Tip

Prepare and protect user profiles before virtualizing your desktop

Danielle Ruest and Nelson Ruest, Contributors

There are three items that make up a desktop: the desktop operating system (OS), the applications the user requires and the user's data and preferences. These are the three key items you need to prepare and protect when you move to a virtual desktop infrastructure.

While each has its own peculiarities, the most important of the three -- at least from a user's perspective -- is the

    Requires Free Membership to View

user profile.

Traditionally, the user profile is stored within the confines of the desktop and because of this, it's not highly available and is trapped on the desktop itself. If the desktop dies, then so does the user's profile because they are often on the same disk drive. However, Windows includes several different technologies that are designed to achieve two specific goals in regards to user profiles:

  • The first is to move the profile from within the local desktop and store it on a network shared folder. This move is automatic and occurs through a process that is completely transparent to the end user.

  • The second is to provide profile mobility, letting the user access his or her preferences, data and application configurations from any desktop in the organization.

These two goals should be part of each and every virtual desktop infrastructure. By storing profiles outside of local desktops, you ensure that your users are able to work with any desktop in the organization (see Figure 1). Then, when you move from physical to virtual desktops, your implementation team does not need to be concerned about the migration or the retention of user data since it is already taken care of by Windows' own capabilities.

Figure 1
Maintaining the user profile outside the local desktop lets users work with any desktop.

Windows manages remote desktop profiles through two technologies. The first, roaming profiles, is a function of the user account within Active Directory. Basically, you tell Windows to store the user's profile on a network share instead of on the local desktop. The first time the user logs in, the profile is generated and stored on the network. If the user already has a profile when you assign roaming profiles, then the profile is moved from the local system to the network.

However, there are issues with roaming profiles. The most significant is that the Windows session will not open until the profile has been completely downloaded from the server. Because of this, you will want to marry roaming profiles with another Windows technology, folder redirection. Folder redirection -- also assigned through Active Directory, but this time through the Group Policy feature -- silently redirects local folder contents contained in the user profile to a network share.

The difference between folder redirection and roaming profiles is that with folder redirection, Windows does not need to create a local copy of all of a folder's content to let the user work. This significantly reduces the delay in opening the user session. On the other hand, folder redirection alone does not protect 100% of the user's profile. You use both together by excluding all of the redirected folders from the user's roaming profile.

By combining both technologies, you reduce the time it takes to open a session, yet you provide complete protection for user contents. Best of all, you can implement these technologies at any time, even before moving to VDI. That way, you reduce the risk of having one of the three desktop construction points block your move to virtual desktops.

Resources

For a complete description of how to move local profiles to a combined roaming profile/folder redirection strategy, look up Chapter 8: Working with Personality Captures from the free Definitive Guide to Vista Migration.


Table of Contents
- Tip 1: Verify device support in your hypervisor
- Tip 2: Identify desktop virtualization audiences
- Tip 3: Prepare and protect user profiles before virtualizing your desktop
- Tip 4: Use application virtualization before moving to VDI
- Tip 5: Lock down systems by switching to a VDI technology
 

ABOUT THE AUTHORS:
Danielle Ruest and Nelson Ruest are IT professionals focused on technology futures. Both are passionate about virtualization and continuous service delivery. They are authors of multiple books, including Windows Server 2008: The Complete Reference (McGraw-Hill Osborne), which is focused on building virtual workloads with this powerful new OS. They are currently writing Virtualization, A Beginner's Guide (McGraw-Hill Osborne). They are also performing a multi-city tour on Virtualization in the U.S. Feel free to contact them at infos@reso-net.com for any comments or suggestions.


 

This was first published in December 2008

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.