Lock down systems by switching to a VDI technology

The best way to lock down systems is to move to a virtual desktop infrastructure (VDI). Organizations have unlimited problems when they grant users administrative access on Windows PCs, yet it is very difficult to lock down an entire environment and continue to provide end users, especially travelling users, with the functionality they need to do their job. Of course, locking down systems has changed over the years as Microsoft has tried to address both the need for lockdown and the need for user freedom, but perceptions of lock-downs still persist. Users do not want it, but corporations need it to reduce costs and maintain system stability. How do you marry the two?

With a virtual desktop infrastructure, users' corporate PCs -- the ones they need to perform their actual work -- become virtual machines; and the endpoints -- the systems they use to access their corporate PCs -- become unmanaged systems to some degree. When you work with VDI, the endpoint is only required to give the Remote Desktop Connection (RDC) required to access the virtual machine running the actual corporate desktop.

Because of this, you can use a more relaxed management strategy for the endpoints, making sure they are updated and protected, but otherwise leaving them as is. After all, the endpoint can be anything from an actual PC to a terminal or even a public PC providing a Web browser. VMware Inc., one of the leading providers of VDI, is even moving to provide users access to virtual desktops through mobile devices.

It is easy to lock down virtual desktops because of the way they work. A virtual desktop is often constructed on the fly as a user logs in, if, that is, you are using the right VDI strategy. PCs are composed of three core components: the desktop operating system (OS), end user applications and user data (see Figure 1).

When user data is stored outside the PC through proper management strategies, you don't need to worry about the actual machi

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Virtual desktop infrastructure and architecture Choosing between type 1 and type 2 client virtualization Does the cloud have anything to do with desktops? Configuring Active Directory GPOs in a VDI environment Techniques for overcoming challenging VDI, WAN connections Microsoft enters the VDI market with Windows Server 2008 R2 Choosing your desktop virtualization software ThinApp deployments in a training environment Which virtualization licensing model matches your needs? Four desktop virtualization vendors you don't know, but should Top reasons why VDI projects fail Virtual desktop management Choosing between type 1 and type 2 client virtualization Choosing the right client computing technology Does the cloud have anything to do with desktops? Configuring Active Directory GPOs in a VDI environment Understanding application virtualization as a software hosting strategy Techniques for overcoming challenging VDI, WAN connections Four good reasons to deploy virtual desktops now VMware training software allows quick lab set up Microsoft enters the VDI market with Windows Server 2008 R2 Choosing your desktop virtualization software Virtual desktop management tips Choosing the right client computing technology Configuring Active Directory GPOs in a VDI environment Four good reasons to deploy virtual desktops now Presentation virtualization: The low-complexity alternative to VDI Terminal Services get a makeover in Windows Server 2008 R2 How to install Microsoft VDI and key deployment considerations Third-party virtual desktop technologies for Microsoft VMware training software allows quick lab set up Choosing your desktop virtualization software Which virtualization licensing model matches your needs?

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary desktop virtualization  (SearchVirtualDesktop.com) virtual desktop  (SearchVirtualDesktop.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

ne the user is working with because the user's data will not be trapped inside this machine. If applications are virtualized and applied as needed at user login through streaming technologies, the apps, then, are not attached to an actual machine. They are provided to any machine the user accesses. This leaves you to deliver a desktop OS to every user in your organization that is really nothing more than a core set of functionality, updates and utilities.

Figure 1
[IMAGE]
PC construction includes three core layers.

Using VDI to provide volatile PCs to your end users or PCs that are constructed when a user logs in and then discarded when a user logs off makes it much easier to lock down the desktop because the user only relies on this system to perform actual work and nothing else. And, because you do not control the user's endpoint as tightly, it will be much easier to negotiate with users in order to affect the lock-down of the virtual machines in your VDI environment. For locked-down environments, VDI can give you the best of all worlds: Corporations finally have control over desktop machines, albeit, virtual desktop machines, and end users have the openness they require on the endpoints they use to access the corporate PCs.

[IMAGE]
[IMAGE]Table of Contents
[IMAGE]
[IMAGE] Tip 1: Verify device support in your hypervisor
[IMAGE] Tip 2: Identify desktop virtualization audiences
[IMAGE] Tip 3: Prepare and protect user profiles before virtualizing your desktop
[IMAGE] Tip 4: Use application virtualization before moving to VDI
[IMAGE] Tip 5: Lock down systems by switching to a VDI technology

About the authors: Danielle Ruest and Nelson Ruest are IT professionals focused on technology futures. Both are passionate about virtualization and continuous service delivery. They are authors of multiple books, including Windows Server 2008: The Complete Reference (McGraw-Hill Osborne), which is focused on building virtual workloads with this powerful new OS. They are currently writing Virtualization, A Beginner's Guide (McGraw-Hill Osborne). They are also performing a multi-city tour on Virtualization in the U.S. Feel free to contact them at infos@reso-net.com for any comments or suggestions.