I use “pooled” or “non-persistent VDI”, so when people reboot all settings go away. I also use “VDI Personal Disks” (e.g.: Citrix Personal vDisk, VMware Persona, or Microsoft VDI “Personal Profiles”).

Actually, with VDI (of any flavor) you need PolicyPak even more. Let’s break this down into three things for VDI administrators to think about:

You want to make a setting change to the image itself

Every time you want to make a change with VDI, you have to take your image offline (usually) modify the application re-prepare it and put it back online.

This “pain the neck” is definitely necessary when you upgrade applications or update core operating system components.

But you shouldn’t have to do this just to dynamically change a security or other configurable application setting.

Instead, with PolicyPak, you can dynamically deliver the precisely correct security and application settings, leveraging Group Policy during login time as users log on to their VDI sessions. How elegant is that?

If you store users’ settings on “VDI Personal Disks”) (ie: Citrix Personal vDisk, VMware Persona, or Microsoft VDI “Personal Profiles”), these technologies save user’s own changes, but doesn’t do anything else.

So, it’s great when users make their own applications settings changes, that those user changes are “remembered” the next time the user logs on to another VDI session. Of course you want that. But that shouldn’t mean that your important IT settings should not be delivered and also enforced.

Only PolicyPak delivers settings. The VDI Personal Disks doesn’t prevent users from working around your important operating system or application settings. It doesn’t make your VDI solution more secure or prevent user-generated problems.

See our PolicyPak + VDI videos for Microsoft, Citrix, and VMware at http://www.policypak.com/integration/policypak-and-vdi-integration.html

While the user is in the VDI session, you want it to be as secure as any other corporate desktop

With VDI, you cannot get lazy and expect that the “temporary nature” of the session will protect you from lazy security and keep security breaches away. I think Brian Madden from his fantastic book, “The VDI Delusion” said it best:

“…But the bottom line is this: Every one of these complexities applies to Windows itself, which means that everything listed here is something you have to deal with regardless of whether you use VDI or client-based VMs or RDSH or streamed local disks or good old-fashioned traditional physical desktops. And since having even one Windows app means that you have to deal with all these complexities, you’re going to be dealing with these things for decades to come.

Remember, desktop virtualization does not fix this!

Desktop virtualization is simply a way to deliver desktops and apps to users. Desktop virtualization is just a new form of the desktop, just like the laptop was a new form of the desktop. But desktop virtualization is not a magic wand that will make these Windows complexities go away…”

Pages 142 – 143, by Brian Madden with Gabe Knuth and Jack Madden (published by Quest Software)

Back