Sharing a network folder containing files along with Windows permissions is an easy way to ensure users can only open the files and folders they are natively allowed to open.
Process of enabling virtual shared files:
Authenticate as different users to ensure each user has permissions granted and restricted based upon authority. An IT administrator can do this by right clicking folders of the shared drive and reviewing Security tabs.
Test permissions and restrictions.
Install VirtualWorkstation software
Configure Virtual Gateway Host computer/server to allow for file explorer application. Then change the users my documents profile on the Virtual Gateway Host computer (local profile) to map to the shared drive // path.
Test access and security from remote or virtual computer connection or workstation.
99% of our experience with a computer is using applications. For virtual workstations the elimination of the distraction of computer configuration allows a simple window to represent the available programs to the user community. Permissions can be placed on some apps to only allow certain users access. Application usage will load programs like MS Office, Word, Outlook, Notepad, custom EXE’s, Databases, and more through the connections enabling users to not have local installations of heavy applications. This configuration helps to reduce help desk, eliminate timely program updates when dealing with multiple computers, and centralized security and files.
Install the Virtual Workstation software
From the Host Server open the configuration window and find tab “Applications”.
Browse for the desired EXE and click select.
By Default the icon for things like MS Word will populate and you’ll be instantly sharing.
For custom Codes, ports, command line special needs for EXE’s, enter that in the Application Configuration once you have selected the appropriate shared program.
Publishing applications becomes a simple and fast way to centralize horsepower and security while allowing powerful application experiences on items such as Ipad, iphone and all manner of Windows and MAC PC’s and Laptops. The best part about the program is that only the visual representation of the monitor is transmitted so it’s fast and does not burden the end-user connection machine. Publishing applications should be done only where there is sufficient licensing with the applications being published and the rights to the license exist.
Work from Anywhere is being demanded for many organizations. Often only a few are allowed, but when offered, it can improve productivity or empower remote or road warriors to see their data remotely. Law firms can now see files in their corporate office via their iphone with a click of an iPhone app. Workers can use, edit word documents, excel, and even have outlook anywhere. In essence you can run your entire business from an ipad, that actually has zero data on it if stolen. Construction love having capability of seeing huge PDF’s of blueprints while onsite with and ipad, and zooming to the page and detail and not carrying any paper. Doctors can use it. Even students can use it if there are special apps or even special needs apps that can be accessed by students from anywhere, anytime from any device.
To enable Remote Computing
Install the Virtual Workstation Host software on the Server, AND the Virtual Workstation software for the client (or download via itunes for IOS)
Ensure you have a public or private IP statically configured to connect to.
Open the Firewall and forward port that you chose to the static internal IP
Open the app (ios) or the Application to connect and enter the IP (public or private), along with credentials.
See your remote apps and enjoy your new connection!
By Default the icon for things like MS Word will populate and you’ll be instantly sharing.
Printing is traditionally one of the most difficult areas of Virtual Office configurations. Fortunately the right software can in fact allow printers to show up when users are using normal applications like Word, Excel PDF etc when trying to print. Correct configuration offers the optional printers as the company printer networked or accessible from the Virtual Gateway Host computer, and the printer drivers loaded on each individual client. In this way a connection from user 4 will display optional printers they have on User4’s machine AND the corporate printer. Remote printing can also be disables if security prevents such remote printing.
Printing can become a burden if users are offsite so make sure to know if you want to allow home printers to be used before you install and configure the software.
Virtual Server is offered free via HyperV from MS Servers, while VMware will cost. Using a virtual server is identical to the setup of a physical server, with the exception the you first create the virtual server 2008 64bit etc., and allocate sufficient memory. We recommend 8 or more GIG ram. You will need a Static IP for the virtual server. This Virtual server becomes the dedicated computer or server to stay on and be the “Main” server for virtual connections. By creating the static IP for the device (192.168.xx.xx) you can then connect via the end user application or IOS app into the virtual server. Firewall settings can be made to forward certain ports that contain the encrypted usage packets to the correct machine via a PORT FORWARD rule. If you don’t want to enable outside connections, simply do not create a firewall rule (one to one NAT or forward), and enjoy the connect from anywhere within a LAN convenience from any device via a direct 192.168.xx.xx path.
Network setup is simple once you have found a powerful computer or server with Tons of RAM. A software designed for windows (best on 64 bit) will be sufficient. The software will always listen for connections, then respond, ask for authentication, and begin the process the user requests for applications, data and more.
For Networking, there are some general practices that you will need.
Load the software on your virtual server by visiting _____________ if you do not already have it.
Determine what applications are needed (office, word, etc), find file shares required across company (shared drives) and where they reside.
In the setup options configure to allow users to copy / paste, remote print and timeouts for disconnected sessions.
Load end user applications on MAC and Windows machines, or IOS apps.
To Purchase software, you will need to visit ___________ and select the appropriate amount of concurrent user licenses.
Determining which applications that can be used is one of the most important but commonly overlooked decisions in virtualization. Only about 5 programs are generally needed or used. By Virtualizing, you can actually increase your security by allowing through the virtual only the applications you want the organization to use.
Shared files and enforcement of AD or other folder / file security is then offered once purchased, allowing some users access to certain shares while others cannot. Making a quick list of who can access what prior to installing the software can help speed up the installation and ensure compliance with your policies.
Computer / Server sizing is important and a virtual host uses tremendous amounts of memory to be capable of real-time service to multiple users. It’s a good rule of thumb to allocate 2Gig per user if you want fast performance. One computer (non – server) can usually host 5 virtual workstations, while beefing up the ram and processer or switching to an 8Gig server 2008 can probably service 12-15 without an issue.
Creation of the users is simple as you can simply create a profile on the Gateway for each user, load their email, files and more. Some organizations can even have shared drive access elsewhere that is usable by the virtual workstation. Best practice is to create a “LOCAL” profile on the Gateway PC or Server, and then logon and make sure everything works. The virtualization will come when someone connects via remote client software, IOS, or other method and be provided with the applications and data you pre-loaded. A user switching from one device to another is a non-issue as the gateway has all the information and nothing is saved on the connecting device.
Printing can become a burden if users are offsite so make sure to know if you want to allow home printers to be used before you install and configure the software.
Microsoft Update does not plan for compatibility with others, rather simply releases what it wants. On rare occasions these patches can change the way windows works and alter the ability of users to access the virtual workstation host, gateway or server. Fortunately there is a best practice when virtualizing:
To Maximize Uptime and defend against serious MS patches that can take you down:
Isolate the PC / Server acting as the Virtual Gateway Host machine, in that no-one can access it but the IT.
Update all the patches and AV prior to installing Virtual Office software, which can be downloaded at ____________. If you need a good intelligent AV system, take a look at ________________.
Disable patches and automatic downloads of Windows Update. Instead schedule a periodic time once every few weeks to download and install the patches. Remember to backup BEFORE you patch.
Ensure Firewall policies and filtering policies do not allow the Virtual Gateway Host machine to surf the Internet via the Virtual connection which could open the machine to malware.
Virtualizing consists of finding a dedicated computer or server to stay on and be the “Main” server for virtual connections. Often a powerful computer, this will simply have a static address (internally or externally) and become the horsepower behind processing all the user requests for applications, data and more.
To Virtualize, there are some general pre-requisites you will need:
Determine what applications are needed (office, word, etc)
Discover if shared files will be required across company (shared drives) and where they reside.
Find a computer with 8 Gig ram or more to operate as the Gateway portal for your in-office and out of office access. Virtual Servers are ok if they don’t change.
Create users on the Gateway computer and create profiles for each.
Connect and go….
To try this yourself download a free trial or price out your project by clicking Here.
Determining which applications that can be used is one of the most important but commonly overlooked decisions in virtualization. Only about 5 programs are generally needed or used. By Virtualizing, you can actually increase your security by allowing through the virtual only the applications you want the organization to use.
Shared files and enforcement of AD or other folder / file security is then offered once purchased, allowing some users access to certain shares while others cannot. Making a quick list of who can access what prior to installing the software can help speed up the installation and ensure compliance with your policies.
Computer / Server sizing is important and a virtual host uses tremendous amounts of memory to be capable of real-time service to multiple users. It’s a good rule of thumb to allocate 2Gig per user if you want fast performance. One computer (non – server) can usually host 5 virtual workstations, while beefing up the ram and processer or switching to an 8Gig server 2008 can probably service 12-15 without an issue.
Creation of the users is simple as you can simply create a profile on the Gateway for each user, load their email, files and more. Some organizations can even have shared drive access elsewhere that is usable by the virtual workstation. Best practice is to create a “LOCAL” profile on the Gateway PC or Server, and then logon and make sure everything works. The virtualization will come when someone connects via remote client software, IOS, or other method and be provided with the applications and data you pre-loaded. A user switching from one device to another is a non-issue as the gateway has all the information and nothing is saved on the connecting device.
Printing can become a burden if users are offsite so make sure to know if you want to allow home printers to be used before you install and configure the software. To learn more about printing from virtual workstations click here.
Securing Virtual Workstations – Five things you need to prepare for when securing virtual workstations.
Data, Email, Applications should not be on the local end-point machine, rather should be hosted.
Local AV should exist on the end-machine if possible and always on the host computer
Firewall policies should be tightened to allow for Virtual connection ports opening and little else except Microsoft Update, printing, AV updates and maybe port 80 for web surfing. For truly tight security needs, having an executable whitelist program can further prevent usage of applications on a local machine that is not business related.
Virtual Workstations should be connecting via IP address or hostname with approved client encrypted connections (Ipad, iphone, Microsoft compatible programs, MAC etc.). Its critical to not “remember” passwords to allow someone who steals a computer to break in.
Browser and web surfing should be local to the end-point consumer machine. Also best practice is a web filtering product for end-points (hosted).
Critical Data should be kept on the host computer and accessible via file shares. End-point virtual workstations (Windows PC’s, MAC, ipad etc) should be connection vehicles for the applications, data and confidential info. Restrictions can even be setup via the host server to not allow copy/paste. The most secure setup is having the connection vehicle just display the screen and move the mouse and keyboard.
AV is important and local AV keeps some of the threats from happening that can load dangerous key-loggers, that can capture your username and password for a future attack against the host. Host computer should also have a well known fast AV with a low footprint.
Personal Computer or end-point firewall settings (often free and included with the OS) can be an advantage simply because with over 60,000 ports of communication available. Firewalls can open and allow just the most known and used. There’s no reason to leave a device wide-open for attack. Choosing to allow and only-allow applications you use one a regular basis on the end-point connection further locks down security.
Web surfing usually brings the bulk of the threats via trojans, virus, malware etc. All too often the Virtual workstation is someone’s home computer, ipad or travel computer and therefore is likely to have all sorts of infection potential via less secure networks. It’s important to keep the personal web surfing on the client side to prevent the Hosted server from having to fight off unnecessary infections.