Manage Learn to apply best practices and optimize your operations.

Desktop virtualization: What Windows managers should know

Desktop virtualization allows the IT staff to lock down the desktop, but it still lets users have the freedom to do their jobs.

One of the biggest jobs for any Windows shop is managing client workstations. Using desktop virtualization can help make that job a little bit easier.

The challenges of managing workstations for the poor IT staff are many – they have to lock down the desktop, yet let users have freedom needed to do their jobs. Physical security is important to protect data on laptops that can be stuffed under a jacket. Then there's application installation, and don't forget licensing. This all adds up to a significant corporate investment.

If all the client computers could be put in a single, secure room with a locked door where the IT staff had total control, it would make life simpler and probably cheaper.

But we can't lock all the users in a room, so desktop virtualization is the next best thing. It allows IT to put all the computing resources – like desktops, data and applications – in the computer room and gives administrators local access and easier control. At the same time, users can access a secure desktop with a thin client or an unsecure laptop or PC.

So what is desktop virtualization? We can break it down into four categories: single remote desktop, shared desktops, virtual machine desktops and physical blade desktops.

Single remote desktop – You probably already use this. There are a host of products that have had this capability for some time, such as PCAnywhere, WebEx, VNC and Windows  Remote Desktop Protocol, or RDP. I use RDP frequently to see the desktop of a server that I don't have physical access to. Your Windows administrators most likely do this too.

two RDP sessions, looking at a domain controller and a Microsoft Exchange Server
Figure 1: Two RDP sessions, looking at a domain controller and a Microsoft Exchange Server. (Click on image for enlarged view.)

Figure 1 shows how I have two RDP sessions open from my laptop – looking at a domain controller and a Microsoft Exchange Server. Coupled with a virtual private network connection, a remote user can securely access a secure PC or server in your building from an unsecure laptop in his or her hotel room.

Shared desktops – Microsoft's Terminal Services and Citrix are probably the most common players in this market. This type of virtualization has a server that hosts user desktops and applications. The client can be a regular PC or laptop or a thin client. Shared desktop is popular because all the computing power resides on the server, with only video, keyboard and mouse input going over the network. It allows central control of the desktop and its applications, simplifies licensing and makes troubleshooting easier because the user's applications are on the server – not scattered out over several sites. It's not uncommon to find terminal server farms where many servers host hundreds or thousands of user desktops.

I worked with one company that had three line-of-business applications – we'll call them A, B and C. Each application had a specific user environment defined – applications like Microsoft Office and Adobe Reader – as well as specific icons, colors, Group Policies and so on. But where Application A required one version of Office, Application B required another. In addition, its point-of-sale offices required employees to use those applications as well. The company deployed them with Terminal Services and shared desktops. Thus, a user from any PC, thin client or terminal could log into the appropriate Terminal Server for Application A and get the correct desktop. Then later, the user could disconnect and log into another server to get the desktop for Application C. Administration was handled at the company's headquarters.

Virtual machine desktops –This is, in a way, the reverse of shared desktops. Like the other virtual desktop technologies, this has been around for a while but really hasn't been used a lot. In this case, a single client -- PC or laptop -- would host multiple desktops, which could use different operating systems.

I recall a stock trading company that issued all its traders three PCs: one to get email, store documents and do Web-based research; another to host a Windows application they used for trading; and a third that had to run a Linux desktop to access a line-of-business application. Using desktop virtualization, the company could have used one PC with virtualization software like VMware Workstation or Microsoft's Virtual Server. These are applications that can run multiple desktops, and each desktop can be a different operating system.

A VMware Workstation hosting a Windows Server 2008 machine, a Windows Server 2003 machine and a Red Hat Fedora client..
Figure 2: A VMware Workstation hosting a Windows Server 2008 machine, a Windows Server 2003 machine and a Red Hat Fedora client. (Click on image for enlarged view.)

Figure 2 shows VMware Workstation hosting a Windows Server 2008 machine, a Windows Server 2003 machine and a Red Hat Fedora client. This is all on one physical computer called the "host," which also has its own OS and desktop. These additional virtual machines take physical memory, CPU and disk space from the host.

Note that virtualization technology allows one virtual machine to crash, have performance problems or hang and not affect the others. The machines are files in the file system and can be moved to another host if needed.

Physical PC blade desktops – This technology isn't as common or as popular as the others, but it is something to consider. Here, the users would have their own PCs, but the physical hardware would be a "PC blade" in a blade enclosure in the computer room. It really is simply putting all the hardware in the computer room, and the users connect to it for their desktops just as they would to a terminal server. Blade PCs have been offered by ClearCube Technology and HP for some time, and others such as IBM offer them too. The chief advantages of using PC blades over other desktop virtualization technologies include:

  • Each user has his or her own PC rather than sharing resources with others on a server.
  • Terminal servers hosting shared desktops are susceptible to the server failing. You can take measures to minimize this, but it still is a risk.
  • Blades do require more maintenance because you would have 100 PC blades as opposed to a single server.

As you can see, there are several desktop virtualization technologies to choose from and hundreds of vendors trying to point out the benefits of their particular implementations. Evaluate each approach in terms of user productivity and frustration as well as cost and ease of administration. Windows managers should also involve the folks in their IT shops in the decision-making process so they can choose the best technology to fit their specific business needs.

Gary Olsen is a systems software engineer for Hewlett-Packard in Global Solutions Engineering. He wrote Windows 2000: Active Directory Design and Deployment and co-authored Windows Server 2003 on HP ProLiant Servers. Olsen is a Microsoft MVP for Windows Server-File Systems.

Dig Deeper on Virtual desktop management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.