Desktop VDI Operating System-HIPAA?

WarKraft · 2024-10-14T17:37:07.607Z

Hello,

We have a VMware 8.03 environment with 5 win 10 pro VDI we want to upgrade to Win 11 pro but want to know is this is HIPAA compliant for desktop vdi deployment?

Does Hipaa have documentation stating which OS is compatible for Hipaa in vdi environment ?

Does it apply to regular windows desktop deployment?

Thanks in advance

Rod-IT · 2024-10-14T18:17:53.129Z

HIPAA is about the security controls, not so much the OS.

https://www.hipaajournal.com/windows-11-hipaa-compliant/

For one example, encryption of data at rest, so if your SAN/Storage is not encrypted, the VM needs to be, you’ll need a KMS (not the same as Windows KMS) to do this. VMware VCSA does have a native key provider, you could use.

WarKraft · 2024-10-15T08:53:06.729Z

Thank you for the info and the article still does not clarify if we can use pro version or need to move to enterprise version for VDI environment

Also what KMS would you recommend using?

Dashrender · 2024-10-15T13:32:29.805Z

That’s because as Rod mentioned - it’s not really an OS thing. Home/Pro/Enterprise can all be HIPAA compliant. It’s more around your implementation.

Windows 10 (all versions) is compliant today mostly because MS is still releasing updates, once they stop releasing updates - it’s no longer compliant. Windows 11 is compliant for the same reason(s).

Rod mentioned encryption at rest, while not a specific requirement (Pretty sure it’s addressable) it is advisable.

Rod-IT · 2024-10-15T21:15:30.851Z

WarKraft:

Also what KMS would you recommend using?

Rod-IT:

VMware VCSA does have a native key provider, you could use.

There is one built-in if you configure it.

It’s a little unclear of your goal, do you need desktop OSes, would RDS work?

WarKraft · 2024-10-15T23:02:10.643Z

I just need to know if I create a windows 11 pro vdi I can use pro license or do I have to get Enterprise version?

If I use pro what I need to make sure its hipaa compliant

Thank you both

Rod-IT · 2024-10-15T23:07:49.202Z

WarKraft:

if I create a windows 11 pro vdi I can use pro license

Negative. You need an EA agreement with SA rights or you need a VDA license.

WarKraft:

If I use pro what I need to make sure its hipaa compliant

Regardless of the OS, you need security controls in place - if the business is already HIPAA compliant for physicals, follow the same process.

WarKraft · 2024-10-16T09:56:02.854Z

Rod-IT:

VDA license

Just to make sure we ae on the same page since this is giving me a brain fart…spinning up a windows 10 or 11 vm on a vmware esxi host is considered a VDI correct?

jasonfennell5736 · 2024-10-16T11:33:38.146Z

No. VDI is Virtual Desktop Infrastructure. It typically involves cloning VMs from a golden image in a product like VMWare Horizon or Citrix.

What you are doing is just spinning up a virtual machine on an ESXi host.

WarKraft · 2024-10-16T16:36:06.663Z

@jasonfennell5736 Thanks for your answer

So spinning up window 11 pro will not be Hipaa compliant I need to go to Enterprise?

jeffjones11 · 2024-10-16T16:51:46.434Z

No, whether Pro or Enterprise HIPAA compliance is based on the configuration of the OS and other security controls, not the licensing level. If you set up the Win11 VMs correctly, i.e. the same security settings as you used on Win10, they will be compliant regardless if they are Pro or Enterprise.

Rod-IT · 2024-10-16T18:56:06.096Z

DJF:

No. VDI is Virtual Desktop Infrastructure. It typically involves cloning VMs from a golden image in a product like VMWare Horizon or Citrix.

What you are doing is just spinning up a virtual machine on an ESXi host.

But from a licensing perspective this still requires EA with SA or VDA licenses if a user is accessing it remotely.

For clarity, here is a post by microsoft to hopefully make it simler.

Licensing Windows 10 with virtualization technologies - How-To - Windows - Spiceworks Community