This guide is one in a series of planning and design guides that aim to clarify and streamline the infrastructure planning and design process for Microsoft® infrastructure technologies.
Each guide in the series addresses a unique infrastructure technology or scenario. These guides include the following topics:
The guides in this series are intended to complement and augment the product documentation.
Organizations today face the challenge of maintaining rigorous controls over their computing environments while providing the power and flexibility users need to be productive. User and IT goals can sometimes appear to be in conflict. Optimizing the corporate desktop environment resolves this conflict by providing IT the manageability it requires while giving users the varying levels of power and flexibility they need.
The Windows Optimized Desktop scenarios relate the business requirements (IT and user) for a flexible, efficient, and managed desktop environment to sets of complimentary Microsoft technologies by defining and using five standard user scenarios that map business requirements to technology solutions.
The challenges for IT encompassed in the need for management controls and users' needs for computing power and flexibility are many, especially when the need for efficiency in resource use is added. Goals include:
New desktop technologies from Microsoft offer a variety of options to help address these challenges. They can improve desktop flexibility, increase availability, and boost the productivity of end users. They can also help reduce cost, address compliance requirements, accommodate contingent staff, and support green initiatives.
Note This guide refers to the specific products and technologies that support the Windows Optimized Desktop scenarios. For a list of these technologies and brief descriptions of how each one contributes to the overall solution, see Appendix A, "Products and Technologies."
Organizations that wish to make use of the new technologies need to account in their planning for the different business requirements that apply to individual users' computing environments. Any particular environment can vary in both the types and degree of management controls that IT needs, and the types and degree of flexibility and access to resources that the user needs. Yet, customizing the desktop experience for each user is usually not feasible.
Microsoft has therefore identified five core scenarios: Office Worker, Mobile Worker, Task Worker, Contract Worker, and workers who need to Access from Home that segment users according to their work situations. These scenarios cover most desktop user situations, and describe the business requirements that apply to that situation, including both the individual user's needs and the IT management needs. Each scenario puts a different emphasis on computer equipment, applications, security, and networking. These scenarios give IT a workable approach to optimizing the organization's desktops without needing to customize desktops on an individual user basis.
Note It is important to remember that "one size does not fit all." The scenarios described will not necessarily meet all the needs of any given organization; some customization might be required. Also, the expectation is that some users will transition across more than one scenario as part of their daily activities. In such cases the organization may decide to provision all of the Windows Optimized Desktop scenarios that apply.
This Solution Accelerator helps organizations identify the Windows Optimized Desktop scenarios that are relevant for them, so they can match the scenario solutions (the technologies) to their needs.
Version 1.1 of this Solution Accelerator, Windows Optimized Desktop Scenarios, includes two components:
The assessment guide helps IT pros optimize desktops within their organization by providing a systematic process for understanding the scenarios, identifying target user populations, and matching these populations to user scenarios. The guide describes a few recommended variations for some specific scenarios and provides a preview of the integrated technology solutions associated with each scenario. After the scenarios have been identified, organizations can proceed to plan for deploying the indicated technology solutions
The intended audience for this guide is IT infrastructure specialists who are responsible for planning and designing the client platform infrastructure for their organization. The guide assumes that the reader's organization is considering a Windows Desktop Optimization project. IT pros who will implement the selected scenario solutions will also find the guide helpful to understand the planning and designing context for the project.
The Scenario Selection Tool is an Excel tool that helps IT pros take a systematic approach to identifying the most appropriate scenario for a given organizational segment by considering user and business requirements. Note Because most organizations have a varied environment, more than one Windows Optimized Desktop scenario will likely apply. From an IT planning perspective, the organization should prepare to support more than one scenario.
The Version 1.1 release of this Solution Accelerator reflects the additional functionalities provided by Windows 7 and Windows Server 2008 R2. A detailed listing of Windows 7 and Windows Server 2008 R2 functionality is included in the Appendix.
This guide addresses the following decisions and activities that need to occur to prepare for a Windows Desktop Optimization project.
The following figure provides a graphical overview of the steps to select the Windows Optimized Desktop scenarios that best fit the user groups in an organization.
Figure 1. The Windows Desktop Optimization assessment decision flow
The Windows Optimized Desktop uses five scenarios that are characterized by one or more of the following attributes:
This section describes each of the scenarios from a user and IT perspective to provide context for use of the Windows Optimized Desktop Scenario Selection Tool. The "Preview the Scenario Solutions" section later in this guide describes the underlying technologies that address the challenges for each of these scenarios.
The Office Worker scenario includes roles such as physician, architect, and research analyst. These users typically perform work that requires a stationary desktop computer within an office, or designated workspace, although they might also access multiple computers during the day if they roam from one floor or office to another within a workplace.
Office workers perform complex workflows that require multiple computer applications and tools, most of which must run locally on the desktop computer. These programs provide rich user experiences and might impose a high demand on computing resources for best performance. The desktop computer must have sufficient resources such as CPU, memory, and disk space to run these complex applications.
Examples of office workers include:
Organizations that have users who fit the Office Worker scenario face the following challenges:
The Mobile Worker scenario focuses on users who require a mobile computer and whose work requires them to travel between offices, often outside the corporate network. They have similar needs and challenges to office workers. However, unlike office workers, mobile workers do not have a consistent high-speed connection to the corporate network.
Mobile worker roles include outside sales, professional services consultants, and field engineers. These users typically perform work that requires mobile computers, which they connect to the corporate network when they return to their office, or occasionally connect to the company network remotely via VPN.
Like many office workers, mobile workers perform complex workflows that require multiple computer applications and tools that run locally on the computer. These programs often provide rich user experiences and might impose a higher demand on computing resources for best performance. These applications must be able to perform their specific functionality without needing to be connected to the company's network.
Examples of mobile workers include:
Organizations that have users who fit the Mobile Worker scenario face the following challenges:
The Task Worker scenario focuses on employees who have task-specific roles, such as call center analyst, warehouse worker, or retail employee. These users typically perform work that requires a stationary computer. They perform repetitive tasks within a small set of applications, and work within a shared space with other people in similar roles.
Task workers typically require no more than one or two applications throughout their work day. Unlike the programs that office workers and mobile workers use, these programs provide a simplified and streamlined user experience to help task workers complete their work rapidly. For example, during one shift, a call center analyst runs a single customer care application, a warehouse worker uses a logistics data entry application, and a retail employee uses a single application to provision and activate a new cell phone. The computers are typically well-managed so the user cannot install other applications or customize the environment.
Examples of task workers include:
Organizations that have users who fit the Task Worker scenario face the following challenges:
The Contract Worker scenario focuses on organizations that have staff from vendors and outsource companies. These workers may connect to the corporate network from computers that are outside the control of the IT department yet still access sensitive applications or data.
Contract workers typically have a temporary relationship with the organization. They may require a high end computer and local administrative access to develop applications. During their contract with the organization, these workers may also need to access and work with confidential and proprietary information while outside the immediate facility or beyond the control of the organization.
Examples of contract workers include:
Organizations that have users who fit the Contract Worker scenario face the following challenges:
The Access from Home scenario extends the Office Worker scenario to provide these users the familiar experience of their office desktop computer from their home computer when they are unable to be in the office. The users who leverage the Access from Home scenario have identical needs and challenges to office workers; however, their home computer is not under the direct control of IT, might have different versions of Windows® or applications than the corporate standards, and they rely on a high-speed network connection from their personal home computer.
The Access from Home scenario is designed to provide office workers access to applications and data; however, because they perform complex workflows that require extensive resources, some limitations may be imposed by remote access from home.
Examples of the Access from Home scenario include:
Organizations that have users who need the Access from Home scenario face the following challenges:
For some of these scenarios, there may be one or more variants that include centralized execution of the entire desktop environment, depending on the needs of the organization. There is no "one size fits all" solution; organizations can choose to implement more than one virtualization solution to best meet the needs of their users. The Windows Optimized Desktop Scenario Selection Tool will indicate which specific conditions lead to scenario variations, and will display multiple options in the results.
The following list briefly summarizes the scenarios.
In order to match your users to the scenario that best captures their requirements, you will need to determine which parts of the organization's environment to include in the infrastructure design, and establish the objectives of the project. These decisions will drive your use of the Windows Optimized Desktop Scenario Selection Tool to determine best fit scenarios.
Planning a Desktop Optimization project begins with establishing the boundaries for which you are building a solution. The starting point of this task is to choose the user population that you are responsible for, which could be the entire enterprise, a geographic area in which your organization operates, or a single department.
Depending on the objective of the project, your goal may be to optimize the desktops of every person within your sphere of influence. Sometimes, however, a business imperative calls for narrowing the scope to a specific user segment. For example, regulations in a country or region might require changing the desktop configurations of the employees in your organization who work within that geographical area to bring them into compliance.
Having bounded the total user population for your project, the next step is to divide this population into groups that are likely fits for the scenarios. If your project scope includes the entire enterprise, it is highly likely that a particular requirement that applies to one subgroup of employees does not apply to another. For example, if you have a sales force that consists of in-house telemarketers and sales people who make in-person sales, their requirements will be different so it might be necessary to subdivide them into two groups.
The goal will be to make each group as large as possible while accurately matching a scenario. Each identified group of users will require using the tool to complete an assessment.
Some possible approaches to segmenting users are to:
The process of matching user groups with scenarios involves the following tasks.
This section provides the questions from the Windows Optimized Desktop Scenario Selection Tool. Reviewing these questions will help you to understand the key differentiators that the tool uses to evaluate the applicability of a particular Windows Optimized Desktop scenario (the "Target") to a user segment. The descriptions (labeled "Comment") provide insight into the reasoning behind each question.
The following questions are from the User Requirements section on the Scenario Selection tab of the Windows Optimized Desktop Scenario Selection Tool. These questions apply to the users in the organization.
1. Do they need rich, locally executing applications that require significant performance and capacity from disk, memory, and graphics on the desktop client computer?
Comment: Users who have this need might run resource-intensive programs such as CAD or perhaps a relational database administration tool. The Office Worker scenario would be ideal to solve this challenge. The Mobile Worker scenario might also meet these criteria. Targets: Office Worker and Mobile Worker
2. Do they need to roam within the workplace from different computers to access their data and applications?
Comment: Users who follow a workflow that requires them to roam frequently within their office are likely to access the same applications on different computers. To preserve the user experience, the settings, files, and state are stored centrally. For example, a doctor might need to access patient information from the office and also the pre-surgery station. The Office Worker scenario would be ideal to solve this challenge. Target: Office Worker
3. Do they work in a branch office and need to access multiple corporate web-sites, web-portals, or corporate file shares?
Comment: Users who work in branch offices often experience latency in data response times due to distance from headquarters or limited bandwidth. This can adversely affect the productivity of Office Workers who are assigned to branch offices. This can also affect the productivity of Mobile Workers when they are in branch offices. For example, a bank loan officer who works at a remote branch must download a large file containing sales data daily. The Office Worker scenario could fulfill this need. Target: Office Worker, Mobile Worker
4. Do they work outside the office for a significant amount of time (for example, to visit customers or travel) and require access to their applications, data, and the corporate network?
Comment: Unlike an office worker, the mobile worker must perform specific work functions without a consistent connection to the Internet. For example, a field engineer works at numerous locations throughout the course of the day. The engineer needs to use diagnostic tools and database application without being connected to the Internet. Target: Mobile Worker
5. Do they perform a single job function that is highly repetitive, requires a single LOB application, and does not require personalized desktop settings?
Comment: Users who regularly access a specific set of applications and who do not require access to a rich desktop or additional network services can utilize a task-oriented environment. This allows the user to access only those specific applications needed to complete their tasks and share multiple client computers as needed. Target: Task Worker
6. Are they vendor staff who work either at your local job site or remotely?
Comment: Contract workers on temporary or offshore engagements who do not require dedicated computers will be provided with virtual desktop environments to complete their assignments. These virtual environments allow local administration (when needed) for the installation and customization of applications in a managed desktop environment that is provisioned only for the duration of the project. Target: Contract Worker
7. Does the organization require that no confidential information be stored on any contractor-owned computer?
Comment: Depending on the nature of the business, organizations must adhere to localized government regulations (for example, Sarbanes-Oxley, EUDPD, GLBA, PCI or HIPAA) and pass those same control requirements to their vendors and contractors for their systems and processes that manage confidential, financial or personal information. The solution can be to provision a Virtual Desktop Infrastructure (VDI) that allows contractors to work on confidential information without it being stored locally on their computers. Target: Contract Worker
8. If they are unable to get to their workplace, do they need to be able to use their home computer to access the important applications, data, and settings that their office or business computer provides?
Comment: In cases where an office worker is not able to access their workstation because they can't get to their office, their lack of productivity can be costly to the organization. The Access from Home scenario provides the user a contingency means to access a remote computer with access to their applications and settings. Target: Access from Home
The following questions are from the Business Requirements section on the Scenario Selection tab of the Windows Optimized Desktop Scenario Selection Tool. These questions apply to the business requirements of the users in your organization.
9. Do they need to travel abroad and use sensitive business data, but security policies prevent them from doing so?
Comment: A strict compliance requirement prescribes the use of a remote access capability such as Remote Desktop Services or VDI. This question addresses whether the application requires compatibility to a server-based or client-based operating system. If the application can successfully run on a multi-user server platform, Remote Desktop Services might be the solution. However, if the application needs a client operating system, VDI might be an appropriate choice. Target: Solution Variation: Mobile Worker using Remote Desktop Services
10. Does your organization have regulatory compliance requirements or policies that require applications to be run from a central server and data to be stored centrally?
Comment: When this is the case, business applications and data must only be accessed from a centrally managed desktop environment. To support this requirement, the Office Worker solution using RDS as needed or Mobile Worker using RDS to support compliance policies would apply. Target: Mobile Worker using RDS
11. Does your organization have regulatory compliance requirements or policies that require applications and data to remain on a server, but the applications require a client operating system?
Comment: Countries that have import restrictions on mobile computers could prevent users who are travelling from importing selected software. For example, an IT consultant travels to Asia where specialized software tools are prohibited. Because network connectivity is available at the job site, the consultant might consider using VDI. Target: Solution Variation: Mobile Worker using VDI, Office Worker using VDI
12. Does your organization have regulatory compliance requirements or policies that require applications to be run from a central server and data to be stored centrally, and the users require administrative permissions to perform their work?
Comment: If these constraints apply, business applications and data must only be accessed from a centrally managed desktop environment. In addition, users require local administrator privileges in the desktop environment to install new applications or to configure desktop environment settings. These requirements eliminate the option of presentation virtualization using Remote Desktop Services desktop virtualization. The choice that would best apply to this situation would be the Mobile Worker scenario using the VDI solution. Target: Solution Variation: Mobile Worker using VDI, Office Worker using VDI
The Windows Optimized Desktop Scenario Selection Tool is designed to help you identify applicable scenarios, based on user and business requirements, for each user segment within your organization. The tool is included with this guide in the download package.
You may need to run this tool more than once. If your user population is very heterogeneous, you will likely end up with more than one equally applicable scenario. This may indicate that you need to target a narrower user population and rerun the tool on this population.
The tool is built on Microsoft Office Excel 2003 and has four worksheets, identified by tabs:
Only the Scenario Selection tab requires user input. Questions on this tab are organized around two sets of requirements:
Your answers to these questions result in points added to or subtracted from one or more of the scenarios and variations, depending on how well they meet the requirement.
Note To get the best results from the tool, you may need to consult different experts within your organization who are familiar with your business and technical requirements.
As you make selections, the tool calculates the points and indicates best fit scenarios by the tallest bars in a graph shown on the Scenario Selection tab.
Total points for the scenario * 100Total points for all scenarios
Note The Windows Optimized Desktop Scenario Selection Tool helps you identify the most applicable scenarios based on a set of assumptions. If you have specific constraints, you will need to factor for them so that the scenarios you select meet the unique requirements for your organization.
Record the results of using the Windows Optimized Desktop Scenario Selection Tool for your target group of users and repeat the process until all users in scope have been classified into one or more of the Windows Optimized Desktop scenarios.
Note There can be exceptions based on specific user situations that necessitate the manual adjustment of an individual from one scenario to another.
You may want to use a table, such as the one illustrated below, to record the results of your assessment activities. This can serve as an inventory of the assessments you have done for future reference.
Table 1. Windows Optimized Desktop Assessment Inventory-example
Bldg A, Rm 100
Field Sales Force
In larger enterprises, it is highly likely that a particular requirement is true for one subgroup of employees and not true for another. In these cases, you may want to run the tool for each group, considering one group at a time. (For example, you may determine that the sales force conforms to the Mobile Worker scenario whereas the offshore engineering team conforms to the Contract Worker scenario.)
This section illustrates the integrated technology solutions from two perspectives:
This section presents the information in tables for quick and easy reference.
The following matrix maps the Windows Optimized Desktop scenarios to specific Microsoft products and technologies that address the stated challenges for that scenario.
Table 2. Scenarios Mapped to Products and Technologies
The tables in this section map the specific "Challenges for IT" described for each worker scenario in the "Step 1: Understand the Desktop Optimization Scenarios" section to the Microsoft products and technologies that address those challenges.
Each table contains a horizontal header and two vertical columns. The horizontal header uses abbreviations to indicate to which scenarios the challenge applies. These abbreviations are:
The horizontal header also lists any assumptions made by the proposed solution. The vertical columns indicate how specific Microsoft products and technologies address the challenge and list those specific products and technologies.
Note For a brief introduction to these products and technologies, see Appendix A, "Products and Technologies."
Table 3. Challenge: Support Application-Specific Security and Regulatory Compliance Efforts
Applicable Scenarios: O M T A
Application-specific security and compliance requirements can be met by running the sensitive application from a central server and using presentation virtualization to provide access from the local computer.
How specific solution components address the challenge
Microsoft RemoteApp™ gives the Office Worker and Task Worker the ability to interact locally with remotely executing applications. Users perceive that their applications run locally when in reality their applications run on a secure and centrally managed remote server.
RemoteApp in conjunction with Active Directory® Domain Services (AD DS) can control access to the remote application based on the user's credentials and helps ensure that sensitive data doesn't leave the corporate data center.
The Office Worker and Task Worker scenarios use Windows Server 2008 Remote Desktop Services and RemoteApp.
Remote Desktop Services Gateway redirects the Mobile Worker on the Internet to a Remote Desktop Services session that runs applications on a central server on the corporate network if access to internally-hosted applications is required.
RD Gateway in conjunction with AD DS can control access to the remote session based on the user's credentials.
The Mobile Worker scenario uses Windows Server 2008 Remote Desktop Services and RD Gateway.
Microsoft Application Virtualization 4.5 (App-V) allows IT to control which applications get deployed to the user's local computer through group membership.
App-V for all applicable Windows Optimized Desktop scenarios.
The virtual desktop infrastructure enables centralized storage, execution, and management of Windows 7 based virtual machines within the data center. The Remote Desktop Protocol (included with Windows 7) enables Access from Home workers to connect to these virtual machines that are hosted within a secure and centrally managed corporate data center.
The Access from Home scenario uses Windows Server 2008 Remote Desktop Services, RD Gateway, and VDI (Hyper-V™, System Center Virtual Machine Manager, a third-party connection broker [such as Citrix XenDesktop,] and Windows Virtual Enterprise Centralized Desktop)
Table 4. Challenge: Secure Confidential Local and Portable Data
Applicable Scenarios: O M
Using BitLocker™ to encrypt local operating system and data will protect confidential information. BitLocker To Go™ provides data protection for removable storage devices such as USB flash drives and portable hard drives.
How specific solution components address the challenge
With respect to the Office Worker and Mobile Worker scenarios, BitLocker protects confidential data on desktop and mobile computers when the computers are recycled, or are lost or stolen.
Windows BitLocker Drive Encryption and BitLocker To Go for all Windows Optimized Desktop scenarios.
With respect to all scenarios, encrypting the Windows Server operating system will protect confidential data if the data center is compromised, while requiring the encryption of all portable devices will protect data if the devices are lost.
Table 5. Challenge: Maintain High Levels of Continuity and Provide Flexibility to Access Multiple Desktop Environments
Applicable Scenarios: O M T
High levels of business continuity and flexible access to multiple desktop environments can be achieved by centralizing storage and dynamically provisioning applications, application data, user data, and user profiles.
How specific solution components address the challenge
Collectively, these products and technologies allow users move from one computer to another and continue to work seamlessly because their applications, data, and user profile are dynamically provisioned over the network. This dynamic provisioning and centralized management of data, applications, and settings also enables the "replaceable PC" and "free seating" scenarios.
App-V, when used in streaming mode, speeds dynamic provisioning by streaming only those portions of the application that are needed for the first launch.
In case of a lost, stolen, or faulty computer, the Office Worker and Mobile Worker can quickly move to a different computer to resume work with little or no downtime.
Microsoft Application Virtualization 4.5 (App-V), System Center Configuration Manager R2 and Windows 7 (folder redirection, client-side caching, roaming user profiles) for all Windows Optimized Desktop scenarios.
In the "free seating" scenario, the Task Worker can quickly move between shared terminals and resume work with little or no downtime using Remote Desktop Services.
The client-side caching feature of Windows 7 keeps a synchronized copy of the user's data and profile on the local client computer (for the Office Worker and Mobile Worker.)
Table 6. Challenge: Address Compatibility Issues Between Applications or Between an Application and the Operating System
Applicable Scenarios: O M
Application virtualization can address compatibility issues between applications. Desktop virtualization can allow users to run legacy applications on virtualized environments that host earlier versions of the operating system.
How specific solution components address the challenge
App-V enables installation and execution of applications within separate virtual environments. This allows the Office Worker and Mobile Worker to run applications that are otherwise incompatible with each other and cannot exist within the same desktop environment.
Microsoft Application Virtualization 4.5 (App-V) and Microsoft Enterprise Desktop Virtualization for Office Worker and Mobile Worker scenarios.
Microsoft Enterprise Desktop Virtualization allows you to create an instance of a previous version of the operating system in a virtual environment that can be used to host applications that are incompatible with the latest version of the Windows operating system. IT can therefore upgrade the Office Worker and Mobile Worker to the latest version of the Windows operating system and use Microsoft Enterprise Desktop Virtualization to run incompatible applications.
Table 7. Challenge: Improve Data Access Responsiveness for Workers in Low-Bandwidth Locations
Applicable Scenarios: O M
BranchCache™ in Windows Server 2008 R2 caches content from remote file and Web servers within the branch location, so that any additional users accessing the same content can do so more quickly.
How specific solution components address the challenge
When IT enables BranchCache, a copy of data accessed from an intranet site or a file server is cached locally within the branch office. BranchCache supports common protocols for Web content (HTTP and HTTPS) and file servers (SMB), enabling it to work with a wide variety of application types. BranchCache only retrieves data from headquarters when the user requests it. Because it is a passive cache, it decreases bandwidth utilization between headquarters and the branch. This allows the Office Worker and Mobile Worker who are in low-bandwidth locations to download files quickly.
Microsoft Windows Server 2008 R2 to support the low-bandwidth variation of Office Worker and Mobile Worker scenarios.
Table 8. Challenge: Provide Offline Access to Files and Data
Applicable Scenarios: M
Folder Redirection and Offline Files allow anytime access to files stored on a server.
How specific solution components address the challenge
Folder Redirection and Offline Files provide a convenient way for users to access files stored on a central server when not connected to the corporate network. Windows 7 improves Offline Files performance by reducing initial wait times and enables IT professionals to better manage these technologies. For example, they can use Group Policy to prevent specific types of files (such as music files) from being synchronized to the server. Administrators can also control when offline files are synchronized with the server, set up specific time intervals for synchronization, block-out other times for purposes of bandwidth management, and configure a maximum "stale" time after which files must be resynchronized.
Folder Redirection and Offline Files for the Mobile Worker scenario.
Table 9. Challenge: Deliver a Low-Cost Hardware Solution That Maintains High User Productivity Challenge: Maintain Privacy and Confidentiality
Applicable Scenarios: T C
Organizations can reduce hardware costs by adopting a PC cascade strategy in which old PCs from Office workers are given to Task and Contract Workers. This allows companies to extend the life of existing hardware while maintaining a familiar Windows environment for end users. For newer hardware that can support a modern operating system, organizations can use Windows 7 in conjunction with Remote Desktop Services to connect to centralized servers.
Assumption: Storing confidential information on a centrally managed server will promote privacy and confidentiality.
How specific solution components address the challenge
Windows Fundamentals for Legacy PCs is a lightweight operating system that is well suited for older hardware. This operating system supports the Remote Desktop Protocol, thereby enabling users to connect remotely to servers running Windows Server 2008 Remote Desktop Services (for the Task Worker), or virtual machines hosted on a Windows Server 2008 Hyper-V Server (for the Contract Worker). In this manner, this technology helps extend the life of older hardware.
Windows Fundamentals for Legacy PCs for both the Task Worker and Contract Worker scenarios.
The Remote Desktop Protocol (included with the Windows operating system) enables the Contract Worker to use their laptops and Access from Home workers to use their home computers to connect to virtual machines that are hosted within a secure and centrally managed corporate data center. Allowing users to connect to centralized desktops increases flexibility for end-users, but does not reduce overall IT infrastructure costs.
Windows Server 2008 Remote Desktop Services, RemoteApp, Hyper-V technology, System Center Virtual Machine Manager, Windows Virtual Enterprise Centralized Desktop for Contract Worker and Access from Home.
Table 10. Challenge: Ensure PC Integrity by Allowing Installation of Only Approved Applications and Devices
Applicable Scenarios: O M T
AppLocker™ is a flexible and easily administered mechanism that enables IT professionals to specify exactly what is allowed to run on user PCs.
How specific solution components address the challenge
AppLocker provides simple, powerful Group Policy Objects for specifying which applications can run, providing IT professionals with the flexibility to allow users to run the applications, installation programs, and scripts they need to be productive.
Windows 7 AppLocker
Having identified the relevant Windows Optimized Desktop scenarios for your organization and investigated the manner in which the solutions address the challenges of each scenario, your next step should be a formal evaluation of the solutions for the scenarios that apply to your organization.
A formal evaluation would include a pilot study using a prototype deployment and a detailed business study (such as TCO and ROI) involving domain experts such as architects and business planners.
There is a growing expectation that people will be able to work from anywhere and have access to their data at any time. While this increases productivity, it also introduces additional management and security burdens for an organization's IT department. Although it is important to deliver flexible configurations, provide offline access to data and applications, and enable people to customize their desktop environment, IT departments are also required to manage which applications users should have access to, ensure data is backed up, and provide an option to centrally execute applications that use sensitive data or require high data transfer bandwidth.
Traditionally, the desktop computing model has been one where the operating system, applications, and user data and settings are bonded to a single computer, making it difficult for users to move from one computer to another in case of upgrades or a lost or stolen mobile computer. Depending on the usage scenario and business needs, the right level of balance between user flexibility and centralized control is likely to be different across various organizations and even across user groups within each organization. The Windows Optimized Desktop Scenarios give organizations the ability to choose the client computing scenarios that best meet the unique needs of their businesses.
This assessment guide helps IT pros understand the capabilities of Windows Optimized Desktop technologies, determine which scenario(s) are right for their user communities, and review prerequisites and guidance in planning for desktop virtualization.
After reading this guide and running the Windows Optimized Desktop Scenario Selection Tool, the reader should:
The Windows Optimized Desktop uses the following Microsoft products and technologies to support desktop optimization.
Windows 7 Enterprise
The Windows Optimized Desktop relies on the following features of Windows 7 Enterprise.
For the Windows Optimized Desktop, Windows 7 Enterprise is an important part of the solution for the following scenarios:
For more information about Windows 7 Enterprise, see www.microsoft.com/windows/enterprise/products/windows-7-enterprise.aspx
Windows BitLocker Drive Encryption and BitLocker to Go
BitLocker and BitLocker To Go combine to provide data protection in Windows 7 Enterprise and Windows 7 Ultimate for client computers and in Windows Server 2008 R2. Specifically, these technologies:
For the Windows Optimized Desktop, BitLocker is an important part of the solution for the following scenarios:
For more information about BitLocker Drive Encryption, see http://technet.microsoft.com/en-us/windows/aa905065.aspx
For more information about BitLocker To Go, see: http://technet.microsoft.com/en-us/windows/dd408739.aspx
Microsoft Application Virtualization 4.5 (App-V) and System Center Configuration Manager R2
App-V and System Center Configuration Manager combine the benefits of application virtualization with those of change and configuration management. Specifically, they:
For the Windows Optimized Desktop, App-V and System Center Configuration Manager are an important part of the solution for the following scenarios:
For more information about App-V, see http://technet.microsoft.com/en-us/appvirtualization/cc721196.aspx.
For more information about System Center Configuration Manager, see www.microsoft.com/configmgr/default.mspx.
For more information about desktop virtualization, see www.microsoft.com/windows/enterprise/technologies/virtualization.aspx
Microsoft Enterprise Desktop Virtualization
Microsoft Enterprise Desktop Virtualization enhances deployment and management of virtual images while providing a seamless user experience in a Virtual PC environment independent of the local desktop configuration and operating system. Specifically, it:
For the Windows Optimized Desktop, Microsoft Enterprise Desktop Virtualization is an important part of the solution for the following scenarios:
For more information about Microsoft Enterprise Desktop Virtualization, see www.microsoft.com/windows/products/windows7 /enterprise/medv.mspx.
Virtual Desktop Infrastructure (VDI)
Virtual Desktop Infrastructure (VDI) is the technology that lets users access a full desktop environment remotely. With VDI, physical CPU, memory and disk capacity can be allocated to particular users, which prevents the actions of one user from affecting the experience of other users. Specifically, VDI:
For the Windows Optimized Desktop, VDI is an important part of the solution for the following scenarios:
For more information about VDI, see www.microsoft.com/virtualization/solution-product-vdi.mspx.
New for Windows Server 2008 R2: Terminal Services is now Remote Desktop Services
Remote Desktop Services (RDS) is the new name for Terminal Services, and reflects the expanded role this feature has in Windows Server 2008 R2. Remote Desktop Services (RDS), one of the core virtualization technologies available in Windows Server 2008 R2, makes it possible to run an application in one location but have it be controlled in another. With RDS presentation virtualization, you can install and manage applications on centralized servers in the datacenter; screen images are delivered to the users, and the user's client machine, in turn, sends keystrokes and mouse movements back to the server.
Remote Desktop Services is the feature of Windows Server 2008 R2 that provides technologies that enable access to a server running Windows-based programs or the full Windows desktop. Specifically, Remote Desktop Services:
For the Windows Optimized Desktop, Remote Desktop Services is an important part of the solution for the following scenarios:
For more information about Remote Desktop Services, see www.microsoft.com/windowsserver2008/en/us/ts-product-home.aspx.
RemoteApp is a service in the Remote Desktop Services server role of Windows Server 2008 R2 that enables organizations to provide access to standard Windows-based programs executing on the server from virtually any location to users with computers running Windows. Specifically, RemoteApp:
For the Windows Optimized Desktop, RemoteApp is an important part of the solution for the following scenarios:
For more information about RemoteApp, see technet.microsoft.com/en-us/library/cc731340.aspx. (Note: Terminal Services is now Remote Desktop Services. For more information about the name change, please visit the Windows Server blog at blogs.technet.com/windowsserver/archive/2008/10/30/TechEd-EMEA_3A00_-Terminal-Services-renamed-Remote-Desktop-Services.aspx.)
Windows Server 2008 Remote Desktop Gateway (RD Gateway)
RD Gateway is a service in the Remote Desktop Services server role of Windows Server 2008 R2 that allows authorized remote users to connect to Remote Desktop Protocol based (RDP) resources on an internal network, from any Internet-connected device. Specifically, RD Gateway:
For the Windows Optimized Desktop, RD Gateway is an important part of the solution for the following scenarios:
For more information about RD Gateway, see technet.microsoft.com/en-us/library/cc754010.aspx. (Note: Terminal Services is now Remote Desktop Services. For more information about the name change, please visit the Windows Server blog at blogs.technet.com/windowsserver/archive/2008/10/30/TechEd-EMEA_3A00_-Terminal-Services-renamed-Remote-Desktop-Services.aspx.)
Windows Fundamentals for Legacy PCs
Organizations can use Windows Fundamentals for Legacy PCs to extend the life of older hardware and improve security and manageability. Specifically, this product:
For the Windows Optimized Desktop, Windows Fundamentals for Legacy PCs is an important part of the solution for the following main scenarios:
For more information about Windows Fundamentals for Legacy PCs, see www.microsoft.com/licensing/sa/benefits/fundamentals.mspx
Windows Virtual Enterprise Centralized Desktop (VECD)VECD is a license that allows for hosting Windows 7 Enterprise client desktops on centrally hosted virtual environments.
For the Windows Optimized Desktop, the VECD license is an important part of the solution for the following main scenarios:
For more information about VECD, see www.microsoft.com/windows/enterprise/technologies/virtualization-licensing.aspx
Windows Server 2008 Hyper-V technology supports microkernel hypervisor architecture to host multiple guest environments running Windows 7 Enterprise. Specifically, Hyper-V technology:
For the Windows Optimized Desktop, Hyper-V technology is an important part of the solution for the following main scenarios:
For more information about Hyper-V technology, see www.microsoft.com/windowsserver2008/en/us/hyperv.aspx.
System Center Virtual Machine Manager
A member of the Microsoft System Center suite of management products, System Center Virtual Machine Manager 2007 (VMM) enables enterprise-wide management of virtual machines. System Center Operations Manager provides monitoring of virtual machines managed by VMM. Specifically, VMM:
For the Windows Optimized Desktop, VMM is an important part of the solution for the following main scenarios:
For more information about VMM, see www.microsoft.com/systemcenter/scvmm/default.mspx.
System Center Operations Manager
System Center Operations Manager provides an easy-to-use set of capabilities to monitor the health and performance of organization's infrastructure, services and applications across environments and operating systems. Operations Manager delivers a unified view of that infrastructure for physical and virtual platforms. System Center Operations Manager monitors virtual machines that are managed by System Center Virtual Machine Manager (VMM). VMM includes multi-vendor virtualization platform support, Performance and Resource Optimization (PRO) and enhanced support of "high availability" host clusters. PRO, in conjunction with System Center Operations Manager, uses administrator-set rules and policies to help dynamically react to poor performance or failure of virtualized hardware, operating systems or applications. For more information about Operations Manager, see www.microsoft.com/systemcenter/opsmgr/default.mspx.
Windows Optimized Desktop scenarios require a server application to serve as a Remote Desktop Services connection broker. Specifically, the connection broker:
For the Windows Optimized Desktop, a connection broker, whether native or third-party, is an important part of the solution for the following main scenarios:
Virtualization technologies are an emerging IT capability and are being successfully applied in organizations to address the challenges of more dynamic infrastructure demands, increasing management and security protections, and supporting a more dynamic work environment. This section describes the following virtualization technologies and how they are applied to Windows Optimized Desktop scenarios:
Traditionally, a user's desktop or mobile computer contains the authoritative copy of their data and settings. User state virtualization separates the user's data and settings from the physical desktop or mobile computer, and stores this configuration on a protected centralized server in the data center. The data can, of course, be synchronized so a local copy exists for offline use.
User state virtualization enables the following key benefits within the Windows Optimized Desktop scenarios:
User state virtualization is enabled by the following technology components:
Presentation virtualization separates application processing from the interface, making it possible to run an application on the server while it is controlled from a virtual session on the user's desktop. This centralized execution might run only a single application, or it might present the user with a complete desktop with multiple applications. In either case, several virtual sessions from one or many computers can use the same installation of an application.
Presentation virtualization enables the following key benefits within the Windows Optimized Desktop scenarios:
Presentation virtualization is enabled by the following technology components:
Application virtualization isolates applications from one another to reduce application-to-application compatibility issues. Using application virtualization allows applications to be installed and run without altering the file system or the system registry.
Application virtualization enables the following key benefits within the Windows Optimized Desktop scenarios:
Application virtualization is enabled by the following technology components:
App-V is a client/server product that is part of the Microsoft Desktop Optimization Pack for Software Assurance. App-V includes:
The App-V Remote Desktop Services client, which enables the virtualization on a Terminal Server, is sold separately outside of Microsoft Desktop Optimization Pack for Software Assurance.
Client-hosted desktop virtualization is a solution that enables multiple desktop operating system instances on a single computer. Those instances run in virtual machines that can be customized by the end user for personal use, development or testing, or be delivered and centrally managed by IT.
Desktop virtualization enables the following key benefits within the Windows Optimized Desktop scenarios:
Desktop virtualization is enabled by the following technology components:
Virtual Desktop Infrastructure (VDI) consolidates the desktop environment (data, applications, and settings) on a central server within the data center. Users can access this desktop environment remotely using the Remote Desktop Protocol. In this manner, VDI enables a centrally managed desktop experience. It supports local administration, increases data security, promotes compliance, and simplifies management of the corporate desktop. The VDI solution supports flexible user scenarios that require a more powerful desktop environment with the management and security benefits of a centrally managed desktop environment solution.
Virtual Desktop Infrastructure enables the following key benefits within the Windows Optimized Desktop scenarios:
Virtual Desktop Infrastructure is enabled by the following technology components: