Solved

Network segmentation VDI

Posted on 2014-01-29
3
719 Views
Last Modified: 2014-03-23
Hi

I want to know best practices of segmenting user vlans in a virtual desktop platform.
Say I have a user department of 1000 users and they use same golden image...should I keep them in single vlan..subnet or multiple.

Second scenario is I have one golden image used by three departments..some of applications used by one department should not be accessible to other department although it's there in golden image..I don't want to maintain multiple images..for those few web apps..currently in physical desktops since these departments sit in different vlans ..we have firewall rule which prevents traffic from that particular vlan...what I want to know in VDI scenario,what's best way to do this segregation...
0
Comment
Question by:Sukku13
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 6

Expert Comment

by:Brainstormer
ID: 39818692
Using vLANs will add complexity in a PVS environment. PVS servers using option 66/67 will not be redundant during TFTP/PXE because you can only add 1 server in that field. Additionally you have to worry about DHCP IP helpers configured for each network segment. Instead use PXE broadcast, and have all VMs in same subnet as PVS servers. I don't see a reason why separate the users, since they are sharing a single image.

Sharing apps in single image can be prevented using MS AppLocker policies at a minimum, there are other 3rd party solutions like AppSense as well.
0
 

Author Comment

by:Sukku13
ID: 39819770
brainstomer...we are a financial institution and as per current security guidelines..even though if some users share same golden image..we would need to prevent some user groups from accessing certain web based applications used by other departments..currently in physical desktops its done by having firewall rules from a particular floor VLAN to the app servers of the application etc...Also we don't want to have a flat network so we don't want all vm's to have a single subnet and instead prefer to have vm pools having different..because in case of a security threat we don't impact all desktops at once and also to avoid broadcast storm
0
 
LVL 6

Accepted Solution

by:
Brainstormer earned 500 total points
ID: 39820675
In that case I would recommend a pair of PVS servers for redundancy on each vLAN, setup as sites under the same PVS farm. The same gold image can be shared among all PVS servers.
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Dropbox phishing tutorial 5 71
Spam Attack - Exchange 2010 14 43
DVR Camera Security System Port Forwading 7 74
yahoo 2 step email authentication 2 31
Smart phones, smart watches, Bluetooth-connected devices—the IoT is all around us. In this article, we take a look at the security implications of our highly connected world.
Many of you may be aware of the recent Google Docs scam emails that have been floating around coming from various people that you know. Here's a guide on identifying How To Identify the Scam Email You will see an email from someone you’ve had co…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question