In this post, I am going to describe one way to build a desktop environment which provides a lot of flexibility to users but still lets IT maintain control.
Consider an alternative approach to VDI: instead of running the VM image on a centralized server, the VM is running locally on the end-user's machine. The mantra is: "Manage centrally, execute remotely." This new model provides a great platform for IT organizations to customize solutions to fit their needs.
First, let's look at application virtualization and how that might fit in. Some of you maybe familiar with it - the big names in this space are: Microsoft AppV (formerly SoftGrid), VMware ThinApp (formerly Thinstall), and Citrix XenApp. In this model, an application is packaged up in a bundle and the user runs the application from this bundle in a sandbox environment on their unmanaged desktop. This is a great solution for delivering single applications to users because the application does not need to be installed manually on the local machine and it is delivered on-demand to the user. IT does not get involved in managing the OS and data on the machine.
However, not managing the OS or the rest of the desktop makes the computing environment vulnerable. In most cases, it's imperative to properly manage the environment to make sure the computer doesn't crash due to a missing security patch or that business data is not left unsecured. This is one of the reasons the desktop virtualization approach "manage centrally, execute locally" really shines - by easily securing the environment around a virtualized application:
Let's use the below image to explore the MokaFive layer approach to managing a virtual desktop, from bottom to top:
- On the lowest layer, there is the host PC or Mac operating system. The Mokafive Player, to download and run the virtual "LivePC" desktop, can be run on either platform, so you don't need to worry about cross-platform support in your solution. We take care of that.
- The layers above the host platform is the MokaFive Player and the Hypervisor. This allows you to manage the next layers above and control various security settings. IT can control what the user can or cannot do in the virtual desktop by setting policies on the central, Web-based management console.
- Then there is the base OS that runs inside the virtual machine (Windows XP or Vista).
- You can also install any corporate applications, i.e. Outlook, Word, a CRM or ERP application, etc. Together with the base OS, this can be your standard base virtual desktop image for your company or one base image for a specific department. By default, the base image is locked down by the MokaFive Player so it can't be tampered with.
- The top layer is where the magic happens. You can deploy additional applications to your users, based on their needs, using application virtualization technology. You can have users run applications from the server or you can have the applications streamed down to the virtual desktop, depending on performance needs. If you have an existing virtualized application installation, the MokaFive solution fits right now.
- Also on the top layer is the user installed applications. Using the personalization feature that is built into the MokaFive 2.0 technology, you can allow users to install their own applications on top of your standard managed image. You give your users flexibility to do whatever they want on the top layer while you maintain control on the lower layers.
