A virtual desktop deployment has many moving parts: IT managers must install connection brokers, security servers, delivery controller and back-end virtualization platforms. So the average administrator may have difficulty grasping the idea that only one image is needed per operating system to maintain a virtual desktop environment when using application virtualization and Group Policy.
When discussing virtual desktop solutions with a customer, some say, "Now we can create ten images that can be presented to all of our users." I always respond with a reminder that only one image is needed, no matter what VDI solution is being used. The customer has a hard time believing that a single image is enough, but it makes sense.
A typical desktop administrator tends to think of a virtual desktop deployment as if it's a physical desktop deployment. He or she wants to ensure that when a user accesses their desktop, all applications are available and the user's profile will handle the Group Policy.
The concept of needing to maintain multiple images, based on what application is installed on them, comes from the idea that the application has a dependency on the underlying operating system (OS). When introducing application virtualization, this is not the case. Through technologies such as XenApp, ThinApp or App-V, the applications no longer have OS dependencies. When an image is created, it can be done so in a simplified manner without being cluttered by heavy applications. Therefore, when a user logs-in to that image, no matter what type of user they are, the application can be delivered via application virtualization. This helps reduce a large amount of overhead on the virtual desktop while maintaining a single OS image.
The second reason that only a single image is necessary is because the use of Active Directory Organizational Units (ADOUs) allows for the organization of virtual desktops by Group Policy. When the end user needs to have certain associated security policies or configuration options, the policies can be applied directly to the virtual desktop through the ADOUs' GPO. Therefore, the virtual desktop is receiving its configuration from a predefined Group Policy assigned to the OU. No matter which VDI option a company chooses, all can integrate into the concept of Active Directory GPO delivered via OU placement.
ABOUT THE AUTHOR:
Brad Maltz is CTO of International Computerware, a national consulting firm focused on virtualization and storage technologies. He holds certifications from VMware and EMC for many technologies. Brad can be reached at firstname.lastname@example.org for any questions, comments or suggestions.