Outgoing VDI Gateways:



Similar documents
Remote Vendor Monitoring

Release Version 3 The 2X Software Server Based Computing Guide

Leostream Corporation leostream.com Share this Whitepaper!

Release Version 4.1 The 2X Software Server Based Computing Guide

Windows Server ,500-user pooled VDI deployment guide

Component Details Notes Tested. The virtualization host is a windows 2008 R2 Hyper-V server. Yes

Windows Server 2008 R2 Remote Desktop Services

Virtual Desktop Infrastructure

Enterprise Solution for Remote Desktop Services System Administration Server Management Server Management (Continued)...

White Paper. ThinRDP Load Balancing

VMware Virtual Desktop Infrastructure (VDI) - The Best Strategy for Managing Desktop Environments Mike Coleman, VMware (mcoleman@vmware.

Generate Reports About User Actions on Windows Servers

Real World Considerations for Implementing Desktop Virtualization

SECURE ACCESS TO THE VIRTUAL DATA CENTER

RDPLUS. FAQs. Thank you for choosing RDPlus as the Remote Desktop Technology solution for your Business.

Accops HyWorks v2.5. Quick Start Guide. Last Update: 4/18/2016

System Management. What are my options for deploying System Management on remote computers?

System Services. Engagent System Services 2.06

JETRO COCKPIT4 TURNS WINDOWS 2008/R2 TO AN ENTERPRISE LEVEL CENTRALIZE APPLICATION DELIVERY SOLUTION

VMware vcloud Networking and Security Overview

CA ARCserve Replication and High Availability Deployment Options for Hyper-V

Remote PC Guide Series - Volume 1

Enterprise Desktop Solutions: VMware View 4.5

Increasing Your VDI Project s Return on Investment Using Workspace Virtualization

Windows 7, Enterprise Desktop Support Technician

CNS Implementing NetScaler 11.0 For App and Desktop Solutions

Virtualizing Enterprise Desktops and Apps

Windows 7, Enterprise Desktop Support Technician Course 50331: 5 days; Instructor-led

WINDOWS AZURE NETWORKING

User Reports. Time on System. Session Count. Detailed Reports. Summary Reports. Individual Gantt Charts

White paper. Microsoft and Citrix VDI: Virtual desktop implementation scenarios

PROPALMS TSE 6.0 March 2008

Symantec Endpoint Protection 11.0 Architecture, Sizing, and Performance Recommendations

Provisioning Server Service Template

"Charting the Course to Your Success!" MOC D Windows 7 Enterprise Desktop Support Technician Course Summary

XenDesktop Service Template

Xcalibur Global 1.2

Deployment Guide: Unidesk and Hyper- V

OBSERVEIT DEPLOYMENT SIZING GUIDE

Microsoft Virtualizing Enterprise Desktops and Apps

Implementing and Managing Microsoft Desktop Virtualization en

2XApplication Server XG v10.1

Version 2.1. Copyright 2014 DataCore Software Corp. All Rights Reserved. Copyright 2014 DataCore Software Corp. All Rights Reserved.

MOC 10324A: Implementing and Managing Microsoft Desktop Virtualization

Hyper-V Network Virtualization Gateways - Fundamental Building Blocks of the Private Cloud

App Orchestration Setup Checklist

Simplify VDI and RDS Private Clouds for SMBs

An Analysis of Propalms TSE and Microsoft Remote Desktop Services

This guide provides all of the information necessary to connect to MoFo resources from outside of the office

Information Technology Solutions

Benefit. Allows you to integrate RES PowerFuse with application virtualization technologies other than SoftGrid (e.g. Citrix XenApp, VMWare Thinapp).

Record and Replay All Windows and Unix User Sessions Like a security camera on your servers

Course Description. Course Audience. Course Outline. Course Page - Page 1 of 12

Securing Virtualization with Check Point and Consolidation with Virtualized Security

2X ApplicationServer & LoadBalancer & VirtualDesktopServer Manual

Microsoft Virtual Desktop Infrastructure (VDI) FAQ

visionapp Remote Desktop 2010 (vrd 2010)

Implementing and Managing Microsoft Desktop Virtualization

Microsoft. Remote Desktop Services. November 2013

Module 3: Resolve Software Failure This module explains how to fix problems with applications that have problems after being installed.

How To leverage VMware solutions for Manageability & Security of Desktop. Matteo Uva Channel Manager Italy and Greece

Edit system files. Delete file. ObserveIT Highlights. Change OS settings. Change password. See exactly what users are doing!

CITRIX 1Y0-A16 EXAM QUESTIONS & ANSWERS

2XApplication Server XG v10.6

Maximize your Remote Desktop Services

Security. Environments. Dave Shackleford. John Wiley &. Sons, Inc. s j}! '**»* t i j. l:i. in: i««;

SA Citrix Virtual Desktop Infrastructure (VDI) Configuration Guide

Discovery and Usage data for Software License Management

Solving the Desktop Dilemma

How Using V3 Appliances Virtual Desktop Total Cost of Ownership (TCO) is Reduced: A Superior Desktop Experience For Less Money

2X ApplicationServer & LoadBalancer Manual

Guideline for setting up a functional VPN

How to Guide: StorageCraft Cloud Services VPN

DeviceLock Virtual DLP: Overview & Scenarios

Selecting the Right NAS File Server

6445A - Implementing and Administering Windows Small Business Server 2008

Data Security and Governance with Enterprise Enabler

Citrix XenApp-7.6 Administration Training. Course

Technology Partners. Acceleratio Ltd. is a software development company based in Zagreb, Croatia, founded in 2009.

Deployment Options for Microsoft Hyper-V Server

Managing Remote Access

Designing a Windows Server 2008 Applications Infrastructure

Netzwerkvirtualisierung? Aber mit Sicherheit!

W H I T E P A P E R M y t h s a n d R e a l i t i e s o f C e n t r a l i z e d V i r t u a l D e s k t o p A d o p t i o n

TECHNICAL WHITEPAPER. Author: Tom Kistner, Chief Software Architect. Table of Contents

Citrix Application Streaming. Universal Application Packaging and Delivery Breaking Away from Traditional IT

CITRIX 1Y0-A17 EXAM QUESTIONS & ANSWERS

How to Migrate Citrix XenApp to VMware Horizon 6 TECHNICAL WHITE PAPER

How To Load balance traffic of Mail server hosted in the Internal network and redirect traffic over preferred Interface

Working from Anywhere Exploring Remote Access Technologies

RES PowerFuse Version Comparison Chart (1/9)

SSM6437 DESIGNING A WINDOWS SERVER 2008 APPLICATIONS INFRASTRUCTURE

SA Citrix Virtual Desktop Infrastructure (VDI) Configuration Guide

Biznet GIO Cloud Connecting VM via Windows Remote Desktop

Hyperoo 2 User Guide. Hyperoo 2 User Guide

VMware Horizon Toolbox 2.0 Guide VMware End User Computing 2015 November

Deploying the BIG-IP System with VMware vcenter Site Recovery Manager

MobiKEY. Virtual Desktop Infrastructure (VDI) Integration. September 2012

XenDesktop 4 Product Review

Virtzone Cloud Control User Guide

Transcription:

` Outgoing VDI Gateways: Creating a Unified Outgoing Virtual Desktop Infrastructure with Windows Server 2008 R2 and ObserveIT Daniel Petri January 2010 Copyright 2010 ObserveIT Ltd.

2 Table of Contents Executive Summary... 2 How it Works... 2 Remote Desktop Gateway VDI vs. Old School Terminal Services... 4 Benefits of the VDI Solution... 4 Drawbacks to the VDI Solution... 4 Conclusion... 5 About ObserveIT... 5 Executive Summary It is very common for enterprises to use a Terminal Server or Citrix gateway in order to give external vendors access to internal servers or resources. However, we are starting to see a growing adoption of a mirror-image of this solution: Service providers that need to connect to multiple customer locations (using different protocols, according to customer requirements) who want to provide a single access point through which all outgoing traffic is routed. Just as with an incoming gateway solution for enterprises, these service providers have achieved two important benefits with their outgoing gateway architecture: Ease of administration and lower costs for managing multiple access methods Full audit visibility of all actions performed on client servers during remote support sessions How it Works In order to fulfill this requirement, service providers are using an approach that includes a VDI gateway to initiate remote connections, and ObserveIT software in order to audit of the session activities. In this scenario, service providers use a combination of Virtual Desktop Infrastructure (VDI) client machines that are stored on one or more virtualization hosts. These computers are stored in a saved or even shut down state, and are woken up when one or more users connect to them. This VDI implementation is combined with a central remote access mechanism that the users connect to. That mechanism serves as a session broker: a central component that knows where the VDI clients are stored, their current state (running, saved, shut down etc.), and the status of existing and disconnected sessions. When users connect to that broker, they are then redirected to a VDI machine, where they log on and get their working environment. On the VDI machine, the ObserveIT Agent is installed and records all the user actions that are performed during that session. In addition,

3 ObserveIT captures a lot of extra information (metadata) about what is happening on the screen at any given moment. The recordings and metadata are stored in a central SQL Server database, where they are fully indexed and available for replay. The extensive textual metadata allows for very detailed reports of all user sessions, the applications they used, and the files that were accessed. Users can connect to the VDI broker either internally (located on the same LAN), or remotely. For remote access, users will be required to establish a secure connection by using either a regular VPN connection, SSL VPN, or by using other types of secure connections. The question of what machines do the users connect to can be answered in two ways: OPTION 1: One option is to create a pool of virtual machines, similar to a rack of identical PCs that you install and clone. Their configuration is identical, except that they each have a unique computer name and IP address. The process of creating such an image is identical to the one you d use for cloning a physical computer, including the installation of custom applications and programs, running sysprep to prepare the system for cloning, and automating it all with unattended answer files. Once deployed, these machines are available ondemand, which means that the users will get the first available Virtual Desktop from the pool (and if no available machine is turned on, a new machine can be turned on demand or resumed from a saved state). One of the nice features of such a configuration is the ability to roll back to their default image state once the user disconnects and closes the session. This means is that if a user infects a VM with a virus, installs software, deletes files on the local drive, or any other does any unapproved action, as soon as they logoff the VM's hard drive will revert back to what it was before they logged on. they choose to connect to My Desktop they will connect to a specific VM that you designate. This is similar to having a PC sitting on a rack that you would like a user to use remotely. When the user logs on to the Remote Desktop Web Access site and chooses to connect to My Desktop, they will be connected to this specific PC (VM) that is running on the virtualization host(s). Similar to the previous option, machines need to be cloned and assigned a unique name and IP address. However, when calculating the overall resource usage for such a solution, it is clear that by using personal desktops, you are required to deploy many more machines, because each user must have its own Virtual Desktop. This is the pool of Virtual Desktops, where you are only required to have as many VMs as you will have concurrent users. As you can see from the above examples you still need to configure each unique virtual machine, because in effect they are separate computers. For example, you still need to load the operating system on each, install applications, join them to the domain, etc, just as you would do with real PCs. You can use the same techniques for automating this process as you would if you needed to deploy multiple physical machines with the same hardware/software. Windows 7 includes new image deployment techniques that make this type of scenario easier than before. OPTION 2: The other option is to assign a user a single Personal Virtual Desktop, which means if

4 Remote Desktop Gateway VDI vs. Old School Terminal Services It s worth noting that there are some substantial differences between Remote Desktop Gateway VDI and old school Terminal Services. Some include: Benefits of the VDI Solution Remote Desktop Gateway VDI allows customization of the working environment, which includes the users profiles, desktop, installed applications and environment settings. This means that each user receives an entire personal operating system, and not just a slice of the Terminal Server s operating system, allowing customization of many more settings that are available with the regular Terminal Server restrictions. In addition, users can choose to shut down or reboot their own VDI machines, something that cannot be done with regular Terminal Server. Remote Desktop Gateway VDI allows isolation of the user environment, and the user session can be configured not to be a part of the provider s network. In such a solution, the VDI desktop can be configured not to connect to the same network as the users is located on, and to be totally dedicated and/or isolated to the client s network. To connect to the VDI machine, the service provider users use a virtualization remote control mechanism such as the remote control built into virtualization products. Remote Desktop Gateway VDI allows you to install various VPN clients without conflicts. This is most useful when service providers connect to various clients, each with their own set of VPN and remote connection requirements. When installed on one machine, some VPN clients and settings might interfere with each other, causing conflicts and configuration errors. Remote Desktop Gateway VDI allows the creation and configuration of different access methods, based on customer requirements. As stated above, this is useful when users need to connect to many clients, each with different settings and configurations. Remote Desktop Gateway VDI grants the ability to install custom applications that may cause conflicts if installed on a regular Terminal Server. This allows service providers to give their users the exact tools they need to perform their job when connecting to the client networks. Remote Desktop Gateway VDI can be fully configured based upon clients NAP/NAQ enforcement policies, and without conflicting with other clients requirements. One client can thus require that the vendor use a specific Anti-Virus product, while another client can request a different product and system configuration settings. Each VDI desktop can be customized to the clients needs, and these settings can also be pushed to the VDI desktop on demand, based upon the connection type. Remote Desktop Gateway VDI can be reset to a default image after usage, which means that no state is saved, and the computer is always fresh. If the user infects the computer with a virus, messes with the system settings, or even causes serious errors to the machine, the moment it is shut down and rebooted, it is reverted and rested to a pre-defined state.

5 Drawbacks to the VDI Solution Remote Desktop Gateway VDI is more complex to set up and manage. In order to set up such a solution you will need to extend your existing Terminal Services infrastructure to a product that supports VDI, and to invest in virtualization hosts that can carry the load of all the concurrent Virtual Desktops. Remote Desktop Gateway VDI requires more hardware resources. This means that unlike regular Terminal Services where one or more physical server are used to host all the user sessions, you need to finely tune your hardware to host many concurrent Virtual Desktop machines, which, in most cases, require a lot more resources. Remote Desktop Gateway VDI is often more expensive as you are required to add licenses and hardware for the extra components. Remote desktop performance might be limited in comparison with regular Terminal Services. This is because when using the remote control tools built into virtualization products to connect to the VDI desktops, the remote connection protocol used by these tools is far less tuned for user experience. Sound (in and out), file copying operations and even printer redirection is limited or nonpresent, while RDP and ICA connections used with regular Terminal Services allow this and are better tuned for slow connection speeds. Conclusion Because of the complexity of this solution, it is most suited for service providers that have customers that demand high security with connection isolation. Using this approach, service providers achieve ease of administration and lower costs for managing multiple access methods, plus full audit visibility of all actions performed on your clients servers during any remote support session. About ObserveIT ObserveIT is an innovator and leader in Terminal, Citrix and Console session recording, with solutions for Windows, Desktop and Virtual Machine environments. ObserveIT software visually records and replays all user sessions, providing detailed insight into all activities on the network. Founded in 2006, ObserveIT has a worldwide customer base that spans many industry segments, including financial, insurance, healthcare, manufacturing, telecommunications, government and IT services.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information