Solved

Network segmentation VDI

Posted on 2014-01-29
3
705 Views
Last Modified: 2014-03-23
Hi

I want to know best practices of segmenting user vlans in a virtual desktop platform.
Say I have a user department of 1000 users and they use same golden image...should I keep them in single vlan..subnet or multiple.

Second scenario is I have one golden image used by three departments..some of applications used by one department should not be accessible to other department although it's there in golden image..I don't want to maintain multiple images..for those few web apps..currently in physical desktops since these departments sit in different vlans ..we have firewall rule which prevents traffic from that particular vlan...what I want to know in VDI scenario,what's best way to do this segregation...
0
Comment
Question by:Sukku13
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 6

Expert Comment

by:Brainstormer
ID: 39818692
Using vLANs will add complexity in a PVS environment. PVS servers using option 66/67 will not be redundant during TFTP/PXE because you can only add 1 server in that field. Additionally you have to worry about DHCP IP helpers configured for each network segment. Instead use PXE broadcast, and have all VMs in same subnet as PVS servers. I don't see a reason why separate the users, since they are sharing a single image.

Sharing apps in single image can be prevented using MS AppLocker policies at a minimum, there are other 3rd party solutions like AppSense as well.
0
 

Author Comment

by:Sukku13
ID: 39819770
brainstomer...we are a financial institution and as per current security guidelines..even though if some users share same golden image..we would need to prevent some user groups from accessing certain web based applications used by other departments..currently in physical desktops its done by having firewall rules from a particular floor VLAN to the app servers of the application etc...Also we don't want to have a flat network so we don't want all vm's to have a single subnet and instead prefer to have vm pools having different..because in case of a security threat we don't impact all desktops at once and also to avoid broadcast storm
0
 
LVL 6

Accepted Solution

by:
Brainstormer earned 500 total points
ID: 39820675
In that case I would recommend a pair of PVS servers for redundancy on each vLAN, setup as sites under the same PVS farm. The same gold image can be shared among all PVS servers.
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this increasingly digital world, security hacks are no longer just a threat, but a reality. As we've witnessed with Target's big identity hack 2013, Heartbleed in 2015, and now Cloudbleed, companies and their leaders need to prepare for the unthi…
Ransomware is a malware that is again in the list of security  concerns. Not only for companies, but also for Government security and  even at personal use. IT departments should be aware and have the right  knowledge to how to fight it.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question