Some organizations are taking advantage of the potential offered when running desktops as virtual machines through...
a hypervisor hosted in the datacenter to finally gain control over their unruly desktops.
Several different solutions exist for centralized desktop virtualization (CDV) or virtual desktop infrastructure (VDI), as it is sometimes called, and they range from internally managed virtual desktops to hosted virtual desktop systems.
But all of them have one factor in common: They require some form of hypervisor in the data center to run the virtual machines (VMs) containing the desktops. For example, Citrix XenDesktop will work with any one of three different hypervisors: Citrix XenServer, VMware ESX Server or Microsoft Hyper-V. And it's not the only one to do so.
What's great about CDV is that the virtual desktop truly emulates the end user desktop experience, providing access to many of the functions and operations users have come to expect from the actual desktops. But not all hypervisors are created equal when it comes to device support. Since the objective of desktop virtualization is to simulate and actually reproduce the desktop experience for the end user, you must make sure that the hypervisor you use to run your desktop VMs will provide the device support you require -- including USB ports, multi-monitor experiences, audio, video and more.
When you look at the devices supported by an actual desktop (see Figure 1), you'll see that the machine will provide access to any device that is available on the workstation by default. In fact, devices are so open that some organizations have gone to outrageous lengths to protect themselves from data theft through devices connected to USB ports. In some cases, organizations have even put epoxy or caulking into the ports of their desktops to stop users from plugging in removable storage devices. The problem was so prevalent that Microsoft added USB device control into Vista's Group Policy settings to let those organizations that needed the additional security get away from tampering with the physical ports.
Depending on the hypervisor you select you may not have to go to such lengths. For example, a machine running in Microsoft Windows Server Hyper-V will not have access to USB ports since they are not supported by the hypervisor. You'll also note that the same machine will not have access to sound and advanced video devices either.
VMware's ESX Server, however, provides complete support for device emulation. In fact, VMware's device support is so complete that it is indistinguishable from a physical machine when viewed through Windows Device Manager.
If device support is important to you, be careful which hypervisor you select to run your desktop VMs. Make sure you are familiar with the needs of your organization and be sure you fully understand which devices each hypervisor supports. In the end, you'll discover that since each end user interacts with a desktop VM through the Remote Desktop Connection available in Windows, or through another similar remote session protocol, the user will also have access to the devices located on the endpoint they use to work with their DVM. If the endpoint -- desktop computer, thin computing device or Web browser on an unmanaged computer -- includes devices such as USB ports, you'll want to use the controls in the Remote Desktop session to control whether or not users will have access to these components.
The devices users require depend on their role in the organization and the trust level you assign to them. In the best of all worlds, you'll want to know that your policies control device access in DVMs, not the features or lack thereof in the hypervisor you run the DVMs on.
Table of Contents
- Tip 1: Verify device support in your hypervisor
- Tip 2: Identify desktop virtualization audiences
- Tip 3: Prepare and protect user profiles before virtualizing your desktop
- Tip 4: Use application virtualization before moving to VDI
- Tip 5: Lock down systems by switching to a VDI technology
ABOUT THE AUTHORS:
Danielle Ruest and Nelson Ruest are IT professionals focused on technology futures. Both are passionate about virtualization and continuous service delivery. They are authors of multiple books, including Windows Server 2008: The Complete Reference (McGraw-Hill Osborne), which is focused on building virtual workloads with this powerful new OS. They are currently writing Virtualization, A Beginner's Guide (McGraw-Hill Osborne). They are also performing a multi-city tour on Virtualization in the U.S. Feel free to contact them at firstname.lastname@example.org for any comments or suggestions.