Windows 2012 R2 and Linux SOE

Windows 2012 R2 SOE

  1. Driver Letters
    1. C:\ – OS
    2. D:\ – App
    3. E:\ – Data
    4. F:\ – Backup
    5. G:\ – Temp
    6. H:\ – Pagefile
    7. SQL Servers
      1. Data
      2. Log
      3. Backup
  2. Update VM Details
    1. Adjust memory to autoscale from lowest to required
    2. Update Boot order (HD and No DVD and No Network)
    3. Remove Floppy Disk
    4. BIOS
      1. Update Boot order
      2. Disable the Serial and Parallel ports
  3. Rename Server
  4. Add NICS in correct order in XenServer
  5. Adjust VM Memory to Auto
  6. Rename NICs
    1. netsh interface set interface name = “Ethernet 3” newname = “External_1”
    2. netsh interface set interface name = “Ethernet” newname = “External_2”
    3. netsh interface set interface name = “Ethernet 2” newname = “MAN_NET”
  7. Reserve DHCP IP for External_1 MAC
  8. Update IP Register
  9. Set Static IP
    1. MAN_NET
    2. External_1
    3. External_2
  10. Adapter Settings / View Details / Layout Menu Bar / Change Order
  11. Windows update
  12. Activate
  13. TimeZone
  14. Time
  15. Add to Domain
  16. Create A and PTR Records
  17. Reboot / Shutdown
  18. Enable RDP
  19. Enable Graphics Hardware Acceleration to Full
  20. Apply OS Hardening
  21. Disable TCP Chimney Offload
    1. http://support.microsoft.com/kb/951037
    2. http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1009517
    3. http://virtualizationandstorage.wordpress.com/2014/02/13/windows-networking-advance-features/
  22. Install XenTools
    1. Enable VSS / Volume Shadow Copy services (vsadmin) – http://technet.microsoft.com/en-us/library/cc771893.aspx /
    2. Enable XenServer VSS – C:\Program Files (x86)\Citrix\XenTools\install-XenProvider.cmd
    3. http://technet.microsoft.com/en-us/magazine/dd348398.aspx
  23. VMware Tools
    1. Uninstall Shared Folder Option
  24. Via Group Policy
    1. Enable Dedu for Data Drives – http://technet.microsoft.com/en-us/library/hh831434.aspx
    2. Disable AutoStart (GPO) – http://support.microsoft.com/kb/2328787
    3. Setup DelProfile Schedule Task – http://www.microsoft.com/en-au/download/details.aspx?id=5405
    4. Setup Map the shared Drive (GPO)
    5. Sysprep_backup
    6. CryptoLocker (GPO) – http://virtualizationandstorage.wordpress.com/2014/11/27/cryptolocker-group-policy-software-restriction/
    7. Schedule Remove rd /s /q %systemroot%\temp
    8. Empty Recycle Bin rd /s /q %systemdrive%\$Recycle.bin
    9. Schedule Defrag (GPO)
      • (cmd /c defrag c: > c:\temp\lastdefrag.txt)
      • jkdefragcmd.exe – http://www.kessels.com/jkdefrag/
      • cmd.exe /c start “JkDefrag” /BelowNormal “jkdefragCmd.exe”
      • Page file defrag – http://technet.microsoft.com/en-au/sysinternals/bb897426.aspx
    10. Disable IPv6 (GPO) – http://social.technet.microsoft.com/wiki/contents/articles/5927.how-to-disable-ipv6-through-group-policy.aspx
      1. HKLM\SYSTEM\CurrentControlSet\Services\tcpip6\Parameters\DisabledComponentsxFF
      2. Disable IP Helper Service
      3. Windows Firewall Block IPv6 Traffic – Block incoming and outgoing IPv6 protocol 41 (for ISATAP and 6to4) and UDP 3544
      4. NetSh
        1. netsh interface teredo set state disabled
        2. netsh interface ipv6 6to4 set state state=disabled undoonstop=disabled
        3. netsh interface ipv6 isatap set state state=disabled
    11. EventLog Archive (GPO)
    12. SOX (GPO) – http://virtualizationandstorage.wordpress.com/2013/11/26/sarbanes-and-oxley-settings/
    13. TCP Lock down – http://msdn.microsoft.com/en-us/library/ff648853.aspx
    14. Map Tools Directory and add to search path
    15. System State Backup Schedule (GPO) – http://technet.microsoft.com/en-us/library/cc753201.aspx
    16. Public Sharing On/Off (GPO)
    17. Adjust for Best Performance (GPO)
    18. GPUpdate for users (GPO)
    19. Adjust for Best formance of: Back Ground Services (GPO) “Depends on workload”
    20. Set Path Z: (GPO)
    21. Map Z: (GPO)
    22. Change advanced sharing settings / Turn on Network discover / Turn on file and printer sharing
    23. Adjust Explorer View (Show hidden files,etc)
    24. IE Homepage
    25. IE google search provider
    26. BigINFO -C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
    27. RDS License – Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Licensing
    28. Enable Desktop Experience
    29. Task Bar Configuration
      1. Never Combine
      2. All show Icons
    30. Disable the Encrypting File System (EFS)
      1. Fsutil behavior set disableencryption 1
      2. HKLM\System\CurrentControlSet\Control\FileSystem\NtfsDisableEncryption = 1
    31. Disable QoS Packet Scheduler
    32. Remove Script things https://github.com/securitywithoutborders/hardentools
    33. Disable ScreenSaver
    34. Software Restrictions GPO
      1. http://www.bleepingcomputer.com/virus-removal/cryptowall-ransomware-information
      2. http://technet.microsoft.com/en-us/library/cc786941(v=ws.10).aspx
      3. C:\<random>\<random>.exe
        C:\Users\<User>\AppData\Local\<random>.exe (Vista/7/8)
        C:\Users\<User>\AppData\Local\<random>.exe (Vista/7/8)
        C:\Documents and Settings\<User>\Application Data\<random>.exe (XP)
        C:\Documents and Settings\<User>\Local Application Data\<random>.exe (XP)
      4. %Temp%
        %TMP%
        %APPDATA%
        %LOCALAPPDATA%
    35. Setup backup – wbadmin enable backup -addtarget:\\server\location -schedule:01:00 -systemstate -quiet -vssfull

    36. Maintain Local Admin Password – http://blogs.technet.com/b/askpfeplat/archive/2014/05/19/how-to-automate-changing-the-local-administrator-password.aspx
    37. Deleted Local Profiles on Servers – http://support.microsoft.com/kb/274152
    38. Disk Clean up and Defrag
      1. http://blogs.technet.com/b/askpfeplat/archive/2014/05/13/how-to-clean-up-the-winsxs-directory-and-free-up-disk-space-on-windows-server-2008-r2-with-new-update.aspx
      2. http://support.microsoft.com/kb/2852386
      3. profiles
      4. %TMP%
      5. %AppData%
      6. C:\Windows\Temp
    39. Optimise Services (Exclude Domain Controllers)
      1. Power
      2. iSCSI
      3. Superfetch
      4. Print Spooler
      5. Themes
      6. Software Protection
      7. Remote Registry
      8. Internet Connection Sharing
      9. Windows Audio
      10. Windows Color System
      11. Plug and Play
  25. File Exclusions via End Point Security
  26. Install Software via SCCM
    1. Install 7-Zip
    2. Install PDF Reader
    3. Install CutePDF Writer
    4. Install Java
    5. Install Virus Protection
    6. Install Chrome
    7. Install Flash
    8. Malicious Software Removal Tool – http://www.microsoft.com/security/pc-security/malware-removal.aspx
    9. Microsoft Safety Scanner – http://www.microsoft.com/security/scanner/en-us/default.aspx
    10. http://www.safer-networking.org/full-anti-virus-protection/
  27. Add to XenServer Backup Script
  28. Defrag Disk
  29. Apply Domain Level – https://www.linkedin.com/pulse/what-windows-domain-functional-level-dfl-why-should-i-e-d-williams/
  30. Apply OS Optimisation
    1. http://msdn.microsoft.com/en-us/library/windows/hardware/dn529134
    2. http://virtualizationandstorage.wordpress.com/2014/08/27/windows-8-and-server-2012-optimisation-guide/
    3. http://longwhiteclouds.com/2015/01/27/nutanix-sql-server-db-vaai-clone-performance/
    4. https://labs.vmware.com/flings/vmware-os-optimization-tool
  31. Auto Start Join Domain Script
    1. Reserve IP Address for Mac Address
    2. Create DNS record for IP address
    3. Get Hostname via IP address
    4. Rename Server to allocated dns hostname
    5. Create account in domain OU
    6. Join Domain
    7. Delete script
  32. FEP configurations – http://technet.microsoft.com/en-us/library/gg193355.aspx
  33. Windows Firewall
    1. KMS – 1688
    2. DHCP
    3. DNS
  34. Full Microsoft Update
  35. Use IIS-Lockdown or URLScan tools
  36. Security Scans
  37. Windows Configurations – https://www.windowsafg.com/features10.html
  38. SYSPREP – C:\Windows\System32\sysprep\sysprep.exe /generalize /oobe /shutdown
  39. Post Configurations Items
    1. Rename Rename-Computer -NewName CN1 -LocalCredential WS\Administrator -PassThr
    2. Add Setup Static IP address
    3. Update Virus Signatures
    4. wuauclt.exe /updatenow
    5. Add to Domain
    6. Add to Monitoring system
    7. Add to Backups
    8. Add to IP List
    9. Add to Assets Register
      1. Document Maintenance Window
      2. Document Application Owner
      3. Document Change Approval Groups

Windows Activation

slmgr.vbs /upk - Install Product Key
slmgr /ipk W269N-WFGWX-YVC9B-4J6C9-T83GX - Install KMS Key
slmgr /ipk NPPR9-FWDCX-D2C8J-H872K-2YT43
slmgr /skms kms.xspace.in 
slmgr /ato - Activate Online
slmgr.vbs -xpr
slui.exe - Activate via phone
slmgr.vbs /dlv - Show details
0xC004F069
cscript //B "%windir%\system32\slmgr.vbs" -ckms
cscript //B "%windir%\system32\slmrg" 

Windows Unattended Customization

References

Linux SOE

  1. Lynis, an Auditing, system hardening, compliance testing https://cisofy.com/lynis/
  2. Edit  etc/sysconfig/network-scripts/ifcfg-eth0
  3. http://www.servermom.org/basic-centos-setup-before-building-a-working-server/414/
  4. Update
    • su -c ‘/sbin/chkconfig –level 345 yum on; /sbin/service yum start’
    • su -c ‘yum update’
  5. Harden OS
  6. ssh disable via root
  7. enable root online in console
  8. enable ssh only via managment network and interface
  9. Disable IPv6 – http://www.cyberciti.biz/tips/linux-how-to-disable-the-ipv6-protocol.html
  10. enable iptables
  11. enable point to point tracffic
  12. enable SELinux
  13. Install http://www.webmin.com/
  14. Lynis – https://cisofy.com/lynis/

Downloads

  • http://www.appvscheduler.com/#!download/c1vwv
  • Stackmate appliance – https://virtualizationandstorage.wordpress.com/wp-admin/post.php?post=3134&action=edit
  • Autodesk Smoke 2015
  • NetScaler – done
  • Microsoft SQL – done
  • Zimbra – done
  • Visual Studio – done
  • Desktop Optmization pack – done
  • Windows 8.1 – done
  • Office – done
  • XenApp
  • XenDesktop
  • VDI-in-a-Box
  • PVS
  • EdgeSight
  • Workflow Studio
  • NetScaler
  • CloudBridge
  • CloudGateway
    • Access Gatway
    • Store Front
    • App Gateway Appliance
  • XenMobile
  • Citrix Cloud Provider Pack
  • System Center
    • SQL Server Standard 2012 with Service Pack 1
    • System Center 2012 R2 – Orchestrator Server
    • System Center 2012 R2 – Operations Manager Server
    • System Center 2012 R2- Virtual Machine Manager Server Multilanguage
    • System Center 2012 R2 – ConfigMgr and EndpointProtection Multilanguage
    • System Center 2012 R2 – DataProtection Mgr Server and Toolkit Multilanguage
    • System Center 2012 R2 – App Controller Multilanguage
    • System Center 2012 R2 – Service Manager Server Multilanguage
    • System Center 2012 R2 Endpoint Protection for Linux OS and Macintosh OS Multilanguage
    • SCCM XenServer Pack
    • Citrix SCCM Connection for XenApp 2012Modi walkthrough guide RTM
    • SCCM citrix
    • AWS Management Pack for SCOM – http://aws.amazon.com/jp/windows/system-center/
  • Dynamics
  • Visio
  • Project
  • Project Server
  • Best Pratics Analysers
  • Solutions Accelerator and Baseline scanners
  • MDOP Pack
  • DaRT
  • Microsoft MED-V
  • Microsoft App-V
  • MDT
  • Microsoft Application Virtualization for RDS
    • Microsoft Application Virtualization for RDS provides the ability to run applications virtualized with App-V from an RDS (Remote Desktop Services) host. This would allow App-V encapsulated applications to run on the RDS hosts. Remember, RDS can have many active users at a time
  • Microsoft Application Virtualization Hosting for Desktops
    • Microsoft Application Virtualization Hosting for Desktops allows you to run applications virtualized with App-V on a workstation. You would install this on desktop and laptop computers to run App-V encapsulated applications. Remember, a desktop can only have one active user at a time.
    • http://stealthpuppy.com/app-v-faq-4-where-can-i-download-app-v/

 

 

 

Windows Server Operating System Security Hardening

Windows Server Operating System Security Hardening

  1. National Vulnerability Database – http://web.nvd.nist.gov/view/ncp/repository/checklistDetail?id=377
  2. National Institute of Standards – http://www.nist.gov/cgi-bin/exit_nist.cgi?url=http%3A%2F%2Fiase.disa.mil%2Fstigs%2Fos%2Fwindows%2Fu_windows_2008_r2_v1r8_stig.zip
  3. SOX Settings – http://virtualizationandstorage.wordpress.com/2013/11/26/sarbanes-and-oxley-settings/
  4. User AccountControl Flags – http://www.jhouseconsulting.com/2014/01/06/script-to-create-a-report-on-useraccountcontrol-flags-1088
  5. IBM Stuff
  6. Cryptolocker – http://www.thirdtier.net/downloads/NewCryptolockerWarning.pdf
  7. Security Technical Implementation Guides – http://iase.disa.mil/stigs/os/windows/2012.html
  8. Run scan against your OS – http://www.belarc.com/products.html
  9. Run Microsoft Security Compliance – http://technet.microsoft.com/library/cc677002.aspx
  10. PCI – Windows 2008 Standard

BareBones Rack/Server Design

BareBones Rack/Server Design

The goal if this research is to design a bare bones Server/Rack design using commodity PC components to provide resilient services..

Component Classification

  1. Father (Fault Tolerant Critical component) (Active/Active Synchronous)
  2. Mother (Highly Available Critical component) (Active / Active Asynchronous Load Balanced)
  3. Child Node (Load Balanced / Designed fail / cluster autoscale nodes) ( Active / NIL )
  4. Grandparents (Standalone/ Basic Backup and restore)

Research

Email and Collaboration Platform for Hosting

Email and Collaboration Platform for Hosting

Requirements

  • Email
  • Brick level restore of mailboxes and archives
  • Address Book
  • Calendar
  • Unified Communication
  • IM/Presence
  • Groupware
  • Webmail
  • Outlook Integration
  • VoIP
  • Mobile Access
  • Video
  • Voice Mail
  • Meeting
  • Conference
  • Active Sync/ Blackbery Sync
  • Service Provider Multi-Tenant Single Domain Multiple OUs Seperation
  • OpenSource / Community Version
  • Outlook Integration
  • Integration with Cloud Panel
  • Integration with Active Directory
  • IM/Presences
  • Mobile Email
  • Appliance
  • Exchange Migration
  • Comparison to Lync and Exchange
  • VoIP
  • Video
  • White label / Customisations to Customer
  • Opensource Versions
  • 3-5 users free versions
  • Integration with Active Directory/LDAP and SSO(SAML)
  • Self Service Integrations with Cloud Portals (Plesk or EMS-Cortex)
  • Multi-Tenant Compatible
  • Outlook Integration
  • Migration from Exchange support
  • Service Provider per use licensing model
  • Linux Client
  • On Premise
  • NFR Licensing for Development and Testing
  • Secure Gateways
    • Barracuda Networks
    • Cisco
    • Clearswift
    • Dell
    • Fortinet
    • McAfee
    • Microsoft
    • Mimecast
    • Proofpoint
    • SilverSky
    • Sophos
    • Symantec
    • Trend Micro
    • Trustwave
    • WatchGuard
    • Websense

Vendors

Requirements

Content Management System

    • Wiki
    • Micro Blogs
    • Shared Calendars
    • Document Management with version control (check in and out) with CIFS
    • Forum/Discussions
    • Answers & FAQ
    • Links/Booksmarks
    • Forms
    • Lists
    • Surveys
    • BPMS Workflow Approval for Documents, Tasks, Forms and Content
    • Project Management
    • Tasks

Sharepoint Features

 

  • Libraries
    • Document Library
    • Form Library
    • Wiki Page Library
    • Picture Library
    • Translation Management Library
    • Data Connection Library
    • Report Library
    • Slide Library
    • Shared Documents
  • Communications
    • Announcements
    • Contacts
    • Discussion Board
  • Tracking
    • Links
    • Calendar
    • Tasks
    • Project Tasks
    • Issue Tracking
    • Survey
    • Feedback
    • Forum Feedback
  • Custom Lists
    • Custom List
    • Custom List in Datasheet View
    • KPI List
    • Languages and Translators
    • FooterLinks
    • SiteOwner
    • Import Spreadsheet
  • Web Pages
    • Basic Page
    • Web Part Page

 

 

Social Enterprise Collaboration

Requirements

  • OpenSocial Social Network
  • Activity Steams
  • Profiles
  • People Directory and Org chart
  • Idea Generation
  • Commenting
  • Announcements

Vendors

Gartner-MQ_retina1

Reference:

Ubuntu Desktop as a Service

Ubuntu Desktop as a Service

Technology Stack

  • Novell eDirectory
  • No Machine
  • 2x
  • Virtual Bridges
  • Parallels –  http://www.parallels.com/au/
  • Hosting Controller
  • Zpannel
  • Cpannel
  • AWS Workspaces
  • RICE
  • EyeOS
  • NoMachine

Service Providers

Basic Features Requirements

  • Print
  • User Management
  • File Managment
  • Central LDAP
  • Web Interface Broker
  • HTML5 Clientless
  • Collaboration
  • Self Service
  • Billing
  • File Share

Single Server Modular DaaS (CSP/MSP) Design

Single Server Modular DaaS (CSP/MSP) Design

Core Components

Design Blue Print

102913_1258_justtheapps1 102913_1258_justtheapps2

Reference

HP ML350e Gen8 and XenServer PoC

HP ML350e Gen8 and XenServer PoC

  1. UpdateXpress
  2. Firmware
  3. BIOS
  4. Turn on DIP Switch 12 on the Motherboard to Enable Active Health System Download
  5. Other
  6. XenServer updates- http://support.citrix.com/product/xens/v6.2.0/#tab-hotfix
  7. HP Xenserver updates – http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdHome/?sp4ts.oid=5177962&spf_p.tpst=swdMain&spf_p.prp_swdMain=wsrp-navigationalState%3DswEnvOID%253D4109%257CswLang%253D%257Caction%253DlistDriver&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
  8. Install XenServer on USB – http://blogs.citrix.com/2010/10/18/how-to-install-citrix-xenserver-from-a-usb-key-usb-built-from-windows-os/
  9. Linux Drivers
  10. HP Proliant 350e Gen8 User Guide –  http://h20628.www2.hp.com/km-ext/kmcsdirect/emr_na-c03390868-6.pdf
  11. HP Software for 350e Gen8 – http://h20565.www2.hp.com/portal/site/hpsc/public/psi/swdHome/?cc=us&cc=us&lang=en&lang=en&sp4ts.oid=5272973&ac.admitted=1379316460693.876444892.492883150
  12. HP Smart Array Controllers for HP ProLiant Servers User Guide – http://h20566.www2.hp.com/portal/site/hpsc/template.BINARYPORTLET/public/kb/docDisplay/resource.process/?spf_p.tpst=kbDocDisplay_ws_BI&spf_p.rid_kbDocDisplay=docDisplayResURL&javax.portlet.begCacheTok=com.vignette.cachetoken&spf_p.rst_kbDocDisplay=wsrp-resourceState%3DdocId%253Demr_na-c01608507-11%257CdocLocale%253D&javax.portlet.endCacheTok=com.vignette.cachetoken
  13. HP ML 350e Gen8 Options – http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?prodSeriesId=5260584&objectID=c03405327
  14. HP Service Packs
  15. http://www8.hp.com/us/en/products/server-software/product-detail.html?oid=5104018#!tab=features
  16. http://h17007.www1.hp.com/us/en/enterprise/servers/products/service_pack/spp/index.aspx
  17. HP SmartStart
  18. HP Power Regulator – http://h20000.www2.hp.com/bc/docs/support/SupportManual/c00300430/c00300430.pdf
  19. HP Service Pack for ProLiant (SPP) Version 2013.09.0(B) – http://h17007.www1.hp.com/us/en/enterprise/servers/products/service_pack/spp/index.aspx

Virtual DMZ with Multi-WAN for NetScaler AAGEE Multi-Tenant (above your pay grade)

Virtual DMZ with Multi-WAN

Research on how to create a virtual DMZ with Mutli-WAN (Multiple Internet Connections) for Inbound and Outband traffic.

The theory is that a user will hit a url called https://access.* which will have multiply A records pointing Public IP Address that are provided by different Internet Service Providers with NAT to the Datacenter Router, that are forwarded to virtual VIF. Setup a Subdomain with a HTML forwarder to a Dynamic DNS or Public IP address.

  1. Subdomain HTML
  2. [sourcecode language=”html”]
    <!DOCTYPE HTML>
    <html lang="en-US">
    <head>
    <meta charset="UTF-8">
    <meta http-equiv="refresh" content="1;url=DOMAIN.com">
    <script type="text/javascript">
    window.location.href = "http://DOMAIN.com"
    </script>
    <title>Page Redirection</title>
    </head>
    <body>
    <!– Note: don’t tell people to `click` the link, just tell them that it is a link. –>
    If you are not redirected automatically, follow the <a href=’unitycloud.com’>link to example</a>
    </body>
    </html>
    [/sourcecode]

  3. Domain name Round Robin with public IP address for each Internet connection
  4. ZoneEdit Failover – http://www.zoneedit.com/failover.html
  5. Cisco 1841
  6. Vyatta or pfSense configure Multi-WAN
  7. Active/Active NetScaler GSLB with Proximity and Site Roaming – http://support.citrix.com/servlet/KbServlet/download/28997-102-681498/XD%20-%20High%20Availability%20-%20Implementation%20Guide%20v2-2.pdf
  8. AAGEE vServer for Multi-Tenancy customer1.*** customer2.**
  9. IP, VM NICs and Switch Configuration Requirements
  10. Data Replication – Synchronous
  11. VM Replication – Asynchronous
  12. Data Backup (email/file)
  13. Data Archiving Cloud

 

Reference Active/Active Design

DaaS Business case and ROI

DaaS Business case and ROI

Here bits on information to help develop a VDI Business case and calculate ROI.

DaaS is more difficult to cost-justify than server virtualization, but it can be done. Server virtualization reduces the amount of equipment in the data center, whereas with virtual desktops, physical hardware must be added to the data center. The additional hardware for virtual desktops may be an issue with data centers struggling to provide enough power and cooling for what they already have. Desktop virtualization does not offer the rapid ROI that has made server virtualization a ‘no-brainer’ business decision. Instead, the business case is built on less tangible results, such as tighter security, instant BCP/DR and increased workforce mobility. Properly architected Server Hosted Virtual Desktops, however, can result in a significant reduction in desktop support costs.

Several techniques can help keep capital expenditures (CAPEX) in check:

  • Anticipate the average Server Hosted Virtual Desktop CAPEX to be 1.4 – 1.7 times the cost of a physical desktop; although 1.0 – 1.4 times is achievable
  • Centralize desktop images; limit the number of dedicated virtual desktop images; use Diskless VDI
  • Re-purpose physical desktops as thin clients; support BYOD Policy
  • Allow Work from Home to reduce Head count requirement in Office
  • Evaluate the feasibility of System on a Chip (SoC)/ARM-based thin clients (<$200 retail)
  • Beware hidden costs (personalization, print roaming, network and storage upgrades)
  • Reduce Facilicites costs and implement Telecommunting policy

Storage Considerations

Numerous storage considerations heavily influence the costs, scalability, management, and user experience. This starts with the configuration of the virtual desktop’s virtual hard-disk architecture. The persistent storage model results in each user having a dedicated virtual desktop with dedicated storage, similar to the storage architecture of the traditional desktop. The nonpersistent model, on the other hand, allows virtual desktops to boot from a shared read-only master (that is, ‘golden’) image.

Persistent storage is the easiest solution to deploy, but it can result in significantly higher back-end storage costs because every user is assigned a dedicated virtual desktop image. It is simple to manage because management is nearly identical to that of the physical desktop. Users who require customization of their desktop environment are often assigned virtual desktops with persistent storage.

Nonpersistent storage involves allowing multiple users and virtual desktops to leverage a shared read-only image. That approach sounds great on paper and works well in some use cases (for example, task workers who require no modification to their desktop environment). However, the solution has trouble supporting knowledge workers without the aid of persistent personalization software.

Client Devices

In the typical VDI deployment, organizations choose between repurposing physical PCs and deploying new thin or zero clients. Repurposing physical PCs to behave like thin clients is a common strategy for reducing the initial capex required to deploy virtual desktops. This approach also allows organizations to buy themselves some time to wait out further maturity and innovations coming to thin- and zero-client endpoints. Furthermore, the organization can reduce risk by limiting its financial investment in a first generation VDI project.

Complimenting Technologies

Several other technologies complement virtual desktops as part of the modern user-centric application and data delivery approaches.

  • Server-based computing
  • Application virtualization
  • Persistent personalization
  • Cloud software and data services
  • Workspace aggregator

ROI Calculators

Survey

References