Image management with app virtualization and Group Policy

A virtual desktop deployment has many moving parts: IT managers must install connection brokers, security servers, delivery controller and back-end virtualization platforms. So the average administrator may have difficulty grasping the idea that only one image is needed per operating system to maintain a virtual desktop environment when using application virtualization and Group Policy.

When discussing virtual desktop solutions with a customer, some say, "Now we can create ten images that can be presented to all of our users." I always respond with a reminder that only one image is needed, no matter what VDI solution is being used. The customer has a hard time believing that a single image is enough, but it makes sense.

A typical desktop administrator tends to think of a virtual desktop deployment as if it's a physical desktop deployment. He or she wants to ensure that when a user accesses their desktop, all applications are available and the user's profile will handle the Group Policy.

The concept of needing to maintain multiple images, based on what application is installed on them, comes from the idea that the application has a dependency on the underlying operating system (OS). When introducing application virtualization, this is not the case. Through technologies such as XenApp, ThinApp or App-V, the applications no longer have OS dependencies. When an image is created, it can be done so in a simplified manner without being cluttered

    Requires Free Membership to View

by heavy applications. Therefore, when a user logs-in to that image, no matter what type of user they are, the application can be delivered via application virtualization. This helps reduce a large amount of overhead on the virtual desktop while maintaining a single OS image.

The second reason that only a single image is necessary is because the use of Active Directory Organizational Units (ADOUs) allows for the organization of virtual desktops by Group Policy. When the end user needs to have certain associated security policies or configuration options, the policies can be applied directly to the virtual desktop through the ADOUs' GPO. Therefore, the virtual desktop is receiving its configuration from a predefined Group Policy assigned to the OU. No matter which VDI option a company chooses, all can integrate into the concept of Active Directory GPO delivered via OU placement.

Brad Maltz is CTO of International Computerware, a national consulting firm focused on virtualization and storage technologies. He holds certifications from VMware and EMC for many technologies. Brad can be reached at bmaltz@iciamerica.com for any questions, comments or suggestions.

This was first published in July 2009

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.