Solved

Virtualize IE (Thin App) VS RemoteAPP IE  -we need some advise-

Posted on 2011-03-05
11
1,277 Views
Last Modified: 2012-05-11
Hi,

We are a media company and we have a group of users that because their role they have to research for news, events, etc on the internet. We had situations where their computers have been infected and this is becoming an issue because we can't keep reimaging their workstation or running the AV, troubleshooting etc.

We are evaluationg different ways to have them use VMs in order to browse the internet and use non-persitent disk so that the VM will not keep the changes. - For the time being this is what we are doing.

We are also looking into Thin App so that IE can be virtualized and executed over their workstation I think that virtualizing the app will still bring the treaths to their computers if they go to a compromised site.

The other way could be something like TS RemoteAPP but I think we are going to be in the same scenario that Think App IE.

We were wondering if someone has any suggestions about any other way to approach this problem. I am not sure if there are any way to acomplish what I want (secure IE browsing) using either ThinkAPP IR or RemoteAPP IE. Going torward the virtualizaton of IE for this particular matter will be easier for the users but I don't know if it be secure enough.

Thank you.
 
 
0
Comment
Question by:llarava
  • 3
  • 2
  • 2
  • +4
11 Comments
 
LVL 88

Expert Comment

by:rindi
ID: 35044202
1. You could use Linux LiveCD's
2. You could use a Linux Kiosk installation
3. On m$ OS's don't use IE, but rather firefox, it doesn't support ActiveX controls which makes it safer than IE. There is also a portable version of FF...

For Linux Distro's and LiveCD's check out Distrowatch:

http://distrowatch.com

and for FF Portable, PortableApps:

http://portableapps.cpm
0
 
LVL 88

Expert Comment

by:rindi
ID: 35044210
Sorry, typo in the 2nd link above...

http://portableapps.com
0
 

Author Comment

by:llarava
ID: 35044223
This is not a kiosk. This is for one of the company Department (50 users / 50 workstations) and they have to be able to use whatever we implement while working with the other business apps that they have installed on their workstations.
 

0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 35044322
You could install a virtual PC environment on each PC with the browser in it. Snapshot it and then everytime it is shutdown it reverts to the snapshot. No danger of inections lasting longer than 1 session IF they do get anything.
0
 
LVL 88

Expert Comment

by:rindi
ID: 35044342
Then go for FF as I mentioned above. Set proxy settings for a non-existent proxy server in the internet connections of IE so it can't be used for web-browsing. As I mentioned, FF is more secure than IE, and you could look for further Add-ins for it so it is even more secure. and use a portable version.
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 118
ID: 35044585
Have you considered using VMware Workstation with VMware ACE

http://www.vmware.com/products/ace/
0
 

Author Comment

by:llarava
ID: 35044631
Yes I have considered workstation or virtual PC but we have decided to go with a different type of solution.

For the time being we are using View 4.6 and our users connect via RDP to to non-persistent set of VMs in order to use IE to get to the high risk sites.  For security reasons we have also used vShield in order to isolate these set of VMs from the network.

I want to know if I could virtualize IE via Thin App or TS RemoteApp so that they don't have to connect through RDP to a different VM. We just want to make this as seamless as possible for them but at the same time keep it secure.  
0
 
LVL 42

Accepted Solution

by:
kevinhsieh earned 500 total points
ID: 35046959
I don't think that you can go the RD RemoteApp route in the classic implementation because that requires that IE be published from a Remote Desktop Session Host server (classic terminal server) and you have just pushed the infection to a single server or server farm. Maybe you can combine RemoteApp with non-persistent RD Session Hosts to achieve both the statelessness of the IE environment and the seamless experience of RemoteApp.

I have never tried ThinApp, so I don't know how that works, but I don't think that it is stateless so it wouldn't solve your problem.
0
 
LVL 13

Expert Comment

by:upalakshitha
ID: 35049592
this is only an idea.we normally use kaspersky & we use it's safe run feature for risky situations
http://support.kaspersky.com/kis2011/start?qid=208281832
http://support.kaspersky.com/kis2011/start?qid=208281831
0
 
LVL 4

Expert Comment

by:krzywis
ID: 35082956
Whereas I understand your reasons for virtualizing IE, and I completely agree with them, Microsoft might not share your enthusiasm.
It just as a side note as the guys above provided enough information to get you started, but I'd look into MS licensing with respect to virtualizing IE... Virtualizing IE is basically unsupported, and against MS licensing
here
http://searchvirtualdesktop.techtarget.com/news/1523934/Microsoft-shuts-down-IT-pro-requests-to-allow-IE-virtualization
here
http://blogs.gartner.com/neil_macdonald/2010/09/22/virtualizing-ie6-using-application-virtualization-violates-microsofts-eula/
here
http://searchvirtualdesktop.techtarget.com/news/2240030587/To-hell-with-Microsofts-rule-against-IE-virtualization
and here
http://support.microsoft.com/kb/2020599

Not that I that I want to discourage you, but I think you should have all the information before you go down this route.
0
 
LVL 118
ID: 35234998
Trial ThinApp.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

HOW TO: Connect to the VMware vSphere Hypervisor 6.5 (ESXi 6.5) using the vSphere (HTML5 Web) Host Client 6.5, and perform a simple configuration task of adding a new VMFS 6 datastore.
Is your company's data protection keeping pace with virtualization? Here are 7 dynamic ways to adapt to rapid breakthroughs in technology.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
In this video tutorial I show you the main steps to install and configure  a VMware ESXi6.0 server. The video has my comments as text on the screen and you can pause anytime when needed. Hope this will be helpful. Verify that your hardware and BIO…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now