ResolutionUsing Microsoft Terminal Server or Citrix Server has become widespread in most enterprise environments. In this environment, the applications are installed on the server, and end users connect their desktops to the appropriate server session. Through this connection, the end user is able to work with the server’s application from any computer where Microsoft Terminal client or Citrix client is installed. It goes without saying that most administrative rights, like application installations or updates, are reserved for a handful of administrators in charge of the servers. This is only natural bearing in mind the security risks involved.
For example, a new Outlook plug-in thoughtlessly installed by a non-administrator might begin to consume all the server resources, or it might create an opportunity for a virus, etc. To prevent similar cases from endangering the whole server, ordinary users are not allowed to tamper with server applications. However, this situation does not suit all users—for some of them, it would be much more convenient to possess more privileges at their workplaces. The delegation of the corresponding rights to an end user would be possible if the accompanying risks are eliminated, which cannot be achieved with a traditional implementation.
In the Virtuozzo™ VE, you can allow almost unlimited operations to its end user because each VE is isolated from the others, and installation into one VE does not influence any other one. If an imprudent action on an end user’s part has ruined his/her VE, this means nothing to the other VEs. Moreover, the broken VE may easily be reverted to its previous functional state by means of the Virtuozzo™ Control Center, which is able to connect to the VE and restore it even if it is down. This option allows you to optimally tailor administration and support operations to customers’ requirements and to significantly decrease TCO.
Virtuozzo™ advantages are tangible both in existing Citrix infrastructures on top of which Virtuozzo™ is installed and on non-Citrix systems.
Typically only 5% to 10% of a user base needs the ability to install the applications and manage their remote desktops. Let’s consider a mid-sized company running 50 load-balanced Citrix servers providing remote desktop to 1,000 users. From 50 to 100 users will need to manage their desktops on their own. This means that all servers should provide unmanaged desktop capabilities.
Using Virtuozzo™ in this scenario provides another advantage. Since every unmanaged desktop is a VE, the system administrator can adjust the desktop resources and migrate it to a more powerful hardware as user needs grow. In other words, IT departments can transparently upgrade user desktops without accidentally losing or destroying user data.
ScenarioTwo financial analysts need to install several financial securities applications and conduct a series of tests to evaluate which applications are best suited for them. In the old infrastructure with the Citrix terminal server, the applications were installed and maintained on the monolithic remote terminal server. The users saw only a window on their local client desktop and were unable to manage applications or perform the necessary installations by themselves. Now Outlook is running in the remote VE where the administrator of the datacenter can delegate some permissions to a local user of the client computer. For example, he/she can allow the installation of the software for only this VE. The user orders the installation of the new plug-in template by using his/her own VZMC. This template has been created for this user only, and has been provisioned to his/her specifications.
Benefits of using Virtuozzo™ in this scenario include:
- Improved flexibility
- Improved isolation of users from each other due to fine-grained resource control
- More secured environment due to ability to fully separate file system access
- Lower management costs due to less involvement of IT staff in routine operations