Jump to content


  • 0
jamitupya

Windows 7 vDesktop Projects

Asked by jamitupya

Question

jamitupya Newbie

jamitupya

Posted
Posted

As you can imagine, virtualized desktops is the "IN" thing at the moment and utilizing a wide range of toolsets and infrastructure.

 

Is anybody else building these solutions at this time?

 

 

 

 

 

One of the few "regular" requests to my organization is for better governance and control over the IT environment in the customers Offshore (and onshore) Service Desks, Corporate Entities and their Subsidiaries.

 

Generally this will fall down to the below arguments...

- No Consolidated governance of the individual companyInfrastructure

- No asset management of Software, hardware and compliance.

- A lack of IT resources to effectively manage theEnterprise Infrastructure and Desktop Environment.

 

The other request is in regards to Licensing and Data Retention.

- There are many risks of data leakage in most organizations (employee copying confidential information to USB memory, PC theft, etc.)

- Minimal network andapplication security

- Improve Antivirusand Security patches

- Many unapprovedapplications in use

 

In looking at these risks and possible methods to remove some of the burden on IT staff we are deploying a virtualized desktop client to our Customers and in turn securing the end-point devices (Fat Clients).

Our Lab for building services around is primarily based in the Citrix and CA World however where possible i am trying to move this to the Citrix / SCCM and App-V World. This thread is to provide a sounding board to myself and members who are undertaking other such projects.

 

 

 

LAB:

Hosts

Citrix XenServer HOSTS x 2

Hyper-V Management Server

 

 

vServers (on Management Server)

2 Domain Controllers for Forest Root (lab.dns)

1 SQL Server

1 File Server (user profiles and homes, USMT, etc)

1 Xen Center Server

1 Xen Desktop Server (DDC, Etc)

1 Application Server (Various Tools)

1 SCCM 2007 R2 Server

- PXE

- OSD

- Software Distribution

2 Domain Controllers for Client Domain (vdi.lab.dns)

 

 

vClients (on XenServer Hosts)

Various Virtual Desktops

10 Windows 7 ZTI vDesktops

5 Windows XP ZTI vDesktops

2 Windows Server 2008 R2 XenAPP Hosts

 

 

 

 

SO this is my Plan, im looking to provide a value add to our customers that enable us to utilize their existing SCCM Infrastructure and Site Servers to provide virtualized client services...

 

Any one care to talk about this? Ask questions etc? There's a heap of other requirements and software that we utilize to virtualize these environments however i will list them later if needs be.

 

 

Any concerns / Questions / comments ?

Share this post

Link to post
Share on other sites

6 answers to this question

Recommended Posts

  • 0
Jo Harder Newbie

Jo Harder

Posted
Posted

Hi Greg,

 

Your concerns are similar to that of many that are just jumping into desktop virtualization. It sounds like your main concern is security--data security, desktop security, antivirus security, and app security. Virtualized desktops can address all of that fairly easily.

 

A few settings you'll want to configure:

- Disable access to local drives, including USB drives within Citrix policies

- Disallow users from self-tweaking their systems, including locking down the command prompt and many control panel items via AD GPOs

- Administratively configure antivirus

 

When I was in field consulting, I would often ask the customer for a standard user account to see the environment from a user perspective. As you're moving along with your testing, I strongly encourage you to do the same. Sounds overly simplified, maybe, but it will help you gauge whether your security settings are overly prohibitive or perhaps too lax (yikes!).

 

Based on what you've written, I'm not sure whether you will host your applications on XenApp or use App-V streamed apps to either the virtual desktop or XenApp. In any case, think through what it is you need to do and the user experience. Take a look at CTX125515 for help with this.

 

Jo Harder

Citrix Systems

Share this post

Link to post
Share on other sites
  • 0
jamitupya Newbie

jamitupya

Posted
Posted

Hi Greg,

 

Your concerns are similar to that of many that are just jumping into desktop virtualization. It sounds like your main concern is security--data security, desktop security, antivirus security, and app security. Virtualized desktops can address all of that fairly easily.

 

A few settings you'll want to configure:

- Disable access to local drives, including USB drives within Citrix policies

- Disallow users from self-tweaking their systems, including locking down the command prompt and many control panel items via AD GPOs

- Administratively configure antivirus

 

When I was in field consulting, I would often ask the customer for a standard user account to see the environment from a user perspective. As you're moving along with your testing, I strongly encourage you to do the same. Sounds overly simplified, maybe, but it will help you gauge whether your security settings are overly prohibitive or perhaps too lax (yikes!).

 

Based on what you've written, I'm not sure whether you will host your applications on XenApp or use App-V streamed apps to either the virtual desktop or XenApp. In any case, think through what it is you need to do and the user experience. Take a look at CTX125515 for help with this.

 

Jo Harder

Citrix Systems

 

Hi Jo,

Impressed :-)

 

Currently we have a design for our global standard that is entirely based on XenAPP and XenDesktop. For our Managed Desktop Solution at current we utilize CA's toolsets however they don't play so well in the virtual environment and alot of customers are unwilling to go down the CA road as they already have SMS or SCCM implemented organization wide. So to marry the two solutions is my plan.

 

You are correct we already lockdown USB, Software installation (and drivers), have a variety of GPO's to solve these problems dependant on the users Group member ships, we also utilize the Appsense suite to ensure the more difficult to manage components are locked down and enforce as well as managing the user profiles are managed in an orderly fashion.

 

When we test the implementations we also use varying degrees of user accounts (no managed, lightly managed, highly managed) to test access and service availability.

 

I am only just beginning in the Citrix World and so far i like it, i'll have a read and post in the citrix forums and here :)

 

Greg

Share this post

Link to post
Share on other sites
  • 0
Andreas van Wingerden Newbie

Andreas van Wingerden

Posted
Posted

Greg,

 

It's funny to read your plans as I am actually in the process of preparing a session entitles "Managing your FlexCast environment with System Center" for our Synergy event next week in Berlin. Good see Jo on here as well and give you some pointers. I can tell you this board has given me a lot of help while preparing and I'll be making a big HOWTO guide based on a lot of info I found here and things I found while preparing for the Citrix community. You also looking into the SCCM connector for XenApp within your project as well? This would make application deployment from 1 central hub into a blessing however it was designed for SCCM 2007 and I have not (yet) tested it with SCCM vNext which your post hints at.

 

Good luck

 

Andreas van Wingerden

Citrix Systems

Share this post

Link to post
Share on other sites
  • 0
anyweb Proficient

anyweb

Posted
Posted

I can tell you this board has given me a lot of help while preparing and I'll be making a big HOWTO guide based on a lot of info I found here and things I found while preparing for the Citrix community.

 

nice to hear it and hope you link back to here in whatever document/seminar/etc you release :) and it's great to see you Citrix guys here !

Share this post

Link to post
Share on other sites
  • 0
jamitupya Newbie

jamitupya

Posted
Posted

Hi Andreas,

Yes i was looking at the connector however it seems to error out on my vNext installation. Not to worry as i will just use sccm until an updated version is released (any timeframe for a test you know of? ;-) )

I'm struggling with hyperv and scvmm atm and using this with xendesktop... just the performance isnt there atm, need to tweak more but customers keep bothering me... the bastards ;-)

 

good to see a couple of citrix people floating around and i'd be really interested to see any doco you pump out :-)

 

Good luck :-)

 

Greg

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
Go to question listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.