage and verification error. This information can be used to identify corporate managed devices.

Display

Provides information about the display configuration of the local or remote connected devices. This includes the amount of used displays, bits per pixel (BPP), dots per inch (DPI), total height, total width and the name of the display. This information can be used dynamically to adopt the virtual session DPI settings based on the display configuration of the remote connected device.

Hardware

Provides information about the hardware of the local or remote connected devices. This includes information regarding the vendor, model, type, cpu, memory, secure boot enabled, bios release, bios serial number, bios version, virtualization state and input methods. This information can be used for inventory management as well as for uniquely identify the device to enable compliant application access to critical business applications.

Geolocation

Provides information about the geolocation of the local or remote connected device. This includes information regarding the country, state, county, town, street, building and accuracy. This information can be used to control access to critical business applications when compliance and regulatory requirements need to be met. This feature requires use of a third-party location provider service and may be subject to third-party terms and conditions.

Data Storage

Provides information about all local and network drives available of the local or remote connected devices. This includes information regarding the drive letter, file system, label, path, type, server, network provider, share, space and usage. This information can be used for inventory management as well as for optimizing client drive mapping for virtual sessions.

Device

Provides information about the local or remote connected devices. This includes information regarding the device name, device distinguished name, device domain membership, domain security identifier, operating system name, operating system type, operating system version, operating system platform, operating system security identifier, smart card reader and how the device is controlled (local or remote controlled). This information can be used to uniquely identify devices for compliant resource access.

Network

Provides information about the network of the local or remote connected devices. This includes information regarding the IP address, DHCP settings, DNS settings, WINS settings, gateway IP address, gateway MAC address, network adapter MAC address, speed, status, Wi-Fi BSSID, Wi-Fi signal strength, Wi-Fi security status and SSID. This information can be used to identify location and to control access.

Password Policy

Provides information about the password policy of the local or remote connected devices. This includes information regarding the password history, max. and min. password age, min. password length and force logoff option. This information can be used to check if the remote connected device meets password policy requirements.

Power

Provides information about the power function of the local or remote connected devices. This includes information regarding the power supply connection state, battery charge level and the used scheme. This information can be used to notify the user in a full-screen virtual session when the battery is low and the power supply needs to be connected.

Printer

Provides information about all printers available on the local or remote connected devices. This includes information regarding the printer name, used driver, local or network printer, errors and security settings. This information can be used for inventory management as well as for controlling remote connected printers.

Regional Settings

Provides information about the regional settings of the local or remote connected devices. This includes information regarding the keyboard layout, keyboard locale, operating system language, operating system locale and the time zone offset. This information can be used to configure the virtual session regional settings depending on the remote connected device.

Remoting Protocol

Provides information about the remoting protocol used by the remote connected devices of the virtual session. This includes information regarding the runtime and the version of the remoting client. This information can be used to control access to the virtual session.

Access Mode

Provides information about the network method used by the remoting protocol on the remote connected device of the virtual session. This includes information regarding the outbound address and DNS name. This information can be used to control access to business applications based on the network access mode of the virtual session.

Screen Saver Settings

Provides information about the screen saver settings of the local or remote connected devices. This includes information regarding the screen saver status, the used screen saver, the screen saver timeout and if the screen saver is secured by a password. This information can be used to define an appropriate screen saver policy within the virtual session.

User

Provides information about the user using the local or remote connected devices. This includes information regarding the user name, user authentication incl. authentication provider, user privileges, password age, auto logon and domain membership. This information can be used to uniquely identify the user for compliant resource access.

Internet Service Provider

Provides information about the internet service provider (ISP) used by the local or remote connected devices. This includes information regarding the external IP address, the external DNS name, the country and the name of the ISP. This information can be used to identify corporate locations, home offices and location of partners.

Microsoft Windows Defender

Provides the status of Microsoft Windows Defender on Windows Platforms. This includes information regarding the last quick & full scan, behavior & signature threats and the version of security components and definitions. This information can be used to ensure a certain level of security of the local or remote connected devices.

Microsoft Windows Firewall

Provides the status of Microsoft Windows Firewall on Windows Platforms. This includes information regarding the active profile, inbound and outbound rules. This information can be used to ensure a certain level of security of the local or remote connected devices.

Microsoft Windows Update

Provides the status of Microsoft Windows Update on Windows Platforms. This includes information regarding the last update search, last update install, engine version, outstanding reboot and all pending updates. This information can be used to ensure a certain level of security of the local or remote connected devices.

Want to know more?

Contact us, take a look at our Product Data Sheet, or watch our deviceTRUST in a Nutshell Video.

Watch our Use Case Videos!

Check out our following use case videos to see how deviceTRUST’s context-based security solution is used to easily apply context-based security policy and allow a true context-based user experience.

Conditional access based on security state

We show how the status of the security components on the endpoint (firewall, anti-spyware, anti-virus, Windows updates, etc.) can be used to control access to the virtual session.

Conditional access based on Wi-Fi security

We show how the Wi-Fi security settings of the currently connected Wi-Fi network of the remote device can be used to control access to the virtual session.

Conditional access based on AD membership

We show how to grant access to the virtual session, depending on the Microsoft Active Directory domain membership of the remote device.

Conditional access based on certificate

We show how to grant access to the virtual session, depending on a valid computer certificate issued by the corporate certification authority (CA).

Device-based licensing with AppLocker

We show how to make a device-based licensed application (e. g. Microsoft Visio) available in accordance with the license agreement within virtual sessions. The unique serial number of the remote device is used to control the Microsoft AppLocker configuration, which in turn allows or prohibits the application licensed to the remote device.

Secure Screen Saver

We show how the screen saver settings on the remote device can be used to dynamically define a secure screen saver within the virtual session.

Endpoint defined DPI settings

We show how the DPI settings of the remote device can dynamically define the DPI settings of the virtual session.

Location aware corporate resouces

We show how the location of the endpoint is used within the virtual session to connect site-dependent corporate resources such as network drives and printers within the virtual session.

Wi-Fi roaming based default printer

We show how the default printer within the virtual session can be automatically selected depending upon the Wi-Fi access point currently connected to the remote device.

Client Auto-Update

We show how the deviceTRUST client on the endpoint can be automatically updated to the latest version without any user interaction.

Amazon AWS: WorkSpaces

We show how deviceTRUST supports Amazon WorkSpaces PCoIP protocol.

Citrix: Application Access based on Access Type

We show how the type of access (internal or external access) of the remote device is used by Citrix Workspace Environment Management (WEM) to control access to a Business Application.

Citrix: Location aware Corporate Resources

We show how the corporate office location of the remote device is used by Citrix Workspace Environment Management (WEM) to connect location aware corporate resources.

Citrix: Security based Application Access

We show how the security state of the security components on the remote device (Firewall, Anti-Spyware, Anti-Virus, Windows Update, etc.) used by Citrix Workspace Environment Management (WEM) to control access to a Business Application.

IGEL: Wi-Fi based conditional access

We show how the Wi-Fi security settings of the Wi-Fi network used on the IGEL remote device control access to the virtual session.

IGEL: Context based AppLocker Policy

We show how the Wi-Fi security settings of the current Wi-Fi network on the IGEL remote device controls the Microsoft AppLocker configuration for controlling application access within the virtual session.

FSLogix: Context aware App Masking

We show how the type of access (internal or external access) is used on the remote device to dynamically apply the corresponding FSLogix App Masking policy within the virtual session.