+ Post New Thread
Results 1 to 5 of 5
Thin Client and Virtual Machines Thread, Thin/Zero clients: TS or Virtual machines ? in Technical; Hi, I am totally new to thin clients and I read the Forum guide. For our company, the main concern ...
  1. #1

    Join Date
    Dec 2009
    Posts
    6
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Thin/Zero clients: TS or Virtual machines ?

    Hi,

    I am totally new to thin clients and I read the Forum guide.

    For our company, the main concern is the security, so IMHO we should look for a disk-less, dvdrom-less, usb port-less zero client.

    If it exists, the next point is to decide the architecture; if I correctly understood how they work, there should be 2 ways to go:

    1) Set up a monster-server win 2008 hyper-v and deploy many win7 virtual machines on it; in this way I would like to use thin client to log on remotely to these VMs.

    2) Set up a monster-server win 2008 and add many terminal server licenses. I don't know however if win 2008 TS profile can be as flexible as win 7 on a dedicated Virtual machine.

    Whatever the choice: we will use those zero clients in a Active Directory environment and we have to be 100% sure that no data can be stolen from those clients.

    Having USB port is a security hole because if a user unplug the mouse and plug in a USB pendrive, I think it will be recognized from the OS as a disk and the user could stole data as he wants.

    Can you please help me clarifying the above points and advising me some solutions ?

    Thanks.

  2. #2

    Join Date
    Dec 2009
    Posts
    6
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    - no operating system (that's us) - address all the issues above positively - only downside is that you cannot load software on the device (maybe this is an assett!) - as there is no OS. (So you can't load drivers for devices we don't natively support.
    You are saying me that I can specify which peripherals I can attach to USB ports ? I mean I can say mouse: yes, keyboard: yes, pendrive Sony: no, pendrive hp: yes ... and so on ?

    This is Virtual Desktop infra-structure (VDI) the two main products are Citrix (XenDesktop) and VMware (Viewer). This is interesting, but very new - and largely untested. It is much more expensive and complex than the below - but does have advantages
    Why do I need Citrix or VMware ? If I have hyper-v and I deploy VMs on it, can't I access to them via RDP on zero clients ? What is the additional benefit of those products ?

    This is the tried and tested (server based computing) - has been around for years and is well established
    We are a develop company and we use Microsoft developing tools (visual studio, office ...). Is it supported to install supported ? My concern is if a TS profile can handle these kinds of application use.


    [quote]
    Having USB port is a security hole because if a user unplug the mouse and plug in a USB pendrive, I think it will be recognized from the OS as a disk and the user could stole data as he wants.

    Not if you have no O/S. If mem sticks are enabled on our product they are seem as a networked drive for that user. If disabled they are not recognised at all. As there is no "local" desktop you would not be able even open the mem stick locally - even if you swapped it for the mouse... (This is also enabled/disable on the terminal server - which would be protected as well...
    [QUOTE]

    How is possible to selectively disable "that" peripheral and not other peripheral ?

    What industry are you working in....
    Microsoft applications/services developing.

  3. #3

    Join Date
    Dec 2009
    Location
    Reading
    Posts
    18
    Thank Post
    0
    Thanked 5 Times in 3 Posts
    Rep Power
    10
    Whether to go for a 'shared app' (terminal server/Citrix XenApp) approach or a virtual desktop (Citrix XenDesktop, VMware View & others) approach is really down to the application set and degree of user control you want.

    I'll address the USB question on the client. As I'm from Wyse its what we specialise in.

    With either approach above you can stop the USB ports being used for data sticks etc. This is either a function of the thin client operating system, or additional software can be added to enable exactly the functionality you want.

    Different vendors do this in different ways. The following is how we do it: Wyse Thin OS is a very thin <10Mb operating system where the functionality can be completely controlled by a configuration file on an ftp server. Unless you enable USB support, devices just won't be recognised. If you want selective USB support with virtual desktops (not XenApp/WTS today) Wyse TCX enables very granular USB support - by vendor and by device type - so you could enable a specific scanner or visualizer but not a USB data stick.

    Hope this helps,
    David

  4. #4

    Join Date
    Dec 2009
    Posts
    6
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Quote Originally Posted by DavidAngwin View Post
    Different vendors do this in different ways. The following is how we do it: Wyse Thin OS is a very thin <10Mb operating system where the functionality can be completely controlled by a configuration file on an ftp server. Unless you enable USB support, devices just won't be recognised. If you want selective USB support with virtual desktops (not XenApp/WTS today) Wyse TCX enables very granular USB support - by vendor and by device type - so you could enable a specific scanner or visualizer but not a USB data stick.

    Hope this helps,
    David
    Isn't possible to hack the clients ? Also .. are the configurations protected by an admin password ? Only a password ?
    Is it possible to open them and somehow "reset" the password for enable/disable USB storage ?

    Thanks.

  5. #5

    Join Date
    Dec 2009
    Location
    Reading
    Posts
    18
    Thank Post
    0
    Thanked 5 Times in 3 Posts
    Rep Power
    10
    Quote Originally Posted by joker197cinque View Post
    Isn't possible to hack the clients ? Also .. are the configurations protected by an admin password ? Only a password ?
    Is it possible to open them and somehow "reset" the password for enable/disable USB storage ?

    Thanks.
    Wyse Thin OS will always try to get its configuration from the network first. If this configuration is set to lock down the device, then the user has no ability to reconfigure it. Even if they took it off the network, reconfigured it, then re-attached it, the network config would overwrite and changes that had been made.

    Our SUSE Linux devices work the same way. With a Windows XPe device there is a password protected administrator account which if cracked would allow access to the device. But, you can still secure the virtualised desktop environment.

    David

SHARE:
+ Post New Thread

Similar Threads

  1. A SAN for Virtual Machines
    By Lee_K_81 in forum How do you do....it?
    Replies: 16
    Last Post: 8th October 2009, 12:57 AM
  2. Imaging and Virtual Machines
    By Reaper in forum Windows Server 2000/2003
    Replies: 11
    Last Post: 15th July 2009, 08:26 AM
  3. Backing Up Virtual Machines
    By FN-GM in forum Thin Client and Virtual Machines
    Replies: 10
    Last Post: 21st April 2009, 08:21 PM
  4. Thin Client \ Virtual Desktop \ Virtual Apps
    By gshaw in forum Thin Client and Virtual Machines
    Replies: 3
    Last Post: 17th December 2008, 06:04 PM
  5. Virtual Machines
    By FN-GM in forum *nix
    Replies: 4
    Last Post: 4th October 2007, 06:55 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •