`


                    Outgoing VDI Gateways:
    Creating a Unified Outgoing Virtual Desktop Infrastructure
            ...
2




Table of Contents
      Executive Summary .............................................................................
3
ObserveIT captures a lot of extra information              they choose to connect to My Desktop they will
(metadata) abo...
4

                                                                Remote Desktop Gateway VDI allows the
Remote Desktop Ga...
5

Drawbacks to the VDI Solution                           Conclusion
  •   Remote Desktop Gateway VDI is more            ...
Upcoming SlideShare
Loading in …5
×

Remote Access Outgoing VDI Gateway

868 views

Published on

Show your customers exactly what you do during each remote support login.
As a Value-Add Reseller or Managed Services Provider, your customers depend on you to keep their platforms up-and-running. But blind-trust creates a relationship of ambiguity and doubt. When you record Terminal session and remote logins, every action that your staff performs on your customers' networks, you eliminate the cloud of doubt- with precise auditing.

Know who made each configuration change
Demonstrate precise actions with session playback
Reduce time-to-repair...

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
868
On SlideShare
0
From Embeds
0
Number of Embeds
6
Actions
Shares
0
Downloads
13
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Remote Access Outgoing VDI Gateway

  1. 1. ` Outgoing VDI Gateways: Creating a Unified Outgoing Virtual Desktop Infrastructure with Windows Server 2008 R2 and ObserveIT Daniel Petri January 2010 © Copyright 2010 ObserveIT Ltd.
  2. 2. 2 Table of Contents Executive Summary .............................................................................................................................. 2 How it Works........................................................................................................................................ 2 Remote Desktop Gateway VDI vs. “Old School” Terminal Services ........................................................ 4 Benefits of the VDI Solution ....................................................................................................... 4 Drawbacks to the VDI Solution................................................................................................... 4 Conclusion............................................................................................................................................ 5 About ObserveIT................................................................................................................................... 5 Executive Summary How it Works It is very common for enterprises to use a Terminal In order to fulfill this requirement, service Server or Citrix gateway in order to give external providers are using an approach that includes a VDI vendors access to internal servers or resources. gateway to initiate remote connections, and ObserveIT software in order to audit of the session However, we are starting to see a growing activities. adoption of a “mirror-image” of this solution: Service providers that need to connect to multiple In this scenario, service providers use a customer locations (using different protocols, combination of Virtual Desktop Infrastructure (VDI) according to customer requirements) who want to client machines that are stored on one or more provide a single access point through which all virtualization hosts. These computers are stored in outgoing traffic is routed. a saved or even shut down state, and are woken up when one or more users connect to them. This VDI Just as with an incoming gateway solution for implementation is combined with a central remote enterprises, these service providers have achieved access mechanism that the users connect to. That two important benefits with their outgoing mechanism serves as a session broker: a central gateway architecture: component that “knows” where the VDI clients are • Ease of administration and lower costs for stored, their current state (running, saved, shut managing multiple access methods down etc.), and the status of existing and disconnected sessions. When users connect to that • Full audit visibility of all actions performed on broker, they are then redirected to a VDI machine, client servers during remote support sessions where they log on and get their working environment. On the VDI machine, the ObserveIT Agent is installed and records all the user actions that are performed during that session. In addition, Whitepaper: Outgoing VDI Architecture www.observeit-sys.com
  3. 3. 3 ObserveIT captures a lot of extra information they choose to connect to My Desktop they will (metadata) about what is happening on the screen connect to a specific VM that you designate. This is at any given moment. The recordings and metadata similar to having a PC sitting on a rack that you are stored in a central SQL Server database, where would like a user to use remotely. When the user they are fully indexed and available for replay. The logs on to the Remote Desktop Web Access site extensive textual metadata allows for very detailed and chooses to connect to My Desktop, they will be reports of all user sessions, the applications they connected to this specific PC (VM) that is running used, and the files that were accessed. on the virtualization host(s). Similar to the previous option, machines need to be cloned and assigned a Users can connect to the VDI broker either unique name and IP address. However, when internally (located on the same LAN), or remotely. calculating the overall resource usage for such a For remote access, users will be required to solution, it is clear that by using personal desktops, establish a secure connection by using either a you are required to deploy many more machines, regular VPN connection, SSL VPN, or by using other because each user must have its own Virtual types of secure connections. Desktop. This is the pool of Virtual Desktops, The question of what machines do the users where you are only required to have as many VMs connect to can be answered in two ways: as you will have concurrent users. OPTION 1: One option is to create a “pool” of As you can see from the above examples you still virtual machines, similar to a “rack” of identical PCs need to configure each unique virtual machine, that you install and clone. Their configuration is because in effect they are separate computers. For identical, except that they each have a unique example, you still need to load the operating computer name and IP address. The process of system on each, install applications, join them to creating such an image is identical to the one you’d the domain, etc, – just as you would do with real use for cloning a physical computer, including the PCs. You can use the same techniques for installation of custom applications and programs, automating this process as you would if you running sysprep to prepare the system for cloning, needed to deploy multiple physical machines with and automating it all with unattended answer files. the same hardware/software. Windows 7 includes Once deployed, these machines are available on- new image deployment techniques that make this demand, which means that the users will get the type of scenario easier than before. first available Virtual Desktop from the pool (and if no available machine is turned on, a new machine can be turned on demand or resumed from a saved state). One of the nice features of such a configuration is the ability to roll back to their default image state once the user disconnects and closes the session. This means is that if a user infects a VM with a virus, installs software, deletes files on the local drive, or any other does any unapproved action, as soon as they logoff the VM's hard drive will revert back to what it was before they logged on. OPTION 2: The other option is to assign a user a single Personal Virtual Desktop, which means if Whitepaper: Outgoing VDI Architecture www.observeit-sys.com
  4. 4. 4 Remote Desktop Gateway VDI allows the Remote Desktop Gateway VDI vs. • creation and configuration of different access “Old School” Terminal Services methods, based on customer requirements. It’s worth noting that there are some substantial As stated above, this is useful when users differences between Remote Desktop Gateway VDI need to connect to many clients, each with and “old school” Terminal Services. Some include: different settings and configurations. • Remote Desktop Gateway VDI grants the Benefits of the VDI Solution ability to install custom applications that may cause conflicts if installed on a regular • Remote Desktop Gateway VDI allows Terminal Server. This allows service providers customization of the working environment, to give their users the exact tools they need to which includes the users’ profiles, desktop, perform their job when connecting to the installed applications and environment client networks. settings. This means that each user receives an entire personal operating system, and not • Remote Desktop Gateway VDI can be fully just a “slice” of the Terminal Server’s configured based upon clients’ NAP/NAQ operating system, allowing customization of enforcement policies, and without conflicting many more settings that are available with the with other clients’ requirements. One client regular Terminal Server restrictions. In can thus require that the vendor use a specific addition, users can choose to shut down or Anti-Virus product, while another client can reboot their own VDI machines, something request a different product and system that cannot be done with regular Terminal configuration settings. Each VDI desktop can Server. be customized to the clients’ needs, and these settings can also be pushed to the VDI desktop • Remote Desktop Gateway VDI allows isolation on demand, based upon the connection type. of the user environment, and the user session can be configured not to be a part of the • Remote Desktop Gateway VDI can be “reset” provider’s network. In such a solution, the VDI to a default image after usage, which means desktop can be configured not to connect to that no state is saved, and the computer is the same network as the users is located on, always “fresh”. If the user infects the and to be totally dedicated and/or isolated to computer with a virus, messes with the the client’s network. To connect to the VDI system settings, or even causes serious errors machine, the service provider users use a to the machine, the moment it is shut down virtualization remote control mechanism such and rebooted, it is reverted and rested to a as the remote control built into virtualization pre-defined state. products. • Remote Desktop Gateway VDI allows you to install various VPN clients without conflicts. This is most useful when service providers connect to various clients, each with their own set of VPN and remote connection requirements. When installed on one machine, some VPN clients and settings might interfere with each other, causing conflicts and configuration errors. Whitepaper: Outgoing VDI Architecture www.observeit-sys.com
  5. 5. 5 Drawbacks to the VDI Solution Conclusion • Remote Desktop Gateway VDI is more Because of the complexity of this solution, it is complex to set up and manage. In order to set most suited for service providers that have up such a solution you will need to extend customers that demand high security with your existing Terminal Services infrastructure connection isolation. Using this approach, service to a product that supports VDI, and to invest providers achieve ease of administration and lower in virtualization hosts that can carry the load costs for managing multiple access methods, plus of all the concurrent Virtual Desktops. full audit visibility of all actions performed on your • Remote Desktop Gateway VDI requires more clients’ servers during any remote support session. hardware resources. This means that unlike regular Terminal Services where one or more About ObserveIT physical server are used to host all the user ObserveIT is an innovator and leader in Terminal, sessions, you need to finely tune your Citrix and Console session recording, with solutions hardware to host many concurrent Virtual for Windows, Desktop and Virtual Machine Desktop machines, which, in most cases, environments. require a lot more resources. • Remote Desktop Gateway VDI is often more ObserveIT software visually records and replays all expensive as you are required to add licenses user sessions, providing detailed insight into all and hardware for the extra components. activities on the network. • Remote desktop performance might be Founded in 2006, ObserveIT has a worldwide limited in comparison with regular Terminal customer base that spans many industry segments, Services. This is because when using the including financial, insurance, healthcare, remote control tools built into virtualization manufacturing, telecommunications, government products to connect to the VDI desktops, the and IT services. remote connection protocol used by these tools is far less tuned for user experience. Sound (in and out), file copying operations and even printer redirection is limited or non- present, while RDP and ICA connections used with regular Terminal Services allow this and are better tuned for slow connection speeds. Whitepaper: Outgoing VDI Architecture www.observeit-sys.com

×