Problem solve Get help with specific problems with your technologies, process and projects.

Leveraging Windows Server 2008 and the BYOD initiative

"Bring Your Own Device" programs can be a logistical nightmare, but Windows Server offers an ideal platform for managing such environments and maintaining a happier workforce.

Many organizations have begun their own "Bring Your Own Device" initiatives, seeing the clear benefits in relinquishing control of the endpoint device to the end user while managing applications and workloads centrally in the data center. In such situations, IT administrators no longer have to concern themselves with desktop or laptop management and are able to focus more on server-centric activities.

Still, many engineers are beginning to see a logistical workload nightmare in managing these virtual desktops, applications and sessions. The question quickly becomes: How can we manage all of these users, their environment and virtual sessions within our existing Windows Server environment?

Using Windows and Citrix to your advantage

With virtualization taking off at a rapid pace, IT managers must keep up by providing technologies that will keep the end user productive and happy. When end users are able to bring their own devices into work, they have the ease of use of operating a familiar device. More importantly, because the information and workload is saved centrally within a data center, lost devices become less of a concern. There are several ways to manage users in this type of environment. Since corporate data centers are unique, it will take a certain amount of planning to ensure that your Windows Server 2008 environment is prepared for a BYOD campaign.

Administrators are able to build an entire virtual stack using Windows Server 2008 R2 and Citrix tools to develop a virtual application and desktop infrastructure. By combining these two technologies, engineers create a robust environment capable of rapid growth and diversified end user workload delivery.

When using both of these solutions, there are good practices to go by. Some important management steps within Windows Server2008 R2 and Citrix include:

  • GPO. Using Group Policies within a BYOD environment is a must. We are able to set certain logon parameters and ensure that the end user has the appropriate client. We can set client rules both within Citrix and GPO. We can ensure that any domain-based system, upon logon, must have the latest client loaded to access any virtual workloads. Installations are seamless and automatic, ensuring the end users have the right software installed. We are also able to set checkpoints to make sure certain AV clients are at the correct version or that the user has met certain logon criteria. Using Windows GPO, administrators are able to make sure that all endpoint devices conform to a certain application verification level before they are given access to data.
  • AD/Group Management. Using Active Directory and its integrated Security Groups is a design must when working with BYOD. Administrators are able to set up concise groups which are then segregated based on right and what they need to access. Windows Server’s AD engine makes it easy to create AD Security Groups for management. Virtual desktop groups and application groups should be kept separate and can easily be managed within both Citrix and Windows. For example, the Marketing Desktop Group will have its own desktop image. From there, they will be granted access to the Marketing Application Group and the Business Applications Group. By having that granular separation, we ensure that users see only what they need to.
  • Profile Management. Often the responsibility for managing a user's profile falls to the server management group. Checking profile size, location, protecting against corruption and other tasks can take up time and effort. Windows profile management does a good job of allowing users to roam with their profiles from desktop to desktop, however, this can become more complicated in a virtual environment – especially when BYOD is involved. When users access applications where personalization changes can be made, Window’s “last write wins” may become an issue. Profiles stored on multiple servers can’t be managed as well and some setting becomes lost. Tools like AppSense that are able to quickly and easily integrate into Windows Server environments improve user profile management. If an application needs to be locked down by removing certain menu items, AppSense is able to do that. End users' experiences will improve through profile control,  as they will retain non-corrupt, personalized desktops through various virtual and physical sessions.
  • Operating System and Patch Management. Even with virtual environments, administrators must still manage operating systems. OS control in a physical environment can be tricky but is easily accomplished with a central management tool. All Windows Servers on the managed domain are visible to the admin in the data center. So, all OS patching, updating and configuration can still be done centrally. With a virtual environment, we are no longer storing operating systems at various endpoints. With VDI, provisioning servers and virtual workloads, OSes and applications are centrally stored at a data center and can be managed with master images. When a master image is created, that single instance can be managed and modified. When completed, a reboot cycle is set for all other VMs pointing to the master image. Once the reboot is complete, the now live VMs see all of the changes made to the master and apply them appropriately. There is a certain ease of use with master images since administrators are able to roll back quickly should there be a problem. For proper load-balancing, there may be several Windows Servers available for user density. These servers can now reference a single golden image for all of their application and Windows-related updates.

Windows Server is an ideal platform for developing a BYOD initiative. With proper planning, security considerations and solid internal configurations, administrators are able to empower the end user by allowing them to use their own devices. There are clear benefits to going with a BYOD route. Administrators will no longer have to worry about endpoint devices and can now manage everything from one central location. On the other hand, it is very important to keep security considerations in mind. Since we are deploying entire workloads and applications to endpoints not necessarily managed by the company, engineers must ensure that the correct settings are used. By using secondary technologies to deliver full desktop and application experiences, engineers can work to create a more robust user environment while still managing the entire data center centrally.

Bill Kleyman
, MBA, MISM, is an avid technologist with experience in network infrastructure management. His engineering work includes large virtualization deployments as well as business network design and implementation. Currently, he is a Virtualization Solutions Architect at MTM Technologies.

Dig Deeper on Legacy operating systems

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.