Lock down systems by switching to a VDI technology

The best way to lock down systems is to move to a virtual desktop infrastructure (VDI). Organizations have unlimited problems when they grant users administrative access on Windows PCs, yet it is very difficult to lock down an entire environment and continue to provide end users, especially travelling users, with the functionality they need to do their job. Of course, locking down systems has changed over the years as Microsoft has tried to address both the need for lockdown and the need for user freedom, but perceptions of lock-downs still persist. Users do not want it, but corporations need it to reduce costs and maintain system stability. How do you marry the two?

With a virtual desktop infrastructure, users' corporate PCs -- the ones they need to perform their actual work -- become virtual machines; and the endpoints -- the systems they use to access their corporate PCs -- become unmanaged systems to some degree. When you work with VDI, the endpoint is only required to give the Remote Desktop Connection (RDC) required to access the virtual machine running the actual corporate desktop.

Because of this, you can use a more relaxed management strategy for the endpoints, making sure they are updated and protected, but otherwise leaving them as is. After all, the endpoint can be anything from an actual PC to a terminal or even a public PC providing a Web browser. VMware Inc., one of the leading providers of VDI, is even moving to provide users access to virtual desktops through mobile devices.

It is easy to lock down virtual desktops because of the way they work. A virtual desktop is often constructed on the fly as a user logs in, if, that is, you are using the right VDI strategy. PCs are composed of three core components: the desktop operating system (OS), end user applications and user data (see Figure 1).

When user data is stored outside the PC through proper management strategies, you don't need to worry about the actual machi...

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Virtual desktop infrastructure and architecture Bare-metal client hypervisors are coming -- for real this time Citrix CEO: Transition to on-demand services won't be pretty Dazzle brightens Citrix flexibility story What's new with virtual desktop infrastructure? VMware vs. Citrix virtual desktops -- what's the better deal? VMware revs up performance on virtual desktops Mark Minasi discusses cloud computing, Windows 7 and IT trends The top 5 ways that VDI can help improve your enterprise's security Will Windows 7 fuel desktop virtualization adoption? The first step toward a virtual desktop infrastructure: The assessment Virtual desktop management Citrix CEO: Transition to on-demand services won't be pretty What's new with virtual desktop infrastructure? How to protect virtual desktops on a corporate network Symantec and Quest's desktop virtualization suites hit the big leagues Moving from Presentation Server 4.5 to XenApp 5.0 Feature Pack 2 Top tools for securing a virtual desktop infrastructure The top 5 ways that VDI can help improve your enterprise's security Will Windows 7 fuel desktop virtualization adoption? Rejoice! Citrix modifies its XenDesktop license plans Manage Remote Desktop Services with Windows PowerShell Virtual desktop management tips How to configure Wyse terminals without console interaction How to protect virtual desktops on a corporate network Moving from Presentation Server 4.5 to XenApp 5.0 Feature Pack 2 Top tools for securing a virtual desktop infrastructure The top 5 ways that VDI can help improve your enterprise's security Capacity planning for Windows Terminal Services Taking a fresh look at Terminal Services security Manage Remote Desktop Services with Windows PowerShell How to back up PCs in a virtual desktop infrastructure The first step toward a virtual desktop infrastructure: The assessment

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary checkpoint  (SearchEnterpriseDesktop.com) desktop virtualization  (SearchVirtualDesktop.com) remote desktop  (SearchEnterpriseDesktop.com) virtual desktop  (SearchVirtualDesktop.com) virtual floppy disk  (SearchEnterpriseDesktop.com) virtual hard disk (VHD)  (SearchVirtualDesktop.com) Windows Remote Desktop  (SearchEnterpriseDesktop.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

ne the user is working with because the user's data will not be trapped inside this machine. If applications are virtualized and applied as needed at user login through streaming technologies, the apps, then, are not attached to an actual machine. They are provided to any machine the user accesses. This leaves you to deliver a desktop OS to every user in your organization that is really nothing more than a core set of functionality, updates and utilities.

Figure 1
[IMAGE]
PC construction includes three core layers.

Using VDI to provide volatile PCs to your end users or PCs that are constructed when a user logs in and then discarded when a user logs off makes it much easier to lock down the desktop because the user only relies on this system to perform actual work and nothing else. And, because you do not control the user's endpoint as tightly, it will be much easier to negotiate with users in order to affect the lock-down of the virtual machines in your VDI environment. For locked-down environments, VDI can give you the best of all worlds: Corporations finally have control over desktop machines, albeit, virtual desktop machines, and end users have the openness they require on the endpoints they use to access the corporate PCs.

[IMAGE]
[IMAGE]Table of Contents
[IMAGE]
[IMAGE] Tip 1: Verify device support in your hypervisor
[IMAGE] Tip 2: Identify desktop virtualization audiences
[IMAGE] Tip 3: Prepare and protect user profiles before virtualizing your desktop
[IMAGE] Tip 4: Use application virtualization before moving to VDI
[IMAGE] Tip 5: Lock down systems by switching to a VDI technology

About the authors: Danielle Ruest and Nelson Ruest are IT professionals focused on technology futures. Both are passionate about virtualization and continuous service delivery. They are authors of multiple books, including Windows Server 2008: The Complete Reference (McGraw-Hill Osborne), which is focused on building virtual workloads with this powerful new OS. They are currently writing Virtualization, A Beginner's Guide (McGraw-Hill Osborne). They are also performing a multi-city tour on Virtualization in the U.S. Feel free to contact them at infos@reso-net.com for any comments or suggestions.