Tip

Nonpersistence and Windows thin client security with Deep Freeze

Desktop imaging technology could be a replacement for desktop virtualization if you're looking for nonpersistence. It can also help secure thin clients that have been repurposed from

    Requires Free Membership to View

PCs -- something that's been elusive in many environments.

At BriForum 2013, I was surprised to see Faronics in a nondescript booth in the Demo Lab. Faronics makes a desktop imaging product called Deep Freeze that enables admins to lock down an entire computer so that it boots to the same base image every time the system is started.

Nonpersistent desktops accomplish the same thing, where the users access a fresh desktop each time they log in, and any changes are discarded at logoff. Because of this nonpersistent functionality, Deep Freeze can basically provide virtual desktop infrastructure (VDI) functionality without actually deploying VDI.

If nonpersistence is your primary goal for desktop virtualization, you may have all you need with Deep Freeze.

You install your base OS, make all your changes, then install Deep Freeze and tell it to boot up the machine as "frozen." From there, any changes made during sessions will be thrown away at boot time unless an admin specifies that the machine should boot "thawed." Thawed machines are persistent until frozen again, at which point any changes made during the thawed period are committed and the machine becomes nonpersistent again.

One of the great things about it is that -- from an admin's perspective -- it just works. I didn't know until last week, though, how it all comes together. When freezing a machine, Deep Freeze creates a virtual file table that handles all file system requests, leaving the actual file table untouched. When frozen, any changes made to the hard drive are saved to the virtual file table, which is thrown away when the machine is rebooted. If thawed, those changes are allowed to pass through the virtual file table to the actual file table on the drive.

Faronics has enterprise versions of Deep Freeze that are centrally managed and can allow you some flexibility over what settings are persistent. The end result is a system that isn't just on or off, but is tailored to your desktops delivered via any form factor -- virtual or physical. That means if nonpersistence is your primary goal for desktop virtualization, you may have all you need with Deep Freeze.

Locking down Windows thin clients

There's another aspect of the product that I learned about during the show: the ability to provide thin client security for repurposed PCs.

We've talked at length about repurposing PCs as thin clients and the challenges of doing that based on the operating system involved. Many companies that do this would like to keep Windows as the OS, locking it down so that only the appropriate client software is available to the users. The end result is a system that's easily deployed and full-featured, compared to one based on Linux or some other OS that might not receive updates with the same frequency or might have hardware support issues.

The challenge with using Windows, though, is that although it's locked down, at the end of the day it's still Windows. That means it needs to be managed, protected and secured. Even the best products out there don't include things like antivirus or a firewall, so IT still has to manage the converted PCs as if they were Windows devices -- effectively doubling the number of Windows desktops in your organization.

With something like Deep Freeze, you could use whatever product you want to lock down your Windows thin clients, and then freeze the image so that at every reboot the user receives the exact image they were intended to have. Even if a machine were problematic, a simple reboot would be all you need to set everything back to normal.

I haven't dug into all the features that Deep Freeze has, so I'm not certain that it will take over the way we handle our desktop imaging strategies, but it's likely you've already used it somewhere in your company. It's worth mentioning as another item in your IT tool belt, because it can solve two very real issues every organization has.

This was first published in August 2013

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.