All posts by admin

How To Virtualize A Workstation

Virtualizing consists of finding a dedicated computer or server to stay on and be the “Main” server for virtual connections.  Often a powerful computer, this will simply have a static address (internally or externally) and become the horsepower behind processing all the user requests for applications, data and more.

To Virtualize, there are some general pre-requisites you will need:

  1.  Determine what applications are needed (office, word, etc)
  2.  Discover if shared files will be required across company (shared drives) and where they reside.
  3.  Find a computer with 8 Gig ram or more to operate as the Gateway portal for your in-office and out of office access. Virtual Servers are ok if they don’t change.
  4.  Create users on the Gateway computer and create profiles for each.
  5.  Connect and go….

To try this yourself download a free trial or price out your project by clicking Here.

Determining which applications that can be used is one of the most important but commonly overlooked decisions in virtualization.  Only about 5 programs are generally needed or used.  By Virtualizing, you can actually increase your security by allowing through the virtual only the applications you want the organization to use.

Shared files and enforcement of AD or other folder / file security is then offered once purchased, allowing some users access to certain shares while others cannot.  Making a quick list of who can access what prior to installing the software can help speed up the installation and ensure compliance with your policies.

Computer / Server sizing is important and a virtual host uses tremendous amounts of memory to be capable of real-time service to multiple users. It’s a good rule of thumb to allocate 2Gig per user if you want fast performance.  One computer (non – server) can usually host 5 virtual workstations, while beefing up the ram and processer or switching to an 8Gig server 2008 can probably service 12-15 without an issue.

Creation of the users is simple as you can simply create a profile on the Gateway for each user, load their email, files and more.  Some organizations can even have shared drive access elsewhere that is usable by the virtual workstation.  Best practice is to create a “LOCAL” profile on the Gateway PC or Server, and then logon and make sure everything works.  The virtualization will come when someone connects via remote client software, IOS, or other method and be provided with the applications and data you pre-loaded.  A user switching from one device to another is a non-issue as the gateway has all the information and nothing is saved on the connecting device.

Printing can become a burden if users are offsite so make sure to know if you want to allow home printers to be used before you install and configure the software. To learn more about printing from virtual workstations click here.

Securing Virtual Workstations

Securing Virtual Workstations – Five things you need to prepare for when securing virtual workstations.

  1. Data, Email, Applications should not be on the local end-point machine, rather should be hosted.
  2. Local AV should exist on the end-machine if possible and always on the host computer
  3. Firewall policies should be tightened to allow for Virtual connection ports opening and little else except Microsoft Update, printing, AV updates and maybe port 80 for web surfing.  For truly tight security needs, having an executable whitelist program can further prevent usage of applications on a local machine that is not business related.
  4. Virtual Workstations should be connecting via IP address or hostname with approved client encrypted connections (Ipad, iphone, Microsoft compatible programs, MAC etc.).  Its critical to not “remember” passwords to allow someone who steals a computer to break in.
  5. Browser and web surfing should be local to the end-point consumer machine.   Also best practice is a web filtering product for end-points (hosted).

Critical Data should be kept on the host computer and accessible via file shares.  End-point virtual workstations (Windows PC’s, MAC, ipad etc) should be connection vehicles for the applications, data and confidential info.  Restrictions can even be setup via the host server to not allow copy/paste.   The most secure setup is having the connection vehicle just display the screen and move the mouse and keyboard.

AV is important and local AV keeps some of the threats from happening that can load dangerous key-loggers, that can capture your username and password for a future attack against the host.  Host computer should also have a well known fast AV with a low footprint.

Personal Computer or end-point firewall settings (often free and included with the OS) can be an advantage simply because with over 60,000 ports of communication available.  Firewalls can open and allow just the most known and used.  There’s no reason to leave a device wide-open for attack.  Choosing to allow and only-allow applications you use one a regular basis on the end-point connection further locks down security.

Web surfing usually brings the bulk of the threats via trojans, virus, malware etc.  All too often the Virtual workstation is someone’s home computer, ipad or travel computer and therefore is likely to have all sorts of infection potential via less secure networks.  It’s important to keep the personal web  surfing on the client side to prevent the Hosted server from having to fight off unnecessary infections.