The Platform

The Tupelo Hosted Virtual Desktop, employs Windows 2016 (Windows 10 Experience) as the Remote Desktop Services platform.

The platform runs in our secure data centres operated by The Bunker at Sandwich Kent with the backup data centre at Newbury Berkshire.

When a user is authenticated by our SSL enabled web interface, a Citrix XenApp session is established presenting the user with a Windows desktop which appears to the user as if he was using a local PC, however the applications and the data are fully contained within the custody of the data centre.

There is no customer data transmitted to their local office PC’s which act as thin clients. The local machines require Internet Explorer, Citrix Receiver and local printer drivers. No other software is required on the local machine.

We recommend the use of thin clients, or thin client software from IGEL Technology. Thin clients provide access to the Remote Desktops and do not run Microsoft Windows Software. Thin clients act as an appliance only, supporting the VDU, Keyboard, Mouse and Network.

Security Model

A layered security system is employed to protect the Hosted Virtual Desktop and client data.

For any exploit to affect the user requires the malicious code to have to pass through all of the security layers. Tupelo have not in the last 4 years of operation received a Virus on the platform.

All communications to and from the data centre are encrypted using authenticated SSL certificates. No data is transferred in plain text. Not forgetting that Citrix does cause actual data to be moved from the data centre, only mouse and keyboard updates are transmitted.

The layers of security we employ are:-

The outer layer of our security system will scan all incoming emails and the attachments checking for known exploits, virus, phishing and ransom exploits. Emails containing malicious code will be deleted silently, whereas emails which fall into the spam category are quarantined and may be request by the users. White lists and black list can be maintained by the users.

The web browser is protected from a malicious web sites by not allowing a web site to find or explore personal information related to the user, and will police the usage of Flash, Java and JavaScript. The browser, virtual machines and windows patches are updated weekly to block known exploits.

This is the traditional Anti-virus layer, which is operated by Intel Security. This software in not the same as would be installed on PCs. we use the “Enterprise” editions which cause every file used to be checked on demand by a dedicated AV servers to ensure the platform processing is not loaded by the AV scanning process.

This is the fail-safe layer which blocks any software operation for being able to access the system files or registry. The lock down is the most critical aspect of our security. It is the lockdown which has provided us with a zero exploit and no downtime over the last 4 years. Applications are installed by us and are carefully monitored for vulnerability.


We work as a single united team with market leading firms around the world and give our clients the highest quality advice possible.