Article ID: 1292, created on Oct 6, 2008, last review on Apr 25, 2014

  • Applies to:
  • Virtuozzo containers for Windows 4.0
  • Virtuozzo for Windows 3.5.1 SP1
  • Virtuozzo for Windows 3.5.1


Using Microsoft Terminal Server or Citrix Server has become widespread in most enterprise environments. In this environment, the applications are installed on the server, and end users connect their desktops to the appropriate server session. Through this connection, the end user is able to work with the server’s application from any computer where Microsoft Terminal client or Citrix client is installed. It goes without saying that most administrative rights, like application installations or updates, are reserved for a handful of administrators in charge of the servers. This is only natural bearing in mind the security risks involved.

For example, a new Outlook plug-in thoughtlessly installed by a non-administrator might begin to consume all the server resources, or it might create an opportunity for a virus, etc. To prevent similar cases from endangering the whole server, ordinary users are not allowed to tamper with server applications. However, this situation does not suit all users—for some of them, it would be much more convenient to possess more privileges at their workplaces. The delegation of the corresponding rights to an end user would be possible if the accompanying risks are eliminated, which cannot be achieved with a traditional implementation.

In the Virtuozzo™ VE, you can allow almost unlimited operations to its end user because each VE is isolated from the others, and installation into one VE does not influence any other one. If an imprudent action on an end user’s part has ruined his/her VE, this means nothing to the other VEs. Moreover, the broken VE may easily be reverted to its previous functional state by means of the Virtuozzo™ Control Center, which is able to connect to the VE and restore it even if it is down. This option allows you to optimally tailor administration and support operations to customers’ requirements and to significantly decrease TCO.

Virtuozzo™ advantages are tangible both in existing Citrix infrastructures on top of which Virtuozzo™ is installed and on non-Citrix systems.

Typically only 5% to 10% of a user base needs the ability to install the applications and manage their remote desktops. Let’s consider a mid-sized company running 50 load-balanced Citrix servers providing remote desktop to 1,000 users. From 50 to 100 users will need to manage their desktops on their own. This means that all servers should provide unmanaged desktop capabilities.

Using Virtuozzo™ in this scenario provides another advantage. Since every unmanaged desktop is a VE, the system administrator can adjust the desktop resources and migrate it to a more powerful hardware as user needs grow. In other words, IT departments can transparently upgrade user desktops without accidentally losing or destroying user data.


Two financial analysts need to install several financial securities applications and conduct a series of tests to evaluate which applications are best suited for them. In the old infrastructure with the Citrix terminal server, the applications were installed and maintained on the monolithic remote terminal server. The users saw only a window on their local client desktop and were unable to manage applications or perform the necessary installations by themselves. Now Outlook is running in the remote VE where the administrator of the datacenter can delegate some permissions to a local user of the client computer. For example, he/she can allow the installation of the software for only this VE. The user orders the installation of the new plug-in template by using his/her own VZMC. This template has been created for this user only, and has been provisioned to his/her specifications.

Benefits of using Virtuozzo™ in this scenario include:

  • Improved flexibility
  • Improved isolation of users from each other due to fine-grained resource control
  • More secured environment due to ability to fully separate file system access
  • Lower management costs due to less involvement of IT staff in routine operations

a06f7889a0f0293c5c75e7ee47fa3d96 1348db476c8a5844ffbef8d503db9c15 28d0f7cc091e3b9304fa556c03f9a940 965b49118115a610e93635d21c5694a8 d02f9caf3e11b191a38179103495106f 2897d76d56d2010f4e3a28f864d69223

Email subscription for changes to this article
Save as PDF