Windows User State Virtualization - Part 2: Scenario

In Part 2 of this series, we will explore different business scenarios for implementing Windows User State Virtualization technologies (USV.

Network Administration - In part two of this series, we will explore different business scenarios for implementing Windows User State Virtualization (USV) technologies and USV can benefit IT and users like.

>>Windows User State Virtualization - Part 1

Before starting to plan a USV strategy for the organization, you need to ask yourself some questions. The first and most important question is: Does your business need a real USV solution? Discovering ways USV can benefit your organization is a necessary step before going further. The last question is why do you need to add a technology or solution if your business doesn't need it?

A good way to identify the benefits that USV can bring to your business is to consider the different scenarios that USV can support. Once you've identified USV scenarios that match your business needs, you can implement the solution. Let us introduce some of the following scenarios shortly. We will focus here on 5 main scenarios, scenarios where USV can bring many benefits:

  1. Backup centralized user data
  2. The replacement computer
  3. Migration workstation
  4. Roaming
  5. Hot desking

Backup centralized user data

Is the data your users create and work important to your business? If the answer is yes, USV can bring many benefits to your organization. Business users often work with different data types, including Word documents, Excel spreadsheet pages, PowerPoint presentations, PDF files, image files, video files, etc. These data files are often saved in user profile folders such as My Documents, My Pictures, etc. Sometimes users even save these files directly on their desktop so they can open them quickly when needed. If a user saves all their work files on his local computer and accidentally the computer's hard drive fails, then all their work will be lost unless it is backed up. The problem is that, most businesses do not perform file backups stored on client computers. There are several reasons to justify this:

  1. Subscription costs for software that can back up hundreds or thousands of clients can be quite expensive.
  2. Backing up hundreds or thousands of clients across the network can only be done once a day at a time that is not working because the amount of data to be backed up is very large. It can even saturate the network and create clogging of the collar as well as prevent other network services from working.
  3. If you force users to save files to the network but they fail to do so, users may be reprimanded. Your business may fail and go to bankruptcy if important business data is lost.

However, if you use Folder Redirection (FR) to redirect the user's My Documents and Desktop folders to a specific file server on the network, then you only need to back up each server without having to do it. backup every client. And since your servers are located in the data center (in the server room) and connected to a high-speed backbone network, you can backup them several times a day if necessary without encountering problems. as mentioned above. This is a much more reliable solution for securing enterprise data than educating users to always save files to a mapped drive or shared hard drives on the network.

If photos, music and video files are also work files, you can also redirect My Pictures, My Music and My Videos folders using FR. In other words, if your users are inclined to save personal music files on their computers (maybe they are violating company policies), you can avoid redirecting the My Music folder to save. Storage space on file servers. When someone's computer crashes, only their music files are lost.

Obviously, regardless of what you say, some users can arbitrarily save important files outside of their user profile, giving the example right in the root of drive C :, this means Such files will not be backed up. However, most files can be backed up when executing FR along with centralized backup of file servers, but for some stubborn users, you need to deal with company personnel policies.

In short, here are some recommendations if focusing on backing up user data is important for your business:

  1. Always execute FR for My Documents and My Desktop folders even if your users never roam between computers together. In other words, even if each user is assigned to a private computer and they only use this computer to work, you should still execute FR because it will allow you to centralize user data on machines. file owner instead of each user's computer. Then perform a regular backup of the file server where the directories are redirected.
  2. It is also necessary to enable Offline Files (OF) so that the user can still work on their documents if the file server or network fails. OF will maintain the local cache of files in redirected folders on each user's computer so that they can do their jobs if the computers cannot access the data stored on the servers. Note that OF is enabled by default in Windows Vista and later operating systems, so you don't have to do anything to increase the benefit of OF when actually FR.
  3. Do not redirect folders to My Pictures, My Music or My Videos unless users have specific needs to work with photos, music and videos.

This type of script also works well with mobile users, who use laptops to work with business data while not connecting to the corporate network. Then when they reconnect using the VPN connection, the changes they make to the files in the redirected folders will be synchronized to the company file server with OF. So if your organization has users who regularly travel and use their laptops out of the corporate network, it is recommended to implement the FR and OF above also with the same value. Finally, this scenario is also useful for users who regularly work on a variety of computers, for example a certain user has both a workstation and a laptop, which will allow them to have You can access your data files from any computer when they need them (and to use the Sync Center to resolve conflicts issues that may occur, users of this type should edit the same document Data from both computers).


The replacement computer

If the hard drive on a user's computer fails, all data and user settings saved on that computer will be lost. However, if there is a recent system image backup for this user's computer, then we can replace the failed hard drive and restore the computer to its state before it crashes. However, most businesses do not implement image backups for workstation systems because the amount of hard disk space of all machines is very large, requiring saving up to hundreds or thousands of GB of backup data. . Instead, most businesses focus on ensuring that data is stored on important servers that are backed up regularly. If you execute FR to focus on backing up user data as described above, user data will not be lost when their computer fails.

However, user settings can also be an equally important part, especially if users have customized their applications to help them work more efficiently. So if these users' computers are faulty and you bring them a brand new computer with all the preinstalled applications, this user needs to do a lot of their work, they It may still take hours or more for customizing the applications on your computer, downloading templates, making some personal customization for the operating system such as definition resetting libraries, configuring taskbar properties, etc. And some items such as dictionaries created over time can be very laborious if you have to rebuild from the rubble. The time spent on sorting out such things not only causes frustration for users but also loses productivity for your business.

Fortunately, however, by executing Roaming User Profiles (RUP) together with FR and OF, you can save the user's entire state - both data and user settings - on his file servers. The main purpose of this implementation is to provide users with alternative computers, the working mechanism is as follows:

  1. Hard drive on user's computer error.
  2. User calls for help
  3. Technicians come with a pre-installed Windows operating system and necessary business applications.
  4. The technician removes the faulty computer and connects the replacement computer.
  5. Users start new computers, log in, download their roaming profiles and instantly access all data and user settings including personal preferences, templates, toolbar, dictionary, .
  6. Users will immediately return to work.

There are a few things to note about this scenario:

  1. Users choose to save files outside of their user profile that will lose files forever if their hard drive crashes. As mentioned above, user education is the answer here.
  2. Applications that store user settings that are misplaced (outside the HKCU registry or outside the AppDataRoaming profile folder) will lose such settings forever if the hard drive fails. We will cover this in the next part of the series.

If you have to focus all user settings and data to allow replacement computers, you can use Remote Desktop Services (or Terminal Services) to do that. You can also provide users with session-based desktops with RD Session Host (or terminal server) servers or individual virtual desktops running on the RD Virtualization Host server (workstation's virtualization infrastructure solution). Microsoft). Either way, users will have a complete replacement desktop, which they can access from any computer on the network. However this method may not be suitable for small organizations. In other words, the implementation of RUP can bring many complex issues that you will see in some later parts of this series, so many businesses can be satisfied with computers that are only capable. Sell ​​instead, where FR is used to centralize user data but user settings are not centralized.

Migration workstation

When a certain version of Windows appears for a while, that's when we start our migration process. If your desktop computers are still running Windows XP, this is the time to consider migrating to Windows 7 because Windows XP is close to the end of support. The thing to understand here is that implementing a USV solution can simplify the process of desktop migration. This is because in most cases, user migration from Windows XP to Windows 7 involves using User State Migration Tool (USMT), a user account and operating system migration tool. and application settings from the old system to the new system. Small businesses can use Windows Easy Transfer instead, but most mid-range businesses prefer to use USMT because it is a more powerful utility, able to customize and create scripts.

By executing FR to redirect My Documents and other profile folders where users save their data, you can speed up the migration of the workstation because there is no need to migrate data properly. setting up users. This method also reduces the risk of data loss occurring when doing a wrong step in the migration process, since all enterprise data is now stored on a centralized file server, no Right on user computers. This workstation migration scenario is one reason why you should execute FR in your environment if you don't already have one.


Roaming

Some organizations set up shared computers in semi-public places like receptionists so that employees can use this computer when they need to do something. You can use roaming scripts here because users often work with their assigned computers and only occasionally roam with shared computers.

In this case, it is best to do the following:

  1. Use FR to redirect My Documents, Desktop and other folders, where users save business data. In this way, users will be able to access their data from both the assigned computer and a shared public computer.
  2. Disable OF on public shared computers so that the computers of these computers cannot synchronize user data (it is not safe to store sensitive business data on computers Such a semi-public place). This is one of the cases where you need to disable OF in your environment, and you can do so on a per-computer basis using Group Policy.

If you also use RUP in your environment, you can use Group Policy to delete cached copies of roaming profiles on shared computers when users log out of these computers. In this way, the hard drives of shared computers will not have user profiles. However most organizations do not use RUP and it is not really necessary to support the roaming type that is sometimes described in the above scenario.

Hot Desking

Call centers, help desks or similar environments often have to implement hot desking systems, where employees do not have computers assigned specifically to work. Instead, employees must share a number of shared computers and use whatever machines are available to perform their work. Remote Desktop Service (desktop sessions or virtualized desktops) is the best solution for such environments, but smaller organizations can use customized USV strategies according to their needs. Such environment:

  1. Use FR to redirect My Documents, Desktop and other folders, where users save business data.
  2. Disable OF to the computer's hard drive will not be filled with copies of user data.
  3. Allow indexing on file servers so that users can search for files and file contents within redirected folders. By default, when OF is enabled, it allows you to search files and file contents within redirected folders by executing a local query for OF cache on the user's computer. However, in hot desktop environments, you won't want to enable OF for the same reasons as the above mentioned Roaming scenario. So you want to disable OF on computers used for hot desking, but you also want users to take advantage of the powerful search features of Windows 7. The solution is to secure the device. The file owner is running Windows Server 2008 and activating the Windows Search (WSearch) service on these servers by adding the File Services role to the Windows Search role service. Then make sure the shared folder is used for FR included in the indexing range on the remote computer. Doing so will allow remote search by queries broadcast by the user's computers that will be performed on the indexes on the file server.

What is RUP? You can use RUP if users need access to their personal Windows workstation when they log on to a shared computer, but it should be noted that the RUP scenario is quite complicated. This is because the call center, the help desk usually only uses a small number of standard applications, and it would be better if you use Group Policy to lock the temporary environment for these employees instead of giving let them roam desktops that they can personalize.

Conclude

The following table summarizes the recommended USV strategies for the five scenarios described in detail above:

Script

Directory redirection

Offline File

Roaming User Profiles

Backup centralized user data

For the My Documents and Desktop folders
It is possible for My Pictures folder and other folders
Not used for AppDataRoaming directory

YES

NO

Computer replacement

Use for My Documents and Desktop folders
It is possible for My Pictures folder and other folders
Maybe for the AppDataRoaming folder

YES

YES

Migration workstation

Give My Documents and Desktop
It is possible for My Pictures folder and other folders
Not for the AppDataRoaming folder

YES

NO

Roaming

For the My Documents and Desktop folders
It is possible for My Pictures and other folders
Not for the AppDataRoaming folder

NO - disable OF on shared computers

NO

Hot Desking

Yes for the My Documents and Desktop folders
It is possible for My Pictures folder and other folders
Not for AppDataRoaming

NO - disable OF on shared computers but allow indexing on the file server to be able to perform remote searches.

NO - Use Group Policy instead of locking the client environment to the user.

As suggested in the table above, a redirected directory needs to be further explored as AppDataRoaming in Windows Vista and Windows 7. Therefore in the later part of this series, we will go together to find out at Why does this folder redirect require special considerations when planning a USV strategy for the business?

Update 26 May 2019
Category

System

Mac OS X

Hardware

Game

Tech info

Technology

Science

Life

Application

Electric

Program

Mobile