Go Premium for a chance to win a PS4. Enter to Win


Is Windows XP (without support) OK as a dumb workstation in a VDI environment?

Posted on 2014-01-18
Medium Priority
Last Modified: 2014-01-23
I previously closed my related question, "What's the best Desktop Virtualization model?" with good answers from Andrew Hancock and Rindi.

Let's say it's a given that users need to use  local printers, USB printers, USB devices (iphones, cameras), handheld scanners, scanners, and USB flash drives for documents ... What does that imply about the choice of OS for the workstation?  Does this make it a whole lot easier to recommend Microsoft workstations?

The point is that we already have XP licenses for our existing 20 (old) workstations, and the hardware is still working.

Andrew mentioned that "Windows XP can be dumbed down and locked, so it just becomes a Windows XP dumb terminal running RDP."

Summary of this new question:
1. With MS discontinuing support for XP, is it secure to recommend "dumbed-down XP" for the workstations?
2. Is it just a whole lot easier to have XP rather than Linux, in order to avoid issues about locally-connected hardware?

Question by:Dwight Baer
  • 2
  • 2
  • 2
  • +3
LVL 60

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 900 total points
ID: 39790865
You will get differing opinions on this issue. Mine, however, is that security exploits already attempt to break security barriers to get an OS to do what it shouldn't. Like give a non-admin account escalated (admin) privileges. So "locking down" XP won't help of the exploit is bypassing those lockdown measures. Using XP will be high security risk. Full stop. I'd not do it.
LVL 124

Accepted Solution

Andrew Hancock (VMware vExpert / EE MVE^2) earned 800 total points
ID: 39790888
1. With MS discontinuing support for XP, is it secure to recommend "dumbed-down XP" for the workstations?

Yes, because you are only using the OS, you will need to use a Client to access your VDI environment, which will use a username and password to access, so does it really matter, what happenes to end PC?

Also when an OS goes out of support, the exploits normally turn to current OS, e.g. Windows 7 and Windows 8.

Where is the security risk and too what? You would have to analyse Where is the Risk?

 Any OS, has a security issue, which needs regular patching,. even if you were to change the OS to Linux, you would have to regularly patch?

The Best VDI Client is Windows, Windows is the most compatible VDI client. If you require USB support with Windows 2012, you will need to use RemoteFX, and Windows 7 or Windows 8, so you will need to replace ALL your clients with something else, Linux is not supported as a client. Also, I'm not sure your hardware is scaled and suitable for a FULL 20 VM Deployment for VDI.

2. Is it just a whole lot easier to have XP rather than Linux, in order to avoid issues about locally-connected hardware?

It's better suited and compatible, yes you can do RDP via Linux, but that's it. No USB support, because that needs RemoteFX, and RDP (Windows 7 and Windows 8).

Windows XP/7/8 is the Best Thin Client (RDP, RemoteFX), and with the price of PCs, purchasing 20 in one lot, is probably cheaper than the hardware required for a 20 user concurrent VDI deployment, if you needed correctly availability and 2 servers.

Required Memory for Windows 7, 2-4GB per VM, 2vCPU.

So you are looking at a server with at least 40GB - 80GB, so your servers, are going to have at least 40GB minimum.

You have many things to consider, and look at the options, and decide.

Most of our clients, use their hardware, until it fails, and then replace with thin clients, but these cost as much as a laptop or deskop PC, but have a longer life, so the manufacturers tell us, until the next OS comes out, and they are not supported!

So with a thin client it's life is probably 3-6 years, before you have to replace to use newer features in e.g. Windows 2015?/Citrix 10/Horizon View 7
LVL 34

Assisted Solution

Michael-Best earned 100 total points
ID: 39790903
XP is a good and stable OS.
The stoppage of support from microsoft (somewhat) reduces XP security from online hackers..
If not conected online there is zero threat from hackers.
Hackers usually target newer OS PCs.
Continuing to use XP should not pose any problems.

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

LVL 27

Assisted Solution

by:Jason Watkins
Jason Watkins earned 100 total points
ID: 39790987
Running XP after the end of support, maybe even now, is a liability. Windows 7/8 isn't perfect, but it is hardened through continual updates and support. As a VDI terminal, XP is subject to the same exploits as it were a regular desktop O.S. It just will not be as noticeable in its "dumbed-down" condition. That could be even worse as a compromised machine may exist on the network and not be found through regular activity. It would be best to upgrade any existing XP computers to Windows 7 at the very least.
LVL 15

Assisted Solution

Perarduaadastra earned 100 total points
ID: 39791199
Put simply, if the XP computers have any exposure to the internet, then continuing to use it is a bad idea. The idea that hackers will turn away from it in pursuit of exploits for later versions is, in my view, unsustainable. Hackers are always looking for the easiest method of gaining access to computer systems and obsolete OSes simply facilitate that, as any weaknesses discovered after support for them has ended will not be fixed, ever.

However, I have a client who runs a small office on an Windows Server 2003 network that was installed in mid-2004 and has had no patches or updates since that time because he took a decision at the outset to have no internet access to or from his LAN. Email and internet is handled by a single modern PC that has all the latest updates, anti-virus, etc., so if anything bad happens he is concerned with only one computer and not his entire system. The drawback is that eventually new hardware such as printers won't have driver support for the OS he's using; that and inevitable hardware failure will force him into upgrading if nothing else does. Still, using the same computer system ten years on and counting is no mean feat in this day and age...

I grant you that for most companies this approach is unworkable, but it's the only safe one if you intend to continue using XP past its EOL date.

Assisted Solution

by:Dwight Baer
Dwight Baer earned 0 total points
ID: 39791204
I am indeed hearing a variety of opinions.

I think Andrew has a point:  What is the worst that can happen to a "dumbed-down" XP machine functioning as a workstation offering Remote Desktop Service?  The data is stored elsewhere.  If the machine stops functioning, it can be easily swapped out.

The only drawback to using XP seems to be USB support.

I'm guessing that I'll propose using the XP machines as workstations wherever USB support isn't an issue.

But where it IS an issue ... then do I have to buy a Windows 8 license for both the workstation and the instance of that user's desktop on the server?  

I've read the following but I don't really understand the licensing question:




I understand that both the above articles are quite old. But I'm not finding anything newer.

LVL 124

Assisted Solution

by:Andrew Hancock (VMware vExpert / EE MVE^2)
Andrew Hancock (VMware vExpert / EE MVE^2) earned 800 total points
ID: 39791249
Yes, you do, you need a license for the Workstation, and a License for the VDI (Workstation).

So in effect you would need 40 x Windows 8 Licenses.

and also ensure your Server, has support for SLAT (Extended Page Tables), and a supported graphics card (GPU) that supported RemoteFX (DirectX 11).

and enough memory to run all the VDI workstations concurrently.
LVL 60

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 900 total points
ID: 39791514
To my mind, the worst thing that can happen is the XP client can itself be used to capture credentials (including to your RDS machine), send spam, be used as anlainchpad fpr pther blended-threat attacks...

Yeah. I still think it is a terrible idea and would never do it.

Author Closing Comment

by:Dwight Baer
ID: 39802542
I haven't decided yet.  Thankfully I have a colleague (more senior than myself) who will also have an opinion.  
I am honored to have 5 experts weigh in with your carefully-thought-out suggestions ... including the top two gurus in the list that I see to the right of my screen.  Thanks very much, all.
The only reason I gave Andrew Hancock the "best solution" designation is because he has stuck with me since I posted a similar question yesterday, and because of the volume of his words.  :)  Truthfully, Cliff, the majority of the posts are in agreement with you.  But my guess is if the customer decides to try to get some more service from his old XP machines, he will not be alone amongst XP users who are willing to take a chance when MS support ceases in a few months.
Thanks again.

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What if you have to shut down the entire Citrix infrastructure for hardware maintenance, software upgrades or "the unknown"? I developed this plan for "the unknown" and hope that it helps you as well. This article explains how to properly shut down …
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…
Suggested Courses

876 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question