Problem solve Get help with specific problems with your technologies, process and projects.

Nonpersistence and Windows thin client security with Deep Freeze

If all you need is nonpersistent desktops, Deep Freeze imaging technology could be the answer.

Desktop imaging technology could be a replacement for desktop virtualization if you're looking for nonpersistence. It can also help secure thin clients that have been repurposed from PCs -- something that's been elusive in many environments.

At BriForum 2013, I was surprised to see Faronics in a nondescript booth in the Demo Lab. Faronics makes a desktop imaging product called Deep Freeze that enables admins to lock down an entire computer so that it boots to the same base image every time the system is started.

Nonpersistent desktops accomplish the same thing, where the users access a fresh desktop each time they log in, and any changes are discarded at logoff. Because of this nonpersistent functionality, Deep Freeze can basically provide virtual desktop infrastructure (VDI) functionality without actually deploying VDI.

If nonpersistence is your primary goal for desktop virtualization, you may have all you need with Deep Freeze.

You install your base OS, make all your changes, then install Deep Freeze and tell it to boot up the machine as "frozen." From there, any changes made during sessions will be thrown away at boot time unless an admin specifies that the machine should boot "thawed." Thawed machines are persistent until frozen again, at which point any changes made during the thawed period are committed and the machine becomes nonpersistent again.

One of the great things about it is that -- from an admin's perspective -- it just works. I didn't know until last week, though, how it all comes together. When freezing a machine, Deep Freeze creates a virtual file table that handles all file system requests, leaving the actual file table untouched. When frozen, any changes made to the hard drive are saved to the virtual file table, which is thrown away when the machine is rebooted. If thawed, those changes are allowed to pass through the virtual file table to the actual file table on the drive.

Faronics has enterprise versions of Deep Freeze that are centrally managed and can allow you some flexibility over what settings are persistent. The end result is a system that isn't just on or off, but is tailored to your desktops delivered via any form factor -- virtual or physical. That means if nonpersistence is your primary goal for desktop virtualization, you may have all you need with Deep Freeze.

Locking down Windows thin clients

There's another aspect of the product that I learned about during the show: the ability to provide thin client security for repurposed PCs.

We've talked at length about repurposing PCs as thin clients and the challenges of doing that based on the operating system involved. Many companies that do this would like to keep Windows as the OS, locking it down so that only the appropriate client software is available to the users. The end result is a system that's easily deployed and full-featured, compared to one based on Linux or some other OS that might not receive updates with the same frequency or might have hardware support issues.

The challenge with using Windows, though, is that although it's locked down, at the end of the day it's still Windows. That means it needs to be managed, protected and secured. Even the best products out there don't include things like antivirus or a firewall, so IT still has to manage the converted PCs as if they were Windows devices -- effectively doubling the number of Windows desktops in your organization.

With something like Deep Freeze, you could use whatever product you want to lock down your Windows thin clients, and then freeze the image so that at every reboot the user receives the exact image they were intended to have. Even if a machine were problematic, a simple reboot would be all you need to set everything back to normal.

I haven't dug into all the features that Deep Freeze has, so I'm not certain that it will take over the way we handle our desktop imaging strategies, but it's likely you've already used it somewhere in your company. It's worth mentioning as another item in your IT tool belt, because it can solve two very real issues every organization has.

Dig Deeper on Virtual desktop software and vendors

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

The article is very interesting, but I'm curious to know how Windows Updates affect the re-purposed PC once the desktop is frozen? Recently I experienced an unexpected and unwanted Windows Update that installed IE 10. Most of the websites I use do not support this version of IE. How would a frozen desktop react to an update like this which of more of application as opposed to an OS update?
If someone accidentally downloads a virus or some other compromising software is installed on an Open-Access Lab computer, that software will be wiped when the person logs off first time a user logs onto a computer. Files copy, permissions are set for that user’s profile, and a lot of first-time setup processes run, all of which slows down the login time